Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible keylogger? Not sure what happened...


  • This topic is locked This topic is locked
6 replies to this topic

#1 asitaka7270

asitaka7270

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 10 February 2014 - 03:09 PM

HELP! I'm kinda freaking out. I got a text this morning from my email and had a link in it. So I woke up and checked my email and apparently someone logged into my email and sent 2 emails with all my contacts and sent another email (both with odd links) with frequently emailed non-added contacts, which unfortunately includded my business contact. I have a hotmail email address. I checked my activity and this morning someone logged in from across the country that was obviously not me. I'm scared as to what else could happened. I have sent and I have saved VERY personal info which can completely ruin my life/credit. My MWBAM scan found nothing and my Avast found nothing. TDSSKiller also found nothing. So do I have a keylogger? I'm confussed as to how someone signed into my email account. My password is not common and impossible to randomly guess. But I use this password with other things like my banking.

How can I get rid of whatever/whoever did this? And how do I know if my system is clean or not since my protection programs can't seem to find anything? Was this just a harmless spammer even though they signed into my personal email?

This is my personal laptop and I do not want to do a clean install and have to start over.

 

PLEASE HELP ME! Thanks

 

edit: I still had access to my email and changed my password.

edit2: Also Spybot S&D found nothing...


Edited by asitaka7270, 10 February 2014 - 03:19 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:36 AM

Posted 14 February 2014 - 01:18 PM

Greetings asitaka7270 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 asitaka7270

asitaka7270
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 14 February 2014 - 07:29 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by AJ (administrator) on HITORI on 14-02-2014 19:27:08
Running from C:\Users\AJ\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Wacom_TabletUser.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {00f8a83b-bb67-11e2-9d1d-cc52af888fd9} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {5c1c3f2c-4fa5-11e2-b40b-cc52af888fd9} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {e332c453-9fa2-11e0-ba16-cc52af888fd9} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {e332c4d1-9fa2-11e0-ba16-cc52af888fd9} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {ee56485d-95da-11e0-9286-cc52af888fd9} - F:\unlock.exe autoplay=true

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {5FBCAAD8-CC91-42D9-A157-65AA0B1F9225} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227976&CUI=UN52026376914615142&UM=2
SearchScopes: HKCU - {25D8ABA0-5F45-D212-4914-794A69246E1D} URL = http://stp.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=137448221&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110729&user_guid=77AAF229C3224AC7A596C197EF073C4A&machine_id=d29852eb0dba34ea0f86deafbadd2b34&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {5FBCAAD8-CC91-42D9-A157-65AA0B1F9225} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227976&CUI=UN52026376914615142&UM=2
SearchScopes: HKCU - {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-08] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 130.68.176.36

FireFox:
========
FF ProfilePath: C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_046&u=USERGUID&q=
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\searchplugins\conduit.xml
FF Extension: United States English Spellchecker - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\en-US@dictionaries.addons.mozilla.org [2012-05-28]
FF Extension: BlackFox V2-Blue - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\zigboom.designs@gmail.com [2012-09-15]
FF Extension: FT DeepDark - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012-10-05]
FF Extension: HP Detect - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-07-08]
FF Extension: DownloadHelper - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-25]
FF Extension: Gradient iCool - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2011-06-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-07-02]
FF Extension: MEGA - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\firefox@mega.co.nz.xpi [2013-11-10]
FF Extension: Missing e - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi [2012-10-10]
FF Extension: Tumblr Savior - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2013-07-23]
FF Extension: Stylish - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-10-10]
FF Extension: XKit - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{4de46b94-1b91-474a-9ae5-6074f86ef7e9}.xpi [2012-10-03]
FF Extension: Adblock Plus - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-02]
FF Extension: Greasemonkey - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\jfhlbnzy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-21]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2013-12-28] (AVAST Software)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3580712 2008-10-30] (Wacom Technology, Corp.)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1858048 2010-05-10] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [483328 2010-05-10] ()
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 archlp; C:\Windows\SysWow64\drivers\archlp.sys [147968 2009-08-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-12-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-28] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-28] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] ()
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 19:26 - 2014-02-14 19:27 - 00036446 _____ () C:\Users\AJ\Desktop\Addition.txt
2014-02-14 19:26 - 2014-02-14 19:27 - 00025636 _____ () C:\Users\AJ\Desktop\FRST.txt
2014-02-14 19:26 - 2014-02-14 19:27 - 00000000 ____D () C:\FRST
2014-02-14 19:25 - 2014-02-14 19:25 - 02152960 _____ (Farbar) C:\Users\AJ\Desktop\FRST64.exe
2014-02-13 19:26 - 2014-02-13 22:53 - 161491441 _____ () C:\Users\AJ\Desktop\XHIT_ High Intensity Step Exercise.mp4
2014-02-13 12:54 - 2014-02-13 12:55 - 00000000 ____D () C:\Users\AJ\Desktop\link firefly bottle
2014-02-13 11:20 - 2014-02-13 11:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-13 11:20 - 2014-02-13 11:21 - 00000000 ____D () C:\Program Files\iTunes
2014-02-12 22:20 - 2014-02-12 22:20 - 00000000 ____D () C:\ProgramData\Synaptics
2014-02-12 14:44 - 2014-02-12 14:44 - 00001209 _____ () C:\Windows\system32\US_Navy_030505-M-7120M-133_Two_parachuters_from_the_Misty_Blues,_an_all_women^rsquo,s_parachuting_team,_make_their_approach_to_land_during_the_air_show_on_Friendship_Day_aboard_Marine_Corps_Air_Station_(.lnk
2014-02-12 13:24 - 2014-02-13 11:21 - 00000000 ____D () C:\Users\AJ\Desktop\jelly descent
2014-02-11 21:16 - 2014-02-11 21:17 - 00000000 ____D () C:\Users\AJ\Desktop\WIP shirts
2014-02-11 00:41 - 2014-02-13 00:58 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Adobe
2014-02-10 17:40 - 2014-02-10 21:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-10 15:06 - 2014-02-10 16:26 - 00000000 ____D () C:\AdwCleaner
2014-02-09 16:53 - 2014-02-09 16:54 - 52214137 _____ () C:\Users\AJ\Desktop\Rhythm Drives You - Bboy Tim - JuBaFilms.mp4
2014-02-02 07:24 - 2014-02-11 20:34 - 00000000 ____D () C:\Users\AJ\Desktop\future trex
2014-02-02 06:50 - 2014-02-02 06:50 - 00365827 _____ () C:\Users\AJ\Desktop\copyright.psd
2014-02-01 13:40 - 2014-02-01 13:40 - 47486978 _____ () C:\Users\AJ\Desktop\POPPIN JOHN _ LUNAR VIP.mp4
2014-01-31 14:14 - 2014-01-31 14:23 - 124639413 _____ () C:\Users\AJ\Desktop\DRAGON HOUSE _ Krewella - Human _ RainO.mp4
2014-01-30 10:21 - 2014-01-30 10:23 - 38795156 _____ () C:\Users\AJ\Desktop\Home Workout #46 - Super Reps HiiT_.mp4
2014-01-29 23:37 - 2014-01-29 23:41 - 00000000 ____D () C:\Users\AJ\Desktop\123___01
2014-01-29 13:35 - 2014-01-29 13:42 - 45965292 _____ () C:\Users\AJ\Desktop\How to Do Bone Breaking _ Flexing _ Street Dance-1.mp4
2014-01-29 13:20 - 2014-01-29 13:35 - 04259488 _____ () C:\Users\AJ\Desktop\How to Do Bone Breaking _ Flexing _ Street Dance.mp4
2014-01-28 18:09 - 2014-01-29 13:51 - 00000000 ____D () C:\Users\AJ\Desktop\Adobe Illustrator CS6 Classroom In  A Book V413HAV
2014-01-27 14:54 - 2014-01-27 14:58 - 59740980 _____ () C:\Users\AJ\Desktop\Jason Derulo - Talk Dirty feat. 2 Chainz (Official HD Music Video).mp4
2014-01-24 15:11 - 2014-01-24 15:18 - 55494389 _____ () C:\Users\AJ\Desktop\COFFEE BREAK _ The Neighbourhood - Sweater Weather.mp4
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\chc
2014-01-23 19:42 - 2014-01-23 19:42 - 00000000 ____D () C:\ProgramData\ALM
2014-01-21 20:45 - 2014-01-21 20:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-21 20:45 - 2014-01-21 20:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-20 14:53 - 2014-01-20 14:53 - 46899313 _____ () C:\Users\AJ\Desktop\Kefton vs T-Boogz _ 1st Round Ghetto Style Fusion Concept.mp4
2014-01-19 13:57 - 2014-01-19 13:58 - 00266288 _____ () C:\Windows\Minidump\011914-37643-01.dmp
2014-01-18 15:40 - 2014-01-19 23:51 - 01685401 _____ () C:\Users\AJ\Desktop\THE LEGEND OF ZELDA.pj.zip
2014-01-18 14:38 - 2014-01-19 23:53 - 00032768 _____ () C:\Users\AJ\Desktop\THE LEGEND OF ZELDA.sra
2014-01-18 00:26 - 2014-01-18 00:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-01-18 00:26 - 2014-01-18 00:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-01-18 00:24 - 2014-01-18 00:24 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\MotioninJoy
2014-01-18 00:24 - 2014-01-18 00:24 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-01-18 00:24 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-01-18 00:24 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-01-18 00:24 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2014-01-18 00:19 - 2014-01-19 18:07 - 00000000 ____D () C:\Program Files (x86)\Project64 1.6
2014-01-18 00:19 - 2014-01-18 00:19 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2014-01-15 23:05 - 2014-01-15 23:05 - 160013822 _____ () C:\Users\AJ\Desktop\Yass Vs Ynot _ Top Rock Semifinal _ Juste Debout USA 2014 _ .mp4
2014-01-15 15:31 - 2014-01-15 15:32 - 109448052 _____ () C:\Users\AJ\Desktop\Walks Part 3 _ Strengthening _ Stretching For Your Wrists _ .mp4

==================== One Month Modified Files and Folders =======

2014-02-14 19:27 - 2014-02-14 19:26 - 00036446 _____ () C:\Users\AJ\Desktop\Addition.txt
2014-02-14 19:27 - 2014-02-14 19:26 - 00025636 _____ () C:\Users\AJ\Desktop\FRST.txt
2014-02-14 19:27 - 2014-02-14 19:26 - 00000000 ____D () C:\FRST
2014-02-14 19:25 - 2014-02-14 19:25 - 02152960 _____ (Farbar) C:\Users\AJ\Desktop\FRST64.exe
2014-02-14 18:00 - 2011-06-13 12:52 - 00000000 ____D () C:\Users\AJ\Desktop\vids
2014-02-14 17:29 - 2011-06-13 13:09 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\vlc
2014-02-14 15:00 - 2011-06-17 12:46 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
2014-02-14 15:00 - 2011-06-13 12:38 - 00000000 ____D () C:\Users\AJ\Desktop\must draw nao
2014-02-14 14:45 - 2012-05-19 20:57 - 00000000 ____D () C:\Users\AJ\Desktop\dance
2014-02-14 14:14 - 2011-06-01 12:13 - 01180699 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 14:13 - 2011-06-13 17:57 - 00000000 ____D () C:\Users\AJ\Desktop\tshirt
2014-02-14 14:12 - 2011-06-13 12:44 - 00000000 ____D () C:\Users\AJ\Desktop\stocks
2014-02-14 00:35 - 2012-05-20 10:10 - 00000000 ____D () C:\Users\AJ\Desktop\itouch
2014-02-13 22:53 - 2014-02-13 19:26 - 161491441 _____ () C:\Users\AJ\Desktop\XHIT_ High Intensity Step Exercise.mp4
2014-02-13 21:32 - 2011-06-12 11:33 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D073B50A-CEDF-4B3C-8292-5B6AA07B5C3C}
2014-02-13 20:16 - 2012-06-03 19:41 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-02-13 19:33 - 2013-11-27 14:42 - 00000000 ____D () C:\Users\AJ\Desktop\my completed shirts
2014-02-13 12:55 - 2014-02-13 12:54 - 00000000 ____D () C:\Users\AJ\Desktop\link firefly bottle
2014-02-13 12:48 - 2009-07-13 23:51 - 00082031 _____ () C:\Windows\setupact.log
2014-02-13 12:18 - 2011-06-13 12:36 - 00000000 ____D () C:\Users\AJ\Desktop\dA artists
2014-02-13 11:21 - 2014-02-13 11:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-13 11:21 - 2014-02-13 11:20 - 00000000 ____D () C:\Program Files\iTunes
2014-02-13 11:21 - 2014-02-12 13:24 - 00000000 ____D () C:\Users\AJ\Desktop\jelly descent
2014-02-13 11:20 - 2011-06-13 14:46 - 00000000 ____D () C:\Program Files\iPod
2014-02-13 11:20 - 2011-06-13 14:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-13 11:18 - 2011-06-13 14:00 - 00000000 ____D () C:\ProgramData\Apple
2014-02-13 01:06 - 2013-06-03 22:54 - 00000000 ____D () C:\Users\AJ\Desktop\HOW TO BBOY
2014-02-13 00:58 - 2014-02-11 00:41 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Adobe
2014-02-12 23:02 - 2013-04-29 22:05 - 00000000 ____D () C:\Users\AJ\Desktop\Insanity
2014-02-12 22:20 - 2014-02-12 22:20 - 00000000 ____D () C:\ProgramData\Synaptics
2014-02-12 21:42 - 2013-09-30 10:04 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAJ
2014-02-12 21:42 - 2013-09-30 10:04 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForAJ.job
2014-02-12 14:44 - 2014-02-12 14:44 - 00001209 _____ () C:\Windows\system32\US_Navy_030505-M-7120M-133_Two_parachuters_from_the_Misty_Blues,_an_all_women^rsquo,s_parachuting_team,_make_their_approach_to_land_during_the_air_show_on_Friendship_Day_aboard_Marine_Corps_Air_Station_(.lnk
2014-02-11 22:44 - 2013-12-10 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-11 22:44 - 2012-07-08 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-11 21:39 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 21:39 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 21:37 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 21:33 - 2013-10-07 14:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-11 21:31 - 2011-08-11 11:18 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\WTablet
2014-02-11 21:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 21:17 - 2014-02-11 21:16 - 00000000 ____D () C:\Users\AJ\Desktop\WIP shirts
2014-02-11 21:17 - 2011-12-26 11:12 - 00000000 ____D () C:\Users\AJ\Desktop\new camera
2014-02-11 20:34 - 2014-02-02 07:24 - 00000000 ____D () C:\Users\AJ\Desktop\future trex
2014-02-11 20:29 - 2012-08-20 11:04 - 00000132 _____ () C:\Users\AJ\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-10 21:51 - 2014-02-10 17:40 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-10 16:50 - 2011-06-13 12:36 - 00000000 ____D () C:\Users\AJ\Desktop\everything for me
2014-02-10 16:26 - 2014-02-10 15:06 - 00000000 ____D () C:\AdwCleaner
2014-02-10 16:23 - 2010-11-20 22:47 - 00659654 _____ () C:\Windows\PFRO.log
2014-02-10 16:21 - 2013-06-05 23:21 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\uTorrent
2014-02-10 16:21 - 2011-07-29 10:57 - 00000000 ____D () C:\Program Files (x86)\StartNow Toolbar
2014-02-10 15:47 - 2011-06-13 12:39 - 00000000 ___RD () C:\Users\AJ\Desktop\PrOgRaMz
2014-02-10 01:06 - 2011-06-13 12:36 - 00000000 ____D () C:\Users\AJ\Desktop\inspiration
2014-02-09 16:54 - 2014-02-09 16:53 - 52214137 _____ () C:\Users\AJ\Desktop\Rhythm Drives You - Bboy Tim - JuBaFilms.mp4
2014-02-09 11:44 - 2011-06-13 12:37 - 00000000 ____D () C:\Users\AJ\Desktop\full of art
2014-02-07 20:31 - 2011-06-13 12:47 - 00000000 ____D () C:\Users\AJ\Desktop\pics
2014-02-07 20:13 - 2009-07-13 23:45 - 05175992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-07 20:12 - 2013-11-27 01:25 - 00000000 ____D () C:\Users\AJ\AppData\Local\Adobe
2014-02-03 11:58 - 2013-04-21 20:02 - 00000000 ____D () C:\Users\AJ\Desktop\pacman
2014-02-02 06:50 - 2014-02-02 06:50 - 00365827 _____ () C:\Users\AJ\Desktop\copyright.psd
2014-02-01 13:40 - 2014-02-01 13:40 - 47486978 _____ () C:\Users\AJ\Desktop\POPPIN JOHN _ LUNAR VIP.mp4
2014-01-31 23:26 - 2011-06-13 13:06 - 00000000 ____D () C:\Users\AJ\AppData\Local\CrashDumps
2014-01-31 14:23 - 2014-01-31 14:14 - 124639413 _____ () C:\Users\AJ\Desktop\DRAGON HOUSE _ Krewella - Human _ RainO.mp4
2014-01-30 15:22 - 2011-06-12 11:32 - 00154400 _____ () C:\Users\AJ\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 10:23 - 2014-01-30 10:21 - 38795156 _____ () C:\Users\AJ\Desktop\Home Workout #46 - Super Reps HiiT_.mp4
2014-01-29 23:41 - 2014-01-29 23:37 - 00000000 ____D () C:\Users\AJ\Desktop\123___01
2014-01-29 13:51 - 2014-01-28 18:09 - 00000000 ____D () C:\Users\AJ\Desktop\Adobe Illustrator CS6 Classroom In  A Book V413HAV
2014-01-29 13:42 - 2014-01-29 13:35 - 45965292 _____ () C:\Users\AJ\Desktop\How to Do Bone Breaking _ Flexing _ Street Dance-1.mp4
2014-01-29 13:35 - 2014-01-29 13:20 - 04259488 _____ () C:\Users\AJ\Desktop\How to Do Bone Breaking _ Flexing _ Street Dance.mp4
2014-01-27 16:34 - 2011-04-08 15:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-27 16:22 - 2011-07-11 11:44 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-27 14:58 - 2014-01-27 14:54 - 59740980 _____ () C:\Users\AJ\Desktop\Jason Derulo - Talk Dirty feat. 2 Chainz (Official HD Music Video).mp4
2014-01-24 15:18 - 2014-01-24 15:11 - 55494389 _____ () C:\Users\AJ\Desktop\COFFEE BREAK _ The Neighbourhood - Sweater Weather.mp4
2014-01-23 22:56 - 2011-08-14 10:10 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Skype
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\chc
2014-01-23 19:43 - 2013-11-27 14:26 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-01-23 19:42 - 2014-01-23 19:42 - 00000000 ____D () C:\ProgramData\ALM
2014-01-23 19:42 - 2011-07-22 10:11 - 00000000 ____D () C:\Program Files\Adobe
2014-01-22 16:49 - 2012-01-12 21:24 - 00000000 ____D () C:\Users\AJ\Desktop\gifs
2014-01-21 20:45 - 2014-01-21 20:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-21 20:45 - 2014-01-21 20:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-20 14:53 - 2014-01-20 14:53 - 46899313 _____ () C:\Users\AJ\Desktop\Kefton vs T-Boogz _ 1st Round Ghetto Style Fusion Concept.mp4
2014-01-20 00:23 - 2013-04-21 20:10 - 00000000 ____D () C:\Users\AJ\Desktop\NONSTOP
2014-01-19 23:53 - 2014-01-18 14:38 - 00032768 _____ () C:\Users\AJ\Desktop\THE LEGEND OF ZELDA.sra
2014-01-19 23:51 - 2014-01-18 15:40 - 01685401 _____ () C:\Users\AJ\Desktop\THE LEGEND OF ZELDA.pj.zip
2014-01-19 18:07 - 2014-01-18 00:19 - 00000000 ____D () C:\Program Files (x86)\Project64 1.6
2014-01-19 13:58 - 2014-01-19 13:57 - 00266288 _____ () C:\Windows\Minidump\011914-37643-01.dmp
2014-01-19 13:57 - 2012-05-28 11:03 - 722781972 _____ () C:\Windows\MEMORY.DMP
2014-01-19 13:57 - 2011-08-10 21:07 - 00000000 ____D () C:\Windows\Minidump
2014-01-18 00:26 - 2014-01-18 00:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-01-18 00:26 - 2014-01-18 00:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-01-18 00:24 - 2014-01-18 00:24 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\MotioninJoy
2014-01-18 00:24 - 2014-01-18 00:24 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-01-18 00:19 - 2014-01-18 00:19 - 00000000 ____D () C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2014-01-16 22:54 - 2011-07-30 21:30 - 00000000 ____D () C:\Users\AJ\Documents\OFX Presets
2014-01-15 23:05 - 2014-01-15 23:05 - 160013822 _____ () C:\Users\AJ\Desktop\Yass Vs Ynot _ Top Rock Semifinal _ Juste Debout USA 2014 _ .mp4
2014-01-15 15:32 - 2014-01-15 15:31 - 109448052 _____ () C:\Users\AJ\Desktop\Walks Part 3 _ Strengthening _ Stretching For Your Wrists _ .mp4

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 19:23

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by AJ at 2014-02-14 19:27:25
Running from C:\Users\AJ\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.3.0.29677 - BitTorrent Inc.)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS6 (x32 Version: 16.0 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 1.1 - Adobe Systems Incorporated)
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (x32 Version: 11.6.7.637 - Adobe Systems, Inc.)
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Extreme (x32 Version:  - ArcSoft)
ArcSoft TotalMedia Extreme (x32 Version: 2.0.33.4 - ArcSoft)
Auslogics BoostSpeed 5.3 (x32 Version: 5.3 - )
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
AvaCam v3.6.3 (x32 Version:  - RGS-Avance software)
Avast License by ZeNiX [2012-06-29] (x32 Version:  - )
avast! Internet Security (x32 Version: 9.0.2011 - Avast Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.610.0 - Microsoft Corporation)
BitPim 1.0.7 (x32 Version: 1.0.7 - Joe Pham <djpham@bitpim.org>)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (x32 Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CamStudio OSS Desktop Recorder (x32 Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Canon MP160 (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0930.2208.37895 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cinema 4D version R12 (x32 Version: R12 - Salat Production)
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DebugMode PluginPac (remove only) (x32 Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979 - Evernote Corp.)
FanFictionDownloader version 0.6.2 (x32 Version: 0.6.2 - Raimond Eisele)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hide Ip Easy 5.1.7.2 (x32 Version:  - )
HP 3D DriveGuard (Version: 4.1.5.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (x32 Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.4 - WildTangent)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP MovieStore (x32 Version: 2.0 - Hewlett-Packard)
HP On Screen Display (x32 Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (x32 Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (x32 Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (x32 Version: 1.0.6329.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Display Audio Driver (x32 Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (Version:  - )
Intel® Wireless Display (x32 Version: 2.0.30.0 - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (Version: 6.0.240 - Oracle)
Java™ 6 Update 26 (x32 Version: 6.0.260 - Oracle)
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Bullet Editors 2.0 Vegas (x32 Version:  - )
Magic Bullet Looks Vegas (x32 Version:  - )
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (x32 Version: 11.1.2 - Red Giant Software)
Magic Desktop (x32 Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NewBlue 3D Explosions for Vegas (x32 Version:  - )
NewBlue 3D Transformations for Vegas (x32 Version:  - )
NewBlue Art Blends (x32 Version:  - )
NewBlue Art Blends for Windows (x32 Version: 2.4 - NewBlue)
NewBlue Art Effects (x32 Version:  - )
NewBlue Art Effects for Windows (x32 Version: 2.4 - NewBlue)
NewBlue Cartoonr for Vegas (x32 Version:  - )
NewBlue Film Effects for Vegas (x32 Version:  - )
NewBlue Motion Blends (x32 Version:  - )
NewBlue Motion Effects (x32 Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Project64 1.6 (x32 Version: 1.6 - Project64)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RoxioNow Player (x32 Version: 1.9.5.103 - RoxioNow)
Skype™ 6.0 (x32 Version: 6.0.126 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Sony Vegas Pro 8.0 (x32 Version: 8.0.179 - Sony)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.2.4.4 - Synaptics Incorporated)
Topaz Clean 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Clean 3 (64-bit) (x32 Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Total Video Converter 3.71 (x32 Version: 3.71 - Effect Matrix Inc.) Hidden
Total Video Converter 3.71 (x32 Version: 3.71 - My Company)
Total Video Converter 3.71 100812 (x32 Version:  - EffectMatrix Inc.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553065) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (Version: 4.3.118.0 - Validity Sensors, Inc.)
VASST Ultimate S3 3.1.7 (x32 Version: 3.1.7 - VASST Software)
Vegas Movie Studio Platinum 9.0 (x32 Version: 9.0.85 - Sony)
Vegas Pro 10.0 (x32 Version: 10.0.737 - Sony)
Vegas Pro 12.0 (64-bit) (Version: 12.0.770 - Sony)
Veoh Web Player (x32 Version: 1.1.2.0000 - Veoh Networks, Inc.)
Video Booth (x32 Version: 2.4.9.6 - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Wacom Tablet (x32 Version:  - Wacom Technology Corp.)
WavePad Sound Editor (x32 Version:  - NCH Software)
WD SmartWare (Version: 1.3.0.16 - Western Digital)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-bit) (x32 Version: 4.01.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

10-02-2014 00:29:43 Scheduled Checkpoint
12-02-2014 02:34:40 Windows Backup
13-02-2014 16:19:14 Installed iTunes

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-02-13 11:38 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1060BF94-7DBF-4A66-B46E-AEA27448C37F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {20BE5775-5BDA-4369-9401-41BC113A5D84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-02-23] (Hewlett-Packard Company)
Task: {4C191223-3966-4536-AFC6-93FB41E53BBB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {84D633C7-DA2C-4101-B537-91A9F73A9B30} - System32\Tasks\HPCeeScheduleForAJ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {86EEE401-12B1-46AD-B78F-8FE66ABDC5DC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-28] (AVAST Software)
Task: {88EDF9D8-3A09-458D-99DE-1AF850B506D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {8BD482D7-BE65-453D-941C-83E82C8F3BF5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B10290C5-0E23-44E3-944E-F07C2F198209} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {B98F4054-EBF3-4F32-8E8A-90282E64CCB8} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2014-01-09] ()
Task: {BD2BB6C0-C647-4EB2-A171-AC083BB38317} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {C6649DC2-C9A2-45E1-A22B-AB4DC0B73F5F} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files (x86)\NCH Swift Sound\WavePad\WavePad.exe [2011-06-17] (NCH Software)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAJ.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-07-29 21:39 - 2010-07-29 21:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-06-13 13:50 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-06-13 14:28 - 2010-07-29 17:19 - 00293888 _____ () C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll
2010-12-16 21:26 - 2010-12-16 21:26 - 00057128 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-01-05 14:53 - 2011-01-05 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-01 12:16 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-30 21:07 - 2011-09-30 21:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-02 09:49 - 2011-09-02 09:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-24 04:21 - 2010-06-24 04:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-02-11 18:40 - 2014-02-11 14:39 - 02172928 _____ () C:\Program Files\AVAST Software\Avast\defs\14021101\algo.dll
2014-02-14 14:03 - 2014-02-14 12:53 - 02180608 _____ () C:\Program Files\AVAST Software\Avast\defs\14021402\algo.dll
2013-11-21 01:09 - 2013-11-21 01:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-05-10 10:32 - 2010-05-10 10:32 - 01858048 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2010-06-24 04:19 - 2010-06-24 04:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2012-05-28 03:10 - 2012-05-28 03:10 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4b188f27b2bc873daf0cec8f642d0312\IsdiInterop.ni.dll
2011-06-01 12:16 - 2011-01-12 20:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-12-10 15:07 - 2014-01-28 01:54 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:888AFB86

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk => C:\Windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: SearchProtect => C:\Users\AJ\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: VeohPlugin => "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4197

Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4197

Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2014 01:33:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

Error: (02/14/2014 01:33:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3042

Error: (02/14/2014 01:33:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2014 01:33:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044

Error: (02/14/2014 01:33:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2044

Error: (02/14/2014 01:33:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999


System errors:
=============
Error: (02/13/2014 00:47:58 PM) (Source: Application Popup) (User: )
Description: Driver USB returned invalid ID for a child device (0).

Error: (02/13/2014 00:47:57 PM) (Source: Application Popup) (User: )
Description: Driver USB returned invalid ID for a child device (0).

Error: (02/13/2014 00:47:39 PM) (Source: Application Popup) (User: )
Description: Driver USB returned invalid ID for a child device (29470551e47ee587c0bf1e98db5f2b09644d0bb5).

Error: (02/13/2014 00:46:55 PM) (Source: Application Popup) (User: )
Description: Driver USB returned invalid ID for a child device (29470551e47ee587c0bf1e98db5f2b09644d0bb5).

Error: (02/13/2014 11:19:01 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2014 09:32:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (02/11/2014 09:30:04 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/11/2014 09:30:04 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/11/2014 09:30:04 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/11/2014 09:30:04 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4197

Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4197

Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2014 01:33:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

Error: (02/14/2014 01:33:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3042

Error: (02/14/2014 01:33:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2014 01:33:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044

Error: (02/14/2014 01:33:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2044

Error: (02/14/2014 01:33:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2014 01:33:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8139.86 MB
Available physical RAM: 5217.63 MB
Total Pagefile: 16277.91 MB
Available Pagefile: 12272.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:683.93 GB) (Free:267.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.41 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1A3F0DFB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:36 AM

Posted 14 February 2014 - 08:46 PM

Greetings,

Here are our first steps. Please consider and complete the following.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {00f8a83b-bb67-11e2-9d1d-cc52af888fd9} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {5c1c3f2c-4fa5-11e2-b40b-cc52af888fd9} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {e332c453-9fa2-11e0-ba16-cc52af888fd9} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {e332c4d1-9fa2-11e0-ba16-cc52af888fd9} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2310635444-518899683-2911633137-1000\...\MountPoints2: {ee56485d-95da-11e0-9286-cc52af888fd9} - F:\unlock.exe autoplay=true
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:888AFB86
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 asitaka7270

asitaka7270
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 15 February 2014 - 12:50 AM

Considering how i haven't used utorrent in awhile, the timing is way off. i do thank you for your help but i actually believe that my laptop is clean cause i have scanned my laptop with multiple ad/malware/virus cleaners and am clean. i think my email was hacked via my itouch cause i got a weird pop up while browsing. i have restored my itouch to factory conditions. i'm just worried about what this hacker will do with my very valuable information that was stored in my email, which was stupid of me to keep in thre in the first place. so there isn't much that you can do to help me since the worst of it already happened. thank you for responding but i think i can't do more except for apply for fraud alert. cause what happened is already out of my hands. thank you Oh My :)



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:36 AM

Posted 15 February 2014 - 08:26 AM

Very good. I will close this topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:36 AM

Posted 15 February 2014 - 08:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users