Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Infections, cannot remove. DiescouNtExtensi, BlouckUUTubeAd


  • This topic is locked This topic is locked
18 replies to this topic

#1 Spudguy

Spudguy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 24 February 2014 - 01:07 PM

           Hi, I've recently noticed some strange behaviour with my browser. I have some unwanted extensions with both Chrome and explorer. (same extensions, BlouckUUTubeAd, DiescouNtExtensi). I usually only use Chrome though. Some of my symptoms are spam tabs opening when I click as well as spam advertising popping up if I hold the cursor over key 'hyperlinked' words.  I.e.  'Download' etc. They got passed my normal Spybot and Malwarebytes fixings. I saw that Jeff was able to help someone this past week with the BlouckUUTubeAd malware, it was apparently quite new and tricky to get ride of. I was following along the post but there were user specific scripts involved so I couldn't emulate. Would love to get a hand :)  Hoping its not to difficult now that its been done. Thank you so much for your time guys. 

 

Here are the DDS logs as requested:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Spud at 9:33:37 on 2014-02-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16344.13050 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uSearch Bar = about:blank
uSearch Page = about:blank
uDefault_Page_URL = hxxp://asus.msn.com
uSearchAssistant = about:blank
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: BlouckUUTubeAd: {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\9b01e07f-d9b5-432e-9c2e-d23552ac2a26.exe /check
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPODDT~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{69F68B21-05E2-4DFF-B49F-6599639C83A9} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{69F68B21-05E2-4DFF-B49F-6599639C83A9}\259746765637D27457563747 : DHCPNameServer = 110.173.232.84 110.173.232.85
TCP: Interfaces\{69F68B21-05E2-4DFF-B49F-6599639C83A9}\34169627E637D2358616275686F657375602140533 : DHCPNameServer = 10.154.22.126
TCP: Interfaces\{69F68B21-05E2-4DFF-B49F-6599639C83A9}\471697C6F62786F6D656 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{69F68B21-05E2-4DFF-B49F-6599639C83A9}\A496D6F6A6F684F6473707F647022553 : DHCPNameServer = 203.12.160.35 203.12.160.36
TCP: Interfaces\{69F68B21-05E2-4DFF-B49F-6599639C83A9}\E45445745414254303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A44701EC-DBD8-4728-9015-5B08F14EE807} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\simple~1\sprote~1.dll c:\progra~3\browse~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: BlouckUUTubeAd: {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - 
x64-BHO: 50Cooupons: {74E03763-4AB9-3905-0712-C1E3D1AD312B} - 
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: DiescouNtExtensi: {A38ADDCD-B2AB-A81A-524B-7F39932AD6DD} - 
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
x64-Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-22 207904]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-9 16152]
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-2-4 304232]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2014-2-11 32352]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-22 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-21 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-21 422216]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2014-2-11 70344]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-21 283200]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120]
R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe [2012-5-22 113840]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-21 78648]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-17 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 FanChkService;Fan Filter Checker Service;C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [2012-1-20 45696]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-22 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-22 161560]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-14 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-14 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-2-20 411936]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-22 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-4-9 27760]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-22 17152]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-17 79672]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-9 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-9 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-9 108656]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-4-9 22800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-4-9 2193008]
S2 05837205;Browser faster;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 4ccdc918;Smooth Browsing;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2012-1-4 94808]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-24 00:30:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-24 00:30:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 22:51:34 -------- d-----w- C:\ProgramData\Auslogics
2014-02-23 22:51:30 -------- d-----w- C:\Program Files (x86)\Auslogics
2014-02-21 19:35:45 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBA470F5-2B9D-4FD2-9294-659D767A2F03}\mpengine.dll
2014-02-21 07:45:22 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-18 01:50:19 -------- d-----w- C:\Users\Spud\AppData\Local\The Witcher
2014-02-16 22:16:42 -------- d-----w- C:\Users\Spud\AppData\Local\The Witcher 2
2014-02-14 18:01:22 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-14 18:01:22 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 19:20:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 19:20:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 19:20:01 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 19:20:01 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 07:06:12 70344 ----a-w- C:\Windows\System32\drivers\CBDisk.sys
2014-02-12 07:06:09 32352 ----a-w- C:\Windows\System32\drivers\MDPMGRNT.SYS
2014-02-12 07:06:08 -------- d-----w- C:\ProgramData\Mediafour
2014-02-12 07:06:08 -------- d-----w- C:\Program Files\Mediafour
2014-02-12 07:06:08 -------- d-----w- C:\Program Files\Common Files\Mediafour
2014-02-12 07:06:08 -------- d-----w- C:\Program Files (x86)\Common Files\Mediafour
2014-02-12 06:44:32 -------- d-----w- C:\Program Files (x86)\Mediafour
2014-02-10 05:23:58 -------- d-----w- C:\Users\Spud\AppData\Local\Octodad Dadliest Catch
2014-02-10 05:22:25 -------- d-----w- C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-08 06:28:35 -------- d-----w- C:\Users\Spud\AppData\Local\EdgeOfReality
2014-02-07 21:15:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-07 21:15:55 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-30 21:28:15 -------- d-----w- C:\ProgramData\bcikojajjdeajggpimdoemdolepfnank
.
==================== Find3M  ====================
.
2014-02-24 17:24:15 380 ----a-w- C:\Users\Spud\AppData\Roaming\sp_data.sys
2014-02-08 17:42:36 6712608 ----a-w- C:\Windows\System32\nvcpl.dll
2014-02-08 17:42:36 3498272 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-02-08 17:42:33 923936 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-02-08 17:42:32 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-02-08 17:42:32 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-02-08 17:42:32 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-18 07:13:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 17:20:17 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-01-17 17:19:08 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-17 17:19:08 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-17 17:19:08 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-17 17:19:07 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2013-12-18 14:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-15 01:48:51 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-15 01:48:51 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH:  9:33:57.52 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 24 February 2014 - 01:16 PM

Apologies if I've double posted. The server timed out and gave me an error both times trying to post but I noticed this still came through.  



#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 AM

Posted 24 February 2014 - 01:32 PM

Hi,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:04 AM

Posted 24 February 2014 - 01:33 PM

Delete Post

Edited by seedy21, 24 February 2014 - 03:15 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 24 February 2014 - 07:36 PM

Thank you so much for your prompt reply. Means a lot. 

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Spud (administrator) on STORT on 24-02-2014 16:33:47
Running from C:\Users\Spud\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
() C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Mediafour Corporation) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [MacDrive 8 application] - C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe [345688 2010-02-04] (Mediafour Corporation)
HKLM\...\Run: [Getting started with MacDrive 8] - C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe [151040 2009-03-31] (Mediafour Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2012-05-22] (ASUS)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-17] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\9b01e07f-d9b5-432e-9c2e-d23552ac2a26.exe /check [181136 2014-02-24] (AVAST Software)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\MountPoints2: {eed0867a-bc0f-11e1-8872-10bf48220158} - E:\Launcher.exe
AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser faster\Browserfaster_x64.dll [4191744 2013-12-31] ()
AppInit_DLLs:  C:\PROGRA~3\SMOOTH~1\SMOOTH~2.DLL => C:\ProgramData\Smooth Browsing\SmoothBrowsing_x64.dll [4710912 2014-01-05] ()
AppInit_DLLs-x32: c:\progra~2\simple~1\sprote~1.dll => C:\Program Files (x86)\SimpleSpeedy\sprotector.dll [1032704 2013-01-24] ()
AppInit_DLLs-x32:  c:\progra~3\browse~1\browse~1.dll => "c:\progra~3\browse~1\browse~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: BlouckUUTubeAd - {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - C:\ProgramData\BlouckUUTubeAd\X7F3Qwh7.x64.dll No File
BHO: 50Cooupons - {74E03763-4AB9-3905-0712-C1E3D1AD312B} - C:\ProgramData\50Cooupons\duq7.x64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: DiescouNtExtensi - {A38ADDCD-B2AB-A81A-524B-7F39932AD6DD} - C:\ProgramData\DiescouNtExtensi\M.x64.dll No File
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BlouckUUTubeAd - {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - C:\ProgramData\BlouckUUTubeAd\X7F3Qwh7.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows LiveÃÂ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (BlouckUUTubeAd) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcikojajjdeajggpimdoemdolepfnank [2014-01-30]
CHR Extension: (AdBlock) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DiescouNtExtensi) - C:\ProgramData\ebmnokldjpbhckdaledmohflhoioekfc [2013-12-31]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Spud\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Spud\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-17] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation)
R2 MacDrive8Service; C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [218112 2010-01-07] (Mediafour Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-09-12] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-22] (VIA Technologies, Inc.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)
S2 05837205; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserfasterSvc.dll",service
S2 4ccdc918; "C:\Windows\system32\rundll32.exe" "c:\progra~3\smooth~1\SmoothBrowsingSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2010-01-13] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-21] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [304232 2010-02-04] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32352 2009-09-23] (Mediafour Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-24 16:33 - 2014-02-24 16:33 - 00024062 _____ () C:\Users\Spud\Downloads\FRST.txt
2014-02-24 16:32 - 2014-02-24 16:33 - 00000000 ____D () C:\FRST
2014-02-24 16:32 - 2014-02-24 16:32 - 02156032 _____ (Farbar) C:\Users\Spud\Downloads\FRST64.exe
2014-02-24 09:34 - 2014-02-24 09:34 - 00012075 _____ () C:\Users\Spud\Desktop\attach.txt
2014-02-24 09:34 - 2014-02-24 09:33 - 00030362 _____ () C:\Users\Spud\Desktop\dds.txt
2014-02-24 09:31 - 2014-02-24 09:31 - 00688992 ____R (Swearware) C:\Users\Spud\Downloads\dds.com
2014-02-23 23:41 - 2014-02-24 16:25 - 00000280 _____ () C:\Windows\setupact.log
2014-02-23 23:41 - 2014-02-23 23:41 - 00002570 _____ () C:\Windows\PFRO.log
2014-02-23 23:41 - 2014-02-23 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 21:42 - 2014-02-23 21:44 - 19489159 _____ () C:\Users\Spud\Downloads\Sbrodj_v1.5.7z
2014-02-23 21:41 - 2014-02-23 21:41 - 01005693 _____ () C:\Users\Spud\Downloads\i44_warfare_v073.03.7z
2014-02-23 21:39 - 2014-02-23 23:39 - 2631956566 _____ () C:\Users\Spud\Downloads\I44_v2666.7z
2014-02-23 21:39 - 2014-02-23 21:46 - 85848090 _____ () C:\Users\Spud\Downloads\I44-ARMA2CO-v2-666-hf2.7z
2014-02-23 16:30 - 2014-02-23 16:30 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 16:30 - 2014-02-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 16:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-23 16:29 - 2014-02-23 16:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Spud\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-23 15:02 - 2014-02-23 15:02 - 00001238 _____ () C:\Users\Spud\Desktop\Auslogics Registry Cleaner.lnk
2014-02-23 15:01 - 2014-02-23 15:01 - 06310472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\registry-cleaner-setup.exe
2014-02-23 14:51 - 2014-02-23 15:02 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-23 14:51 - 2014-02-23 15:02 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-02-23 14:51 - 2014-02-23 14:51 - 00001171 _____ () C:\Users\Spud\Desktop\Auslogics DiskDefrag.lnk
2014-02-23 14:50 - 2014-02-23 14:51 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\disk-defrag-setup.exe
2014-02-22 13:26 - 2014-02-22 13:26 - 00010908 _____ () C:\Users\Spud\Downloads\Class Schedule (1).xlsx
2014-02-21 23:12 - 2014-02-21 23:13 - 00000038 _____ () C:\Users\Spud\Desktop\LOTR codes.txt
2014-02-20 23:45 - 2014-02-20 23:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 23:45 - 2014-02-08 08:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-20 23:41 - 2014-02-08 10:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-20 23:41 - 2014-02-08 10:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-17 17:50 - 2014-02-22 17:22 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher
2014-02-17 17:50 - 2014-02-17 20:19 - 00000000 ____D () C:\Users\Spud\Documents\The Witcher
2014-02-17 17:49 - 2014-02-17 17:49 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-02-17 11:29 - 2014-02-17 11:30 - 00018320 _____ () C:\Users\Spud\Documents\cc_20140217_112942.reg
2014-02-17 11:20 - 2014-02-17 11:23 - 04721920 _____ (Piriform Ltd) C:\Users\Spud\Downloads\ccsetup410.exe
2014-02-17 11:15 - 2014-02-17 11:15 - 00050558 _____ () C:\Users\Spud\Downloads\The+Walking+Dead+S04E10+HDTV+x264-EXCELLENCE%5Bettv%5D.torrent
2014-02-16 14:16 - 2014-02-16 14:21 - 00000000 ____D () C:\Users\Spud\Documents\Witcher 2
2014-02-16 14:16 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher 2
2014-02-14 10:01 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 10:01 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 10:00 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 10:00 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 10:00 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 10:00 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 10:00 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 10:00 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 10:00 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 10:00 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 10:00 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 10:00 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 10:00 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 10:00 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 10:00 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 10:00 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 10:00 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 10:00 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 10:00 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 10:00 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 10:00 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 10:00 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 10:00 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 10:00 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 10:00 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 10:00 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 10:00 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 10:00 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 10:00 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 10:00 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 10:00 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 10:00 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 10:00 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 10:00 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 10:00 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 10:00 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 10:00 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 10:00 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 10:00 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 10:00 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 10:00 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 11:20 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 11:20 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 11:20 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 11:20 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 11:20 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 11:20 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 11:19 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 11:19 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 11:19 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 11:19 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 11:19 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 11:19 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 11:19 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 11:19 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 11:19 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\ProgramData\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Common Files\Mediafour
2014-02-11 23:06 - 2010-01-13 11:15 - 00070344 _____ (EldoS Corporation) C:\Windows\system32\Drivers\CBDisk.sys
2014-02-11 23:06 - 2009-09-23 13:23 - 00032352 _____ (Mediafour Corporation) C:\Windows\system32\Drivers\MDPMGRNT.SYS
2014-02-11 22:44 - 2014-02-11 23:04 - 00000000 ____D () C:\Program Files (x86)\Mediafour
2014-02-11 22:44 - 2014-02-11 22:44 - 06019856 _____ (Mediafour Corporation, support@mediafour.com) C:\Users\Spud\Downloads\macdrive_8.0.7.38_en_setup (1).exe
2014-02-11 22:43 - 2014-02-11 22:43 - 00930440 _____ (CNET Download.com) C:\Users\Spud\Downloads\cbsidlm-cbsi176-MacDrive_Standard-ORG-10313024.exe
2014-02-11 15:13 - 2014-02-11 15:14 - 00000076 _____ () C:\Users\Spud\Desktop\New Text Document (3).txt
2014-02-09 21:23 - 2014-02-09 21:23 - 00001217 _____ () C:\Users\Spud\Desktop\Octodad Dadliest Catch.lnk
2014-02-09 21:23 - 2014-02-09 21:23 - 00000000 ____D () C:\Users\Spud\AppData\Local\Octodad Dadliest Catch
2014-02-09 21:22 - 2014-02-09 21:23 - 00000000 ____D () C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-07 22:28 - 2014-02-07 22:28 - 00000000 ____D () C:\Users\Spud\AppData\Local\EdgeOfReality
2014-02-07 13:15 - 2014-02-07 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 13:15 - 2014-02-07 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 13:15 - 2014-02-07 13:15 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-30 13:28 - 2014-01-30 13:28 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-01-30 13:28 - 2014-01-30 13:28 - 00000000 ____D () C:\ProgramData\bcikojajjdeajggpimdoemdolepfnank
 
==================== One Month Modified Files and Folders =======
 
2014-02-24 16:33 - 2014-02-24 16:33 - 00024062 _____ () C:\Users\Spud\Downloads\FRST.txt
2014-02-24 16:33 - 2014-02-24 16:32 - 00000000 ____D () C:\FRST
2014-02-24 16:32 - 2014-02-24 16:32 - 02156032 _____ (Farbar) C:\Users\Spud\Downloads\FRST64.exe
2014-02-24 16:29 - 2013-04-14 17:52 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\TS3Client
2014-02-24 16:29 - 2012-06-21 19:36 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Skype
2014-02-24 16:28 - 2009-07-13 21:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 16:26 - 2012-05-21 23:57 - 01223928 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 16:25 - 2014-02-23 23:41 - 00000280 _____ () C:\Windows\setupact.log
2014-02-24 16:25 - 2012-06-21 18:17 - 00000380 _____ () C:\Users\Spud\AppData\Roaming\sp_data.sys
2014-02-24 09:42 - 2012-02-17 23:37 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 09:34 - 2014-02-24 09:34 - 00012075 _____ () C:\Users\Spud\Desktop\attach.txt
2014-02-24 09:33 - 2014-02-24 09:34 - 00030362 _____ () C:\Users\Spud\Desktop\dds.txt
2014-02-24 09:31 - 2014-02-24 09:31 - 00688992 ____R (Swearware) C:\Users\Spud\Downloads\dds.com
2014-02-24 02:00 - 2012-10-09 17:05 - 00000000 ____D () C:\Users\Spud\AppData\Local\Adobe
2014-02-24 00:05 - 2012-07-02 19:57 - 00000000 ____D () C:\Users\Spud\AppData\Local\ArmA 2 OA
2014-02-23 23:49 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 23:49 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 23:43 - 2012-07-02 16:24 - 01657856 ___SH () C:\Users\Spud\Desktop\Thumbs.db
2014-02-23 23:42 - 2012-06-21 18:17 - 00000000 ____D () C:\Users\Spud\Documents\Bluetooth Folder
2014-02-23 23:41 - 2014-02-23 23:41 - 00002570 _____ () C:\Windows\PFRO.log
2014-02-23 23:41 - 2014-02-23 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 23:41 - 2014-01-05 13:15 - 00000000 ____D () C:\ProgramData\Smooth Browsing
2014-02-23 23:41 - 2013-12-31 18:56 - 00000000 ____D () C:\ProgramData\Browser faster
2014-02-23 23:41 - 2013-04-02 15:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-23 23:41 - 2012-05-22 00:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-02-23 23:41 - 2012-02-17 23:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 23:41 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 23:40 - 2012-06-21 18:40 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\uTorrent
2014-02-23 23:39 - 2014-02-23 21:39 - 2631956566 _____ () C:\Users\Spud\Downloads\I44_v2666.7z
2014-02-23 23:31 - 2012-06-22 13:02 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\vlc
2014-02-23 21:46 - 2014-02-23 21:39 - 85848090 _____ () C:\Users\Spud\Downloads\I44-ARMA2CO-v2-666-hf2.7z
2014-02-23 21:44 - 2014-02-23 21:42 - 19489159 _____ () C:\Users\Spud\Downloads\Sbrodj_v1.5.7z
2014-02-23 21:41 - 2014-02-23 21:41 - 01005693 _____ () C:\Users\Spud\Downloads\i44_warfare_v073.03.7z
2014-02-23 19:43 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\DiescouNtExtensi
2014-02-23 19:43 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\50Cooupons
2014-02-23 19:09 - 2012-05-22 00:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-02-23 16:30 - 2014-02-23 16:30 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 16:30 - 2014-02-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 16:29 - 2014-02-23 16:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Spud\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-23 16:28 - 2012-10-21 14:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-23 16:28 - 2012-07-02 18:54 - 00000000 ____D () C:\Users\Spud\AppData\Local\CrashDumps
2014-02-23 15:04 - 2012-06-21 19:09 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-23 15:02 - 2014-02-23 15:02 - 00001238 _____ () C:\Users\Spud\Desktop\Auslogics Registry Cleaner.lnk
2014-02-23 15:02 - 2014-02-23 14:51 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-23 15:02 - 2014-02-23 14:51 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-02-23 15:01 - 2014-02-23 15:01 - 06310472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\registry-cleaner-setup.exe
2014-02-23 14:51 - 2014-02-23 14:51 - 00001171 _____ () C:\Users\Spud\Desktop\Auslogics DiskDefrag.lnk
2014-02-23 14:51 - 2014-02-23 14:50 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\disk-defrag-setup.exe
2014-02-22 17:22 - 2014-02-17 17:50 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher
2014-02-22 13:26 - 2014-02-22 13:26 - 00010908 _____ () C:\Users\Spud\Downloads\Class Schedule (1).xlsx
2014-02-22 11:32 - 2012-07-08 16:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-21 23:13 - 2014-02-21 23:12 - 00000038 _____ () C:\Users\Spud\Desktop\LOTR codes.txt
2014-02-21 22:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-21 11:28 - 2012-06-21 19:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-21 11:28 - 2012-06-21 19:35 - 00000000 ____D () C:\ProgramData\Skype
2014-02-20 23:45 - 2014-02-20 23:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 23:45 - 2012-05-21 23:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-17 20:19 - 2014-02-17 17:50 - 00000000 ____D () C:\Users\Spud\Documents\The Witcher
2014-02-17 17:49 - 2014-02-17 17:49 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-02-17 11:30 - 2014-02-17 11:29 - 00018320 _____ () C:\Users\Spud\Documents\cc_20140217_112942.reg
2014-02-17 11:27 - 2013-03-22 20:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-17 11:23 - 2014-02-17 11:20 - 04721920 _____ (Piriform Ltd) C:\Users\Spud\Downloads\ccsetup410.exe
2014-02-17 11:15 - 2014-02-17 11:15 - 00050558 _____ () C:\Users\Spud\Downloads\The+Walking+Dead+S04E10+HDTV+x264-EXCELLENCE%5Bettv%5D.torrent
2014-02-16 14:21 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\Documents\Witcher 2
2014-02-16 14:16 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher 2
2014-02-16 03:01 - 2013-12-14 19:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2012-10-10 01:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 19:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 10:08 - 2012-10-03 14:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-14 10:08 - 2012-02-17 23:36 - 00764746 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 16:00 - 2012-07-02 18:37 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\ProgramData\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Common Files\Mediafour
2014-02-11 23:04 - 2014-02-11 22:44 - 00000000 ____D () C:\Program Files (x86)\Mediafour
2014-02-11 22:44 - 2014-02-11 22:44 - 06019856 _____ (Mediafour Corporation, support@mediafour.com) C:\Users\Spud\Downloads\macdrive_8.0.7.38_en_setup (1).exe
2014-02-11 22:43 - 2014-02-11 22:43 - 00930440 _____ (CNET Download.com) C:\Users\Spud\Downloads\cbsidlm-cbsi176-MacDrive_Standard-ORG-10313024.exe
2014-02-11 15:14 - 2014-02-11 15:13 - 00000076 _____ () C:\Users\Spud\Desktop\New Text Document (3).txt
2014-02-09 21:23 - 2014-02-09 21:23 - 00001217 _____ () C:\Users\Spud\Desktop\Octodad Dadliest Catch.lnk
2014-02-09 21:23 - 2014-02-09 21:23 - 00000000 ____D () C:\Users\Spud\AppData\Local\Octodad Dadliest Catch
2014-02-09 21:23 - 2014-02-09 21:22 - 00000000 ____D () C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-08 10:34 - 2014-02-20 23:41 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-08 10:34 - 2014-02-20 23:41 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-08 10:34 - 2012-05-21 23:58 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-08 10:34 - 2012-05-21 23:58 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-08 09:42 - 2013-04-02 15:16 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-08 08:18 - 2014-02-20 23:45 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-07 22:28 - 2014-02-07 22:28 - 00000000 ____D () C:\Users\Spud\AppData\Local\EdgeOfReality
2014-02-07 13:15 - 2014-02-07 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 13:15 - 2014-02-07 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 13:15 - 2014-02-07 13:15 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-06 18:02 - 2014-01-19 15:24 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\.minecraft
2014-02-06 04:16 - 2014-02-14 10:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-14 10:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-14 10:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-14 10:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-14 10:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-14 10:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-14 10:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-14 10:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-14 10:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-14 10:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-14 10:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-14 10:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-14 10:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-14 10:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-14 10:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-14 10:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-14 10:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-14 10:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-14 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-14 10:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-14 10:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-14 10:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-14 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-14 10:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-14 10:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-14 10:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-14 10:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-14 10:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-14 10:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-14 10:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-14 10:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-14 10:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-14 10:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-14 10:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-14 10:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-14 10:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-14 10:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-14 10:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-14 10:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-30 13:28 - 2014-01-30 13:28 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-01-30 13:28 - 2014-01-30 13:28 - 00000000 ____D () C:\ProgramData\bcikojajjdeajggpimdoemdolepfnank
2014-01-30 13:28 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\2f04e5718820b1cc
2014-01-30 13:28 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-30 13:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 14:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2014 01
Ran by Spud at 2014-02-24 16:34:13
Running from C:\Users\Spud\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKCU\...\SOE-C:/Users/Spud/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version:  - )
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_G75 Series_ENG (HKLM-x32\...\AsusScr_G75 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.5.0.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2011 - Avast Software)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser faster (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}) (Version:  - GTgroup) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
DayZ Commander (HKLM-x32\...\{844DE051-EFE8-4021-9A95-65028BFD97FF}) (Version: 0.9.91 - Dotjosh Studios)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DJ Java Decompiler v.3.7.7.81 (HKLM-x32\...\{8AD2EA30-5049-11D4-A08E-0080AD97BBF5}) (Version: 1.7 - Copyright © Atanas Neshkov 2004)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
FarCry 3 version 5.1 (HKLM-x32\...\{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameFast (HKLM\...\GameFast_is1) (Version: 1.0.1.1 - ASUSTEK Computer Inc)
gamelauncher-ps2-live (HKCU\...\SOE-) (Version:  - Sony Online Entertainment)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
HP Photo and Imaging 2.0 - All-in-One (x32 Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Photo and Imaging 2.0 - All-in-One Drivers (x32 Version: 1.10.0000 - Hewlett-Packard Company) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kingdoms of Amalur Reckoning (HKLM-x32\...\Kingdoms of Amalur Reckoning_is1) (Version:  - )
LEGO Star Wars III The Clone Wars (HKLM-x32\...\LEGO Star Wars III The Clone Wars) (Version: 1.0 - LucasArts)
LEGO® Indiana Jones™ 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
MacDrive 8 (HKLM\...\{8F6D780C-53B8-4385-98BC-62F78F9E4C38}) (Version: 8.0.5.31 - Mediafour Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.6.24140 - Grinding Gear Games)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Rotation Desktop for G Series (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.1.3.2 - ASUSTEK Computer Inc)
Roxio AACS Certificate (x32 Version: 1.0.0 - Roxio) Hidden
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58233.4 - Roxio)
Roxio CinePlayer (x32 Version: 5.8 - Roxio) Hidden
Search Assistant SimpleSpeedy 1.74 (HKLM-x32\...\SP_ccfde35c) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smooth Browsing (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{4ccdc918}) (Version:  - Appdev Ltd) <==== ATTENTION
Snap.Do (HKLM-x32\...\{C5E94F24-3D8F-49B5-A39C-E1CD03362A43}) (Version: 1.6.1.915 - ReSoft Ltd.) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StudioTax 2012 (HKLM-x32\...\{73C5CC89-3567-4B27-A7A0-28267FA7E037}) (Version: 8.0.4.2 - BHOK IT Consulting)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
uTorrentControl2 Toolbar (HKLM-x32\...\uTorrentControl2 Toolbar) (Version: 6.8.11.4 - uTorrentControl2) <==== ATTENTION
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX DVD Ripper 5.5.10 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2014-02-17 11:17 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0B039F32-58D8-4E95-A432-39CA3C1FC9DD} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {11D9458C-FB82-462F-93D6-3DA2242A616B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {2ACE0BC7-6A80-44E2-A936-F08D3C28DEC6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-17] (AVAST Software)
Task: {3D6781D7-614C-47D5-81F8-C445406D3EDC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {54F72862-E9A2-4F2F-A363-A9097B462BF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {68644F38-1499-41C1-98A3-99230B3FF494} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {68E60AE9-616C-43DF-9F86-973D88A4DBCD} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {7106E43D-BC86-4D46-97CE-4D82B4092F9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {9B023DFF-E54D-45AC-8BF4-349E7B41B601} - System32\Tasks\AdobeAAMUpdater-1.0-STORT-Spud => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-19] (Adobe Systems Incorporated)
Task: {9CFE8E40-031B-48E1-9558-5B2FB335A7B9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {AE204DF6-7337-4DCA-949B-C890F6883996} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-02 15:16 - 2014-02-08 09:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-14 15:11 - 2010-07-14 15:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-05-22 00:12 - 2011-03-27 12:23 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
2012-05-22 00:02 - 2012-02-21 11:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-09-12 16:41 - 2012-09-12 17:28 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-31 18:56 - 2013-12-31 18:56 - 04191744 _____ () C:\ProgramData\Browser faster\Browserfaster_x64.dll
2014-01-05 13:15 - 2014-01-05 13:15 - 04710912 _____ () C:\ProgramData\Smooth Browsing\SmoothBrowsing_x64.dll
2012-05-22 00:02 - 2012-03-30 04:01 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-05-22 00:02 - 2012-03-30 04:01 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-04-04 00:38 - 2014-01-17 09:12 - 00302056 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-04-04 00:38 - 2014-01-17 09:12 - 00320488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2013-04-04 00:38 - 2014-01-17 09:12 - 00565224 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-01-17 09:12 - 2014-01-17 09:12 - 00700904 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-23 13:29 - 2014-02-23 07:28 - 02181632 _____ () C:\Program Files\AVAST Software\Avast\defs\14022301\algo.dll
2014-02-24 16:26 - 2014-02-24 10:47 - 02181632 _____ () C:\Program Files\AVAST Software\Avast\defs\14022401\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-01-31 08:25 - 2012-01-31 08:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-06 18:32 - 2012-02-06 18:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 08:57 - 2010-08-20 08:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 08:57 - 2010-08-20 08:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-12-14 17:48 - 2013-12-14 17:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-22 00:02 - 2012-02-21 11:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-01-08 16:49 - 2013-12-12 14:19 - 00142848 _____ () D:\Steam\libavresample-1.dll
2014-01-08 16:49 - 2013-11-04 17:12 - 00890592 _____ () D:\Steam\libavutil-52.dll
2013-03-12 16:10 - 2014-02-10 18:34 - 00751616 _____ () D:\Steam\SDL2.dll
2012-11-22 17:55 - 2014-02-19 15:07 - 01135296 _____ () D:\Steam\bin\chromehtml.DLL
2012-11-22 17:55 - 2014-01-10 15:33 - 20625832 _____ () D:\Steam\bin\libcef.dll
2012-11-22 17:55 - 2013-06-14 15:49 - 01100800 _____ () D:\Steam\bin\avcodec-53.dll
2012-11-22 17:55 - 2013-06-14 15:49 - 00124416 _____ () D:\Steam\bin\avutil-51.dll
2012-11-22 17:55 - 2013-06-14 15:49 - 00192000 _____ () D:\Steam\bin\avformat-53.dll
2013-01-24 03:20 - 2013-01-24 03:20 - 01032704 _____ () C:\Program Files (x86)\SimpleSpeedy\sprotector.dll
2013-12-14 22:43 - 2013-12-03 18:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-14 22:43 - 2013-12-03 18:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-14 22:43 - 2013-12-03 18:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-14 22:43 - 2013-12-03 18:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-14 22:43 - 2013-12-03 18:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-14 22:43 - 2013-12-03 18:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows\system32\MRT.exe:AFP_AfpInfo
AlternateDataStreams: C:\Windows\system32\MRT.exe:AFP_Resource
AlternateDataStreams: C:\Users\Spud\Local Settings:ya7ZFXhF7nMn0rfaXtow5sbx
AlternateDataStreams: C:\Users\Spud\AppData\Local:ya7ZFXhF7nMn0rfaXtow5sbx
AlternateDataStreams: C:\Users\Spud\AppData\Local\Application Data:ya7ZFXhF7nMn0rfaXtow5sbx
AlternateDataStreams: C:\Users\Spud\AppData\Local\Temporary Internet Files:UdVVLOKxTZgZmWQKkYthvUc
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2014 02:14:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5991
 
Error: (02/24/2014 02:14:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5991
 
Error: (02/24/2014 02:14:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2014 02:14:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (02/24/2014 02:14:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
Error: (02/24/2014 02:14:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2014 02:14:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3994
 
Error: (02/24/2014 02:14:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3994
 
Error: (02/24/2014 02:14:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2014 02:14:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995
 
 
System errors:
=============
Error: (02/24/2014 04:25:48 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/24/2014 09:24:33 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/23/2014 11:42:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Smooth Browsing service to connect.
 
Error: (02/23/2014 11:41:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser faster service to connect.
 
Error: (02/23/2014 07:08:24 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/23/2014 03:25:35 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (02/22/2014 10:45:58 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/22/2014 11:32:55 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/20/2014 02:53:57 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (02/20/2014 02:53:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (02/24/2014 02:14:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5991
 
Error: (02/24/2014 02:14:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5991
 
Error: (02/24/2014 02:14:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2014 02:14:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error: (02/24/2014 02:14:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992
 
Error: (02/24/2014 02:14:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2014 02:14:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3994
 
Error: (02/24/2014 02:14:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3994
 
Error: (02/24/2014 02:14:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2014 02:14:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-12-07 00:18:14.540
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-12-07 00:18:14.478
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 16343.92 MB
Available physical RAM: 12642.86 MB
Total Pagefile: 32686.02 MB
Available Pagefile: 28568.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.46 GB) (Free:47.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.45 GB) (Free:130.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 2902CC6D)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 AM

Posted 25 February 2014 - 03:07 AM

Alright, let's get started!


Step 1

Please uninstall some programs:

  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Browser faster
    Search Assistant SimpleSpeedy 1.74
    Smooth Browsing
    Snap.Do
    uTorrentControl2 Toolbar

  • Reboot your computer.

 

 

Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 25 February 2014 - 03:38 AM

Cheers sir,    

 

So, 

 

As for uninstalling the previous items. 

With the Smooth Browing and Browser Faster I got:

 

There was a problem starting
C:\PROGRA~3\BROWSE~1\BROWSE~1.DLL
The specified module could not be found
 
For Snap.Do I got:
 
The feature you are trying to use is on a network resource that is unavailable, click ok or choose an alternate path
 
And the others uninstalled.
 
Both Malware extensions still active. 
 
Here is the AdwCleaner log followed by the FRST log; 
 
# AdwCleaner v3.019 - Report created 25/02/2014 at 00:28:51
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Spud - STORT
# Running from : C:\Users\Spud\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 4ccdc918
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\50Cooupons
Folder Deleted : C:\ProgramData\ceontinuetosave
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SimpleSpeedy
Folder Deleted : C:\Users\Spud\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Spud\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Spud\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Spud\AppData\LocalLow\PriceGong
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{4ccdc918}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\browse~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4410 octets] - [25/02/2014 00:25:09]
AdwCleaner[S0].txt - [4109 octets] - [25/02/2014 00:28:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4169 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Spud (administrator) on STORT on 25-02-2014 00:37:08
Running from C:\Users\Spud\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Mediafour Corporation) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2012-05-22] (ASUS)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-17] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\MountPoints2: {eed0867a-bc0f-11e1-8872-10bf48220158} - E:\Launcher.exe
AppInit_DLLs: C:\PROGRA~3\SMOOTH~1\SMOOTH~2.DLL => C:\ProgramData\Smooth Browsing\SmoothBrowsing_x64.dll [4710912 2014-01-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: BlouckUUTubeAd - {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - C:\ProgramData\BlouckUUTubeAd\X7F3Qwh7.x64.dll No File
BHO: 50Cooupons - {74E03763-4AB9-3905-0712-C1E3D1AD312B} - C:\ProgramData\50Cooupons\duq7.x64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: DiescouNtExtensi - {A38ADDCD-B2AB-A81A-524B-7F39932AD6DD} - C:\ProgramData\DiescouNtExtensi\M.x64.dll No File
BHO-x32: BlouckUUTubeAd - {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - C:\ProgramData\BlouckUUTubeAd\X7F3Qwh7.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows LiveÃÂ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (BlouckUUTubeAd) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcikojajjdeajggpimdoemdolepfnank [2014-01-30]
CHR Extension: (AdBlock) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DiescouNtExtensi) - C:\ProgramData\ebmnokldjpbhckdaledmohflhoioekfc [2013-12-31]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Spud\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Spud\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-17] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation)
R2 MacDrive8Service; C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [218112 2010-01-07] (Mediafour Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-09-12] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-22] (VIA Technologies, Inc.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)
S2 05837205; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserfasterSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2010-01-13] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-21] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [304232 2010-02-04] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32352 2009-09-23] (Mediafour Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-25 00:37 - 2014-02-25 00:37 - 00021371 _____ () C:\Users\Spud\Downloads\FRST.txt
2014-02-25 00:30 - 2014-02-25 00:30 - 00000000 ___RD () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-25 00:24 - 2014-02-25 00:28 - 00000000 ____D () C:\AdwCleaner
2014-02-25 00:24 - 2014-02-25 00:24 - 01241834 _____ () C:\Users\Spud\Downloads\AdwCleaner.exe
2014-02-25 00:15 - 2014-02-25 00:19 - 00000262 _____ () C:\Users\Spud\Desktop\New Text Document (2).txt
2014-02-24 16:33 - 2014-02-24 16:34 - 00057688 _____ () C:\Users\Spud\Desktop\FRST.txt
2014-02-24 16:32 - 2014-02-25 00:37 - 00000000 ____D () C:\FRST
2014-02-24 16:32 - 2014-02-24 16:32 - 02156032 _____ (Farbar) C:\Users\Spud\Downloads\FRST64.exe
2014-02-24 09:34 - 2014-02-24 09:34 - 00012075 _____ () C:\Users\Spud\Desktop\attach.txt
2014-02-24 09:34 - 2014-02-24 09:33 - 00030362 _____ () C:\Users\Spud\Desktop\dds.txt
2014-02-24 09:31 - 2014-02-24 09:31 - 00688992 ____R (Swearware) C:\Users\Spud\Downloads\dds.com
2014-02-23 23:41 - 2014-02-25 00:31 - 00000952 _____ () C:\Windows\setupact.log
2014-02-23 23:41 - 2014-02-25 00:20 - 00002904 _____ () C:\Windows\PFRO.log
2014-02-23 23:41 - 2014-02-23 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 21:42 - 2014-02-23 21:44 - 19489159 _____ () C:\Users\Spud\Downloads\Sbrodj_v1.5.7z
2014-02-23 21:41 - 2014-02-23 21:41 - 01005693 _____ () C:\Users\Spud\Downloads\i44_warfare_v073.03.7z
2014-02-23 21:39 - 2014-02-23 23:39 - 2631956566 _____ () C:\Users\Spud\Downloads\I44_v2666.7z
2014-02-23 21:39 - 2014-02-23 21:46 - 85848090 _____ () C:\Users\Spud\Downloads\I44-ARMA2CO-v2-666-hf2.7z
2014-02-23 16:30 - 2014-02-23 16:30 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 16:30 - 2014-02-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 16:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-23 16:29 - 2014-02-23 16:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Spud\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-23 15:02 - 2014-02-23 15:02 - 00001238 _____ () C:\Users\Spud\Desktop\Auslogics Registry Cleaner.lnk
2014-02-23 15:01 - 2014-02-23 15:01 - 06310472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\registry-cleaner-setup.exe
2014-02-23 14:51 - 2014-02-23 15:02 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-23 14:51 - 2014-02-23 15:02 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-02-23 14:51 - 2014-02-23 14:51 - 00001171 _____ () C:\Users\Spud\Desktop\Auslogics DiskDefrag.lnk
2014-02-23 14:50 - 2014-02-23 14:51 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\disk-defrag-setup.exe
2014-02-22 13:26 - 2014-02-22 13:26 - 00010908 _____ () C:\Users\Spud\Downloads\Class Schedule (1).xlsx
2014-02-21 23:12 - 2014-02-21 23:13 - 00000038 _____ () C:\Users\Spud\Desktop\LOTR codes.txt
2014-02-20 23:45 - 2014-02-20 23:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 23:45 - 2014-02-08 08:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-20 23:41 - 2014-02-08 10:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-20 23:41 - 2014-02-08 10:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-17 17:50 - 2014-02-22 17:22 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher
2014-02-17 17:50 - 2014-02-17 20:19 - 00000000 ____D () C:\Users\Spud\Documents\The Witcher
2014-02-17 17:49 - 2014-02-17 17:49 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-02-17 11:29 - 2014-02-17 11:30 - 00018320 _____ () C:\Users\Spud\Documents\cc_20140217_112942.reg
2014-02-17 11:20 - 2014-02-17 11:23 - 04721920 _____ (Piriform Ltd) C:\Users\Spud\Downloads\ccsetup410.exe
2014-02-17 11:15 - 2014-02-17 11:15 - 00050558 _____ () C:\Users\Spud\Downloads\The+Walking+Dead+S04E10+HDTV+x264-EXCELLENCE%5Bettv%5D.torrent
2014-02-16 14:16 - 2014-02-16 14:21 - 00000000 ____D () C:\Users\Spud\Documents\Witcher 2
2014-02-16 14:16 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher 2
2014-02-14 10:01 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 10:01 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 10:00 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 10:00 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 10:00 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 10:00 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 10:00 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 10:00 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 10:00 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 10:00 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 10:00 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 10:00 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 10:00 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 10:00 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 10:00 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 10:00 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 10:00 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 10:00 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 10:00 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 10:00 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 10:00 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 10:00 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 10:00 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 10:00 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 10:00 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 10:00 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 10:00 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 10:00 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 10:00 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 10:00 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 10:00 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 10:00 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 10:00 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 10:00 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 10:00 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 10:00 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 10:00 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 10:00 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 10:00 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 10:00 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 10:00 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 11:20 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 11:20 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 11:20 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 11:20 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 11:20 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 11:20 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 11:19 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 11:19 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 11:19 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 11:19 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 11:19 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 11:19 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 11:19 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 11:19 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 11:19 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\ProgramData\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Common Files\Mediafour
2014-02-11 23:06 - 2010-01-13 11:15 - 00070344 _____ (EldoS Corporation) C:\Windows\system32\Drivers\CBDisk.sys
2014-02-11 23:06 - 2009-09-23 13:23 - 00032352 _____ (Mediafour Corporation) C:\Windows\system32\Drivers\MDPMGRNT.SYS
2014-02-11 22:44 - 2014-02-11 23:04 - 00000000 ____D () C:\Program Files (x86)\Mediafour
2014-02-11 22:44 - 2014-02-11 22:44 - 06019856 _____ (Mediafour Corporation, support@mediafour.com) C:\Users\Spud\Downloads\macdrive_8.0.7.38_en_setup (1).exe
2014-02-11 22:43 - 2014-02-11 22:43 - 00930440 _____ (CNET Download.com) C:\Users\Spud\Downloads\cbsidlm-cbsi176-MacDrive_Standard-ORG-10313024.exe
2014-02-11 15:13 - 2014-02-11 15:14 - 00000076 _____ () C:\Users\Spud\Desktop\New Text Document (3).txt
2014-02-09 21:23 - 2014-02-09 21:23 - 00001217 _____ () C:\Users\Spud\Desktop\Octodad Dadliest Catch.lnk
2014-02-09 21:23 - 2014-02-09 21:23 - 00000000 ____D () C:\Users\Spud\AppData\Local\Octodad Dadliest Catch
2014-02-09 21:22 - 2014-02-09 21:23 - 00000000 ____D () C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-07 22:28 - 2014-02-07 22:28 - 00000000 ____D () C:\Users\Spud\AppData\Local\EdgeOfReality
2014-02-07 13:15 - 2014-02-07 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 13:15 - 2014-02-07 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 13:15 - 2014-02-07 13:15 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-30 13:28 - 2014-02-25 00:30 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-01-30 13:28 - 2014-01-30 13:28 - 00000000 ____D () C:\ProgramData\bcikojajjdeajggpimdoemdolepfnank
 
==================== One Month Modified Files and Folders =======
 
2014-02-25 00:37 - 2014-02-25 00:37 - 00021371 _____ () C:\Users\Spud\Downloads\FRST.txt
2014-02-25 00:37 - 2014-02-24 16:32 - 00000000 ____D () C:\FRST
2014-02-25 00:35 - 2009-07-13 21:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 00:31 - 2014-02-23 23:41 - 00000952 _____ () C:\Windows\setupact.log
2014-02-25 00:31 - 2012-06-21 19:36 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Skype
2014-02-25 00:30 - 2014-02-25 00:30 - 00000000 ___RD () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-25 00:30 - 2014-01-30 13:28 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-25 00:30 - 2013-04-02 15:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-25 00:30 - 2012-07-08 16:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-25 00:30 - 2012-06-21 18:17 - 00000380 _____ () C:\Users\Spud\AppData\Roaming\sp_data.sys
2014-02-25 00:30 - 2012-05-22 00:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-02-25 00:30 - 2012-02-17 23:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 00:30 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 00:29 - 2012-05-21 23:57 - 01265938 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 00:29 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 00:29 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 00:28 - 2014-02-25 00:24 - 00000000 ____D () C:\AdwCleaner
2014-02-25 00:24 - 2014-02-25 00:24 - 01241834 _____ () C:\Users\Spud\Downloads\AdwCleaner.exe
2014-02-25 00:20 - 2014-02-23 23:41 - 00002904 _____ () C:\Windows\PFRO.log
2014-02-25 00:19 - 2014-02-25 00:15 - 00000262 _____ () C:\Users\Spud\Desktop\New Text Document (2).txt
2014-02-24 23:58 - 2012-06-21 18:17 - 00000000 ____D () C:\Users\Spud\Documents\Bluetooth Folder
2014-02-24 23:42 - 2012-02-17 23:37 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 22:14 - 2013-04-14 17:52 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\TS3Client
2014-02-24 19:09 - 2012-05-22 00:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-02-24 16:36 - 2012-07-02 19:57 - 00000000 ____D () C:\Users\Spud\AppData\Local\ArmA 2 OA
2014-02-24 16:34 - 2014-02-24 16:33 - 00057688 _____ () C:\Users\Spud\Desktop\FRST.txt
2014-02-24 16:32 - 2014-02-24 16:32 - 02156032 _____ (Farbar) C:\Users\Spud\Downloads\FRST64.exe
2014-02-24 09:34 - 2014-02-24 09:34 - 00012075 _____ () C:\Users\Spud\Desktop\attach.txt
2014-02-24 09:33 - 2014-02-24 09:34 - 00030362 _____ () C:\Users\Spud\Desktop\dds.txt
2014-02-24 09:31 - 2014-02-24 09:31 - 00688992 ____R (Swearware) C:\Users\Spud\Downloads\dds.com
2014-02-24 02:00 - 2012-10-09 17:05 - 00000000 ____D () C:\Users\Spud\AppData\Local\Adobe
2014-02-23 23:43 - 2012-07-02 16:24 - 01657856 ___SH () C:\Users\Spud\Desktop\Thumbs.db
2014-02-23 23:41 - 2014-02-23 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 23:41 - 2014-01-05 13:15 - 00000000 ____D () C:\ProgramData\Smooth Browsing
2014-02-23 23:41 - 2013-12-31 18:56 - 00000000 ____D () C:\ProgramData\Browser faster
2014-02-23 23:40 - 2012-06-21 18:40 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\uTorrent
2014-02-23 23:39 - 2014-02-23 21:39 - 2631956566 _____ () C:\Users\Spud\Downloads\I44_v2666.7z
2014-02-23 23:31 - 2012-06-22 13:02 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\vlc
2014-02-23 21:46 - 2014-02-23 21:39 - 85848090 _____ () C:\Users\Spud\Downloads\I44-ARMA2CO-v2-666-hf2.7z
2014-02-23 21:44 - 2014-02-23 21:42 - 19489159 _____ () C:\Users\Spud\Downloads\Sbrodj_v1.5.7z
2014-02-23 21:41 - 2014-02-23 21:41 - 01005693 _____ () C:\Users\Spud\Downloads\i44_warfare_v073.03.7z
2014-02-23 19:43 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\DiescouNtExtensi
2014-02-23 16:30 - 2014-02-23 16:30 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 16:30 - 2014-02-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 16:29 - 2014-02-23 16:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Spud\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-23 16:28 - 2012-10-21 14:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-23 16:28 - 2012-07-02 18:54 - 00000000 ____D () C:\Users\Spud\AppData\Local\CrashDumps
2014-02-23 15:04 - 2012-06-21 19:09 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-23 15:02 - 2014-02-23 15:02 - 00001238 _____ () C:\Users\Spud\Desktop\Auslogics Registry Cleaner.lnk
2014-02-23 15:02 - 2014-02-23 14:51 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-23 15:02 - 2014-02-23 14:51 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-02-23 15:01 - 2014-02-23 15:01 - 06310472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\registry-cleaner-setup.exe
2014-02-23 14:51 - 2014-02-23 14:51 - 00001171 _____ () C:\Users\Spud\Desktop\Auslogics DiskDefrag.lnk
2014-02-23 14:51 - 2014-02-23 14:50 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\disk-defrag-setup.exe
2014-02-22 17:22 - 2014-02-17 17:50 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher
2014-02-22 13:26 - 2014-02-22 13:26 - 00010908 _____ () C:\Users\Spud\Downloads\Class Schedule (1).xlsx
2014-02-21 23:13 - 2014-02-21 23:12 - 00000038 _____ () C:\Users\Spud\Desktop\LOTR codes.txt
2014-02-21 22:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-21 11:28 - 2012-06-21 19:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-21 11:28 - 2012-06-21 19:35 - 00000000 ____D () C:\ProgramData\Skype
2014-02-20 23:45 - 2014-02-20 23:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 23:45 - 2012-05-21 23:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-17 20:19 - 2014-02-17 17:50 - 00000000 ____D () C:\Users\Spud\Documents\The Witcher
2014-02-17 17:49 - 2014-02-17 17:49 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-02-17 11:30 - 2014-02-17 11:29 - 00018320 _____ () C:\Users\Spud\Documents\cc_20140217_112942.reg
2014-02-17 11:27 - 2013-03-22 20:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-17 11:23 - 2014-02-17 11:20 - 04721920 _____ (Piriform Ltd) C:\Users\Spud\Downloads\ccsetup410.exe
2014-02-17 11:15 - 2014-02-17 11:15 - 00050558 _____ () C:\Users\Spud\Downloads\The+Walking+Dead+S04E10+HDTV+x264-EXCELLENCE%5Bettv%5D.torrent
2014-02-16 14:21 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\Documents\Witcher 2
2014-02-16 14:16 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher 2
2014-02-16 03:01 - 2013-12-14 19:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2012-10-10 01:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 19:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 10:08 - 2012-10-03 14:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-14 10:08 - 2012-02-17 23:36 - 00764746 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 16:00 - 2012-07-02 18:37 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\ProgramData\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Common Files\Mediafour
2014-02-11 23:04 - 2014-02-11 22:44 - 00000000 ____D () C:\Program Files (x86)\Mediafour
2014-02-11 22:44 - 2014-02-11 22:44 - 06019856 _____ (Mediafour Corporation, support@mediafour.com) C:\Users\Spud\Downloads\macdrive_8.0.7.38_en_setup (1).exe
2014-02-11 22:43 - 2014-02-11 22:43 - 00930440 _____ (CNET Download.com) C:\Users\Spud\Downloads\cbsidlm-cbsi176-MacDrive_Standard-ORG-10313024.exe
2014-02-11 15:14 - 2014-02-11 15:13 - 00000076 _____ () C:\Users\Spud\Desktop\New Text Document (3).txt
2014-02-09 21:23 - 2014-02-09 21:23 - 00001217 _____ () C:\Users\Spud\Desktop\Octodad Dadliest Catch.lnk
2014-02-09 21:23 - 2014-02-09 21:23 - 00000000 ____D () C:\Users\Spud\AppData\Local\Octodad Dadliest Catch
2014-02-09 21:23 - 2014-02-09 21:22 - 00000000 ____D () C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-08 10:34 - 2014-02-20 23:41 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-08 10:34 - 2014-02-20 23:41 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-08 10:34 - 2012-05-21 23:58 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-08 10:34 - 2012-05-21 23:58 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-08 09:42 - 2013-04-02 15:16 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-08 08:18 - 2014-02-20 23:45 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-07 22:28 - 2014-02-07 22:28 - 00000000 ____D () C:\Users\Spud\AppData\Local\EdgeOfReality
2014-02-07 13:15 - 2014-02-07 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 13:15 - 2014-02-07 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 13:15 - 2014-02-07 13:15 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-06 18:02 - 2014-01-19 15:24 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\.minecraft
2014-02-06 04:16 - 2014-02-14 10:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-14 10:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-14 10:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-14 10:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-14 10:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-14 10:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-14 10:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-14 10:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-14 10:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-14 10:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-14 10:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-14 10:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-14 10:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-14 10:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-14 10:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-14 10:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-14 10:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-14 10:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-14 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-14 10:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-14 10:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-14 10:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-14 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-14 10:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-14 10:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-14 10:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-14 10:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-14 10:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-14 10:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-14 10:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-14 10:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-14 10:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-14 10:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-14 10:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-14 10:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-14 10:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-14 10:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-14 10:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-14 10:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-30 13:28 - 2014-01-30 13:28 - 00000000 ____D () C:\ProgramData\bcikojajjdeajggpimdoemdolepfnank
2014-01-30 13:28 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\2f04e5718820b1cc
2014-01-30 13:28 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-30 13:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
 
Some content of TEMP:
====================
C:\Users\Spud\AppData\Local\Temp\Quarantine.exe
C:\Users\Spud\AppData\Local\Temp\tbuTo2.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 14:32
 
==================== End Of Log ============================
 


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 AM

Posted 25 February 2014 - 04:05 AM

Ok, then we shall go after these extension with a manual fix.
Which problems still persist after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   1.66KB   3 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Reboot your computer.



Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 25 February 2014 - 12:37 PM

OK! here we go.   Both extensions are gone, and my browser symptoms (after just a few minutes of use) seem to be gone. However the Browser Faster and Snap.Do are still in my list of programs for uninstall. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by Spud at 2014-02-25 09:27:15 Run:1
Running from C:\Users\Spud\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~3\SMOOTH~1\SMOOTH~2.DLL => C:\ProgramData\Smooth Browsing\SmoothBrowsing_x64.dll [4710912 2014-01-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: BlouckUUTubeAd - {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - C:\ProgramData\BlouckUUTubeAd\X7F3Qwh7.x64.dll No File
BHO: 50Cooupons - {74E03763-4AB9-3905-0712-C1E3D1AD312B} - C:\ProgramData\50Cooupons\duq7.x64.dll No File
BHO: DiescouNtExtensi - {A38ADDCD-B2AB-A81A-524B-7F39932AD6DD} - C:\ProgramData\DiescouNtExtensi\M.x64.dll No File
BHO-x32: BlouckUUTubeAd - {54D5D347-2867-AFDF-D23A-F97BC5FF2080} - C:\ProgramData\BlouckUUTubeAd\X7F3Qwh7.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (BlouckUUTubeAd) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcikojajjdeajggpimdoemdolepfnank [2014-01-30]
CHR Extension: (DiescouNtExtensi) - C:\ProgramData\ebmnokldjpbhckdaledmohflhoioekfc [2013-12-31]
C:\ProgramData\ebmnokldjpbhckdaledmohflhoioekfc
S2 05837205; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserfasterSvc.dll",service
2014-01-30 13:28 - 2014-02-25 00:30 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-01-30 13:28 - 2014-01-30 13:28 - 00000000 ____D () C:\ProgramData\bcikojajjdeajggpimdoemdolepfnank
2014-02-23 19:43 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\DiescouNtExtensi
2014-02-23 23:41 - 2014-01-05 13:15 - 00000000 ____D () C:\ProgramData\Smooth Browsing
2014-02-23 23:41 - 2013-12-31 18:56 - 00000000 ____D () C:\ProgramData\Browser faster
2014-02-23 19:43 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\DiescouNtExtensi
C:\ProgramData\BlouckUUTubeAd
*****************
 
"C:\\PROGRA~3\\SMOOTH~1\\SMOOTH~2.DLL" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54D5D347-2867-AFDF-D23A-F97BC5FF2080} => Key deleted successfully.
HKCR\CLSID\{54D5D347-2867-AFDF-D23A-F97BC5FF2080} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74E03763-4AB9-3905-0712-C1E3D1AD312B} => Key deleted successfully.
HKCR\CLSID\{74E03763-4AB9-3905-0712-C1E3D1AD312B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A38ADDCD-B2AB-A81A-524B-7F39932AD6DD} => Key deleted successfully.
HKCR\CLSID\{A38ADDCD-B2AB-A81A-524B-7F39932AD6DD} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54D5D347-2867-AFDF-D23A-F97BC5FF2080} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{54D5D347-2867-AFDF-D23A-F97BC5FF2080} => Key deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcikojajjdeajggpimdoemdolepfnank => Moved successfully.
CHR Extension: (DiescouNtExtensi) - C:\ProgramData\ebmnokldjpbhckdaledmohflhoioekfc [2013-12-31] directory not found.
C:\ProgramData\ebmnokldjpbhckdaledmohflhoioekfc => Moved successfully.
05837205 => Service deleted successfully.
C:\ProgramData\ntuser.pol => Moved successfully.
C:\ProgramData\bcikojajjdeajggpimdoemdolepfnank => Moved successfully.
C:\ProgramData\DiescouNtExtensi => Moved successfully.
C:\ProgramData\Smooth Browsing => Moved successfully.
C:\ProgramData\Browser faster => Moved successfully.
"C:\ProgramData\DiescouNtExtensi" => File/Directory not found.
"C:\ProgramData\BlouckUUTubeAd" => File/Directory not found.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Spud (administrator) on STORT on 25-02-2014 09:30:50
Running from C:\Users\Spud\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Mediafour Corporation) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUS) C:\Windows\AsScrPro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2012-05-22] (ASUS)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-17] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-798396033-2988315780-652485267-1001\...\MountPoints2: {eed0867a-bc0f-11e1-8872-10bf48220158} - E:\Launcher.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows LiveÃÂ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (AdBlock) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Spud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Spud\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Spud\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]
 
==================== Services (Whitelisted) =================
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-17] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 M4LIC; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [205312 2009-07-29] (Mediafour Corporation)
R2 MacDrive8Service; C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [218112 2010-01-07] (Mediafour Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-09-12] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-22] (VIA Technologies, Inc.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2010-01-13] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-21] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [304232 2010-02-04] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32352 2009-09-23] (Mediafour Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-25 09:30 - 2014-02-25 09:30 - 49940480 _____ () C:\Program Files (x86)\GUT3D7D.tmp
2014-02-25 09:30 - 2014-02-25 09:30 - 00019476 _____ () C:\Users\Spud\Desktop\FRST.txt
2014-02-25 09:30 - 2014-02-25 09:30 - 00000000 ____D () C:\Program Files (x86)\GUM3D6C.tmp
2014-02-25 09:29 - 2014-02-25 09:29 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-02-25 09:29 - 2014-02-25 09:29 - 00000000 ___RD () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-25 09:26 - 2014-02-25 09:26 - 00001700 _____ () C:\Users\Spud\Downloads\fixlist.txt
2014-02-25 00:37 - 2014-02-25 00:37 - 00056049 _____ () C:\Users\Spud\Downloads\FRST.txt
2014-02-25 00:24 - 2014-02-25 00:28 - 00000000 ____D () C:\AdwCleaner
2014-02-25 00:24 - 2014-02-25 00:24 - 01241834 _____ () C:\Users\Spud\Downloads\AdwCleaner.exe
2014-02-25 00:15 - 2014-02-25 00:19 - 00000262 _____ () C:\Users\Spud\Desktop\New Text Document (2).txt
2014-02-24 16:32 - 2014-02-25 09:30 - 00000000 ____D () C:\FRST
2014-02-24 16:32 - 2014-02-24 16:32 - 02156032 _____ (Farbar) C:\Users\Spud\Desktop\FRST64.exe
2014-02-24 09:34 - 2014-02-24 09:34 - 00012075 _____ () C:\Users\Spud\Desktop\attach.txt
2014-02-24 09:34 - 2014-02-24 09:33 - 00030362 _____ () C:\Users\Spud\Desktop\dds.txt
2014-02-24 09:31 - 2014-02-24 09:31 - 00688992 ____R (Swearware) C:\Users\Spud\Downloads\dds.com
2014-02-23 23:41 - 2014-02-25 09:29 - 00001232 _____ () C:\Windows\setupact.log
2014-02-23 23:41 - 2014-02-25 09:28 - 00171512 _____ () C:\Windows\PFRO.log
2014-02-23 23:41 - 2014-02-23 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 21:42 - 2014-02-23 21:44 - 19489159 _____ () C:\Users\Spud\Downloads\Sbrodj_v1.5.7z
2014-02-23 21:41 - 2014-02-23 21:41 - 01005693 _____ () C:\Users\Spud\Downloads\i44_warfare_v073.03.7z
2014-02-23 21:39 - 2014-02-23 23:39 - 2631956566 _____ () C:\Users\Spud\Downloads\I44_v2666.7z
2014-02-23 21:39 - 2014-02-23 21:46 - 85848090 _____ () C:\Users\Spud\Downloads\I44-ARMA2CO-v2-666-hf2.7z
2014-02-23 16:30 - 2014-02-23 16:30 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 16:30 - 2014-02-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 16:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-23 16:29 - 2014-02-23 16:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Spud\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-23 15:02 - 2014-02-23 15:02 - 00001238 _____ () C:\Users\Spud\Desktop\Auslogics Registry Cleaner.lnk
2014-02-23 15:01 - 2014-02-23 15:01 - 06310472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\registry-cleaner-setup.exe
2014-02-23 14:51 - 2014-02-23 15:02 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-23 14:51 - 2014-02-23 15:02 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-02-23 14:51 - 2014-02-23 14:51 - 00001171 _____ () C:\Users\Spud\Desktop\Auslogics DiskDefrag.lnk
2014-02-23 14:50 - 2014-02-23 14:51 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\disk-defrag-setup.exe
2014-02-22 13:26 - 2014-02-22 13:26 - 00010908 _____ () C:\Users\Spud\Downloads\Class Schedule (1).xlsx
2014-02-21 23:12 - 2014-02-21 23:13 - 00000038 _____ () C:\Users\Spud\Desktop\LOTR codes.txt
2014-02-20 23:45 - 2014-02-20 23:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 23:45 - 2014-02-08 08:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-20 23:41 - 2014-02-08 10:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-20 23:41 - 2014-02-08 10:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-20 23:41 - 2014-02-08 10:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-17 17:50 - 2014-02-22 17:22 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher
2014-02-17 17:50 - 2014-02-17 20:19 - 00000000 ____D () C:\Users\Spud\Documents\The Witcher
2014-02-17 17:49 - 2014-02-17 17:49 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-02-17 11:29 - 2014-02-17 11:30 - 00018320 _____ () C:\Users\Spud\Documents\cc_20140217_112942.reg
2014-02-17 11:20 - 2014-02-17 11:23 - 04721920 _____ (Piriform Ltd) C:\Users\Spud\Downloads\ccsetup410.exe
2014-02-17 11:15 - 2014-02-17 11:15 - 00050558 _____ () C:\Users\Spud\Downloads\The+Walking+Dead+S04E10+HDTV+x264-EXCELLENCE%5Bettv%5D.torrent
2014-02-16 14:16 - 2014-02-16 14:21 - 00000000 ____D () C:\Users\Spud\Documents\Witcher 2
2014-02-16 14:16 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher 2
2014-02-14 10:01 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 10:01 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 10:00 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 10:00 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 10:00 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 10:00 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 10:00 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 10:00 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 10:00 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 10:00 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 10:00 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 10:00 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 10:00 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 10:00 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 10:00 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 10:00 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 10:00 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 10:00 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 10:00 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 10:00 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 10:00 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 10:00 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 10:00 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 10:00 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 10:00 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 10:00 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 10:00 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 10:00 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 10:00 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 10:00 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 10:00 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 10:00 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 10:00 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 10:00 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 10:00 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 10:00 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 10:00 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 10:00 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 10:00 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 10:00 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 10:00 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 11:20 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 11:20 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 11:20 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 11:20 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 11:20 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 11:20 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 11:19 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 11:19 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 11:19 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 11:19 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 11:19 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 11:19 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 11:19 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 11:19 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 11:19 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 11:19 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 11:19 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 11:19 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 11:19 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\ProgramData\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Common Files\Mediafour
2014-02-11 23:06 - 2010-01-13 11:15 - 00070344 _____ (EldoS Corporation) C:\Windows\system32\Drivers\CBDisk.sys
2014-02-11 23:06 - 2009-09-23 13:23 - 00032352 _____ (Mediafour Corporation) C:\Windows\system32\Drivers\MDPMGRNT.SYS
2014-02-11 22:44 - 2014-02-11 23:04 - 00000000 ____D () C:\Program Files (x86)\Mediafour
2014-02-11 22:44 - 2014-02-11 22:44 - 06019856 _____ (Mediafour Corporation, support@mediafour.com) C:\Users\Spud\Downloads\macdrive_8.0.7.38_en_setup (1).exe
2014-02-11 22:43 - 2014-02-11 22:43 - 00930440 _____ (CNET Download.com) C:\Users\Spud\Downloads\cbsidlm-cbsi176-MacDrive_Standard-ORG-10313024.exe
2014-02-11 15:13 - 2014-02-11 15:14 - 00000076 _____ () C:\Users\Spud\Desktop\New Text Document (3).txt
2014-02-09 21:23 - 2014-02-09 21:23 - 00001217 _____ () C:\Users\Spud\Desktop\Octodad Dadliest Catch.lnk
2014-02-09 21:23 - 2014-02-09 21:23 - 00000000 ____D () C:\Users\Spud\AppData\Local\Octodad Dadliest Catch
2014-02-09 21:22 - 2014-02-09 21:23 - 00000000 ____D () C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-07 22:28 - 2014-02-07 22:28 - 00000000 ____D () C:\Users\Spud\AppData\Local\EdgeOfReality
2014-02-07 13:15 - 2014-02-07 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 13:15 - 2014-02-07 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 13:15 - 2014-02-07 13:15 - 00000000 ____D () C:\Windows\system32\Macromed
 
==================== One Month Modified Files and Folders =======
 
2014-02-25 09:30 - 2014-02-25 09:30 - 49940480 _____ () C:\Program Files (x86)\GUT3D7D.tmp
2014-02-25 09:30 - 2014-02-25 09:30 - 00019476 _____ () C:\Users\Spud\Desktop\FRST.txt
2014-02-25 09:30 - 2014-02-25 09:30 - 00000000 ____D () C:\Program Files (x86)\GUM3D6C.tmp
2014-02-25 09:30 - 2014-02-24 16:32 - 00000000 ____D () C:\FRST
2014-02-25 09:30 - 2012-06-21 19:36 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Skype
2014-02-25 09:30 - 2012-02-17 23:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 09:29 - 2014-02-25 09:29 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-02-25 09:29 - 2014-02-25 09:29 - 00000000 ___RD () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-25 09:29 - 2014-02-23 23:41 - 00001232 _____ () C:\Windows\setupact.log
2014-02-25 09:29 - 2012-07-08 16:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-25 09:29 - 2012-06-21 18:17 - 00000380 _____ () C:\Users\Spud\AppData\Roaming\sp_data.sys
2014-02-25 09:28 - 2014-02-23 23:41 - 00171512 _____ () C:\Windows\PFRO.log
2014-02-25 09:28 - 2013-04-02 15:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-25 09:28 - 2012-05-22 00:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-02-25 09:28 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 09:27 - 2012-05-21 23:57 - 01274311 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 09:27 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-25 09:26 - 2014-02-25 09:26 - 00001700 _____ () C:\Users\Spud\Downloads\fixlist.txt
2014-02-25 09:24 - 2012-02-17 23:36 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 09:24 - 2009-07-13 21:13 - 00788208 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 09:22 - 2012-10-09 17:05 - 00000000 ____D () C:\Users\Spud\AppData\Local\Adobe
2014-02-25 09:21 - 2012-02-17 23:37 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 00:37 - 2014-02-25 00:37 - 00056049 _____ () C:\Users\Spud\Downloads\FRST.txt
2014-02-25 00:37 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 00:37 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 00:28 - 2014-02-25 00:24 - 00000000 ____D () C:\AdwCleaner
2014-02-25 00:24 - 2014-02-25 00:24 - 01241834 _____ () C:\Users\Spud\Downloads\AdwCleaner.exe
2014-02-25 00:19 - 2014-02-25 00:15 - 00000262 _____ () C:\Users\Spud\Desktop\New Text Document (2).txt
2014-02-24 23:58 - 2012-06-21 18:17 - 00000000 ____D () C:\Users\Spud\Documents\Bluetooth Folder
2014-02-24 22:14 - 2013-04-14 17:52 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\TS3Client
2014-02-24 19:09 - 2012-05-22 00:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-02-24 16:36 - 2012-07-02 19:57 - 00000000 ____D () C:\Users\Spud\AppData\Local\ArmA 2 OA
2014-02-24 16:32 - 2014-02-24 16:32 - 02156032 _____ (Farbar) C:\Users\Spud\Desktop\FRST64.exe
2014-02-24 09:34 - 2014-02-24 09:34 - 00012075 _____ () C:\Users\Spud\Desktop\attach.txt
2014-02-24 09:33 - 2014-02-24 09:34 - 00030362 _____ () C:\Users\Spud\Desktop\dds.txt
2014-02-24 09:31 - 2014-02-24 09:31 - 00688992 ____R (Swearware) C:\Users\Spud\Downloads\dds.com
2014-02-23 23:43 - 2012-07-02 16:24 - 01657856 ___SH () C:\Users\Spud\Desktop\Thumbs.db
2014-02-23 23:41 - 2014-02-23 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 23:40 - 2012-06-21 18:40 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\uTorrent
2014-02-23 23:39 - 2014-02-23 21:39 - 2631956566 _____ () C:\Users\Spud\Downloads\I44_v2666.7z
2014-02-23 23:31 - 2012-06-22 13:02 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\vlc
2014-02-23 21:46 - 2014-02-23 21:39 - 85848090 _____ () C:\Users\Spud\Downloads\I44-ARMA2CO-v2-666-hf2.7z
2014-02-23 21:44 - 2014-02-23 21:42 - 19489159 _____ () C:\Users\Spud\Downloads\Sbrodj_v1.5.7z
2014-02-23 21:41 - 2014-02-23 21:41 - 01005693 _____ () C:\Users\Spud\Downloads\i44_warfare_v073.03.7z
2014-02-23 16:30 - 2014-02-23 16:30 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 16:30 - 2014-02-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 16:29 - 2014-02-23 16:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Spud\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-23 16:28 - 2012-10-21 14:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-23 16:28 - 2012-07-02 18:54 - 00000000 ____D () C:\Users\Spud\AppData\Local\CrashDumps
2014-02-23 15:04 - 2012-06-21 19:09 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-23 15:02 - 2014-02-23 15:02 - 00001238 _____ () C:\Users\Spud\Desktop\Auslogics Registry Cleaner.lnk
2014-02-23 15:02 - 2014-02-23 14:51 - 00000000 ____D () C:\ProgramData\Auslogics
2014-02-23 15:02 - 2014-02-23 14:51 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-02-23 15:01 - 2014-02-23 15:01 - 06310472 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\registry-cleaner-setup.exe
2014-02-23 14:51 - 2014-02-23 14:51 - 00001171 _____ () C:\Users\Spud\Desktop\Auslogics DiskDefrag.lnk
2014-02-23 14:51 - 2014-02-23 14:50 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Spud\Downloads\disk-defrag-setup.exe
2014-02-22 17:22 - 2014-02-17 17:50 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher
2014-02-22 13:26 - 2014-02-22 13:26 - 00010908 _____ () C:\Users\Spud\Downloads\Class Schedule (1).xlsx
2014-02-21 23:13 - 2014-02-21 23:12 - 00000038 _____ () C:\Users\Spud\Desktop\LOTR codes.txt
2014-02-21 22:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-21 11:28 - 2012-06-21 19:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-21 11:28 - 2012-06-21 19:35 - 00000000 ____D () C:\ProgramData\Skype
2014-02-20 23:45 - 2014-02-20 23:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-20 23:45 - 2012-05-21 23:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-17 20:19 - 2014-02-17 17:50 - 00000000 ____D () C:\Users\Spud\Documents\The Witcher
2014-02-17 17:49 - 2014-02-17 17:49 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-02-17 11:30 - 2014-02-17 11:29 - 00018320 _____ () C:\Users\Spud\Documents\cc_20140217_112942.reg
2014-02-17 11:27 - 2013-03-22 20:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-17 11:23 - 2014-02-17 11:20 - 04721920 _____ (Piriform Ltd) C:\Users\Spud\Downloads\ccsetup410.exe
2014-02-17 11:15 - 2014-02-17 11:15 - 00050558 _____ () C:\Users\Spud\Downloads\The+Walking+Dead+S04E10+HDTV+x264-EXCELLENCE%5Bettv%5D.torrent
2014-02-16 14:21 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\Documents\Witcher 2
2014-02-16 14:16 - 2014-02-16 14:16 - 00000000 ____D () C:\Users\Spud\AppData\Local\The Witcher 2
2014-02-16 03:01 - 2013-12-14 19:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2012-10-10 01:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 19:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 10:08 - 2012-10-03 14:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 16:00 - 2012-07-02 18:37 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\ProgramData\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Mediafour
2014-02-11 23:06 - 2014-02-11 23:06 - 00000000 ____D () C:\Program Files\Common Files\Mediafour
2014-02-11 23:04 - 2014-02-11 22:44 - 00000000 ____D () C:\Program Files (x86)\Mediafour
2014-02-11 22:44 - 2014-02-11 22:44 - 06019856 _____ (Mediafour Corporation, support@mediafour.com) C:\Users\Spud\Downloads\macdrive_8.0.7.38_en_setup (1).exe
2014-02-11 22:43 - 2014-02-11 22:43 - 00930440 _____ (CNET Download.com) C:\Users\Spud\Downloads\cbsidlm-cbsi176-MacDrive_Standard-ORG-10313024.exe
2014-02-11 15:14 - 2014-02-11 15:13 - 00000076 _____ () C:\Users\Spud\Desktop\New Text Document (3).txt
2014-02-09 21:23 - 2014-02-09 21:23 - 00001217 _____ () C:\Users\Spud\Desktop\Octodad Dadliest Catch.lnk
2014-02-09 21:23 - 2014-02-09 21:23 - 00000000 ____D () C:\Users\Spud\AppData\Local\Octodad Dadliest Catch
2014-02-09 21:23 - 2014-02-09 21:22 - 00000000 ____D () C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-08 10:34 - 2014-02-20 23:41 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-08 10:34 - 2014-02-20 23:41 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-08 10:34 - 2014-02-20 23:41 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-08 10:34 - 2013-04-02 15:15 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-08 10:34 - 2012-05-21 23:58 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-08 10:34 - 2012-05-21 23:58 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-08 09:42 - 2013-04-02 15:16 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-08 09:42 - 2013-04-02 15:16 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-08 08:18 - 2014-02-20 23:45 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-07 22:28 - 2014-02-07 22:28 - 00000000 ____D () C:\Users\Spud\AppData\Local\EdgeOfReality
2014-02-07 13:15 - 2014-02-07 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 13:15 - 2014-02-07 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 13:15 - 2014-02-07 13:15 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-06 18:02 - 2014-01-19 15:24 - 00000000 ____D () C:\Users\Spud\AppData\Roaming\.minecraft
2014-02-06 04:16 - 2014-02-14 10:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-14 10:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-14 10:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-14 10:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-14 10:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-14 10:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-14 10:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-14 10:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-14 10:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-14 10:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-14 10:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-14 10:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-14 10:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-14 10:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-14 10:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-14 10:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-14 10:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-14 10:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-14 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-14 10:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-14 10:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-14 10:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-14 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-14 10:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-14 10:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-14 10:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-14 10:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-14 10:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-14 10:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-14 10:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-14 10:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-14 10:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-14 10:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-14 10:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-14 10:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-14 10:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-14 10:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-14 10:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-14 10:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-30 13:28 - 2013-12-31 19:07 - 00000000 ____D () C:\ProgramData\2f04e5718820b1cc
2014-01-30 13:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
 
Some content of TEMP:
====================
C:\Users\Spud\AppData\Local\Temp\Quarantine.exe
C:\Users\Spud\AppData\Local\Temp\tbuTo2.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 14:32
 
==================== End Of Log ============================


#10 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 25 February 2014 - 12:54 PM

Also would you be able to explain to me the reasoning behind fixing the "ntuser.pol"  Just curious after reading over the logs.    



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 AM

Posted 25 February 2014 - 01:16 PM

However the Browser Faster and Snap.Do are still in my list of programs for uninstall.

These are just remnants in the registry.
But we will find and delete them too:


Please download SystemLook (by jpshortstuff) and save it to your Desktop.
  • Start SystemLook_x64.exe with administrative privileges.
  • Copy and paste the following code into the textbox of SystemLook:
    :regfind
    Browser faster
    Snap.Do
    
  • Click on the Look button to start the scan. It might take a while.
  • When finished a log file will be displayed (that is also saved as SystemLook.txt to the same directory the tool was run from).
    Please copy and paste its contents in your next reply.


#12 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 25 February 2014 - 01:21 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 10:20 on 25/02/2014 by Spud
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "Browser faster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}]
"DisplayName"="Browser faster"
 
Searching for "Snap.Do"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\42F49E5CF8D35B943AC91EDC3063A234]
"ProductName"="Snap.Do"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-798396033-2988315780-652485267-1001\Products\42F49E5CF8D35B943AC91EDC3063A234\InstallProperties]
"HelpLink"="http://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-798396033-2988315780-652485267-1001\Products\42F49E5CF8D35B943AC91EDC3063A234\InstallProperties]
"URLInfoAbout"="http://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-798396033-2988315780-652485267-1001\Products\42F49E5CF8D35B943AC91EDC3063A234\InstallProperties]
"DisplayName"="Snap.Do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5E94F24-3D8F-49B5-A39C-E1CD03362A43}]
"HelpLink"="http://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5E94F24-3D8F-49B5-A39C-E1CD03362A43}]
"URLInfoAbout"="http://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5E94F24-3D8F-49B5-A39C-E1CD03362A43}]
"DisplayName"="Snap.Do"
[HKEY_USERS\S-1-5-21-798396033-2988315780-652485267-1001\Software\Microsoft\Installer\Products\42F49E5CF8D35B943AC91EDC3063A234]
"ProductName"="Snap.Do"
[HKEY_USERS\S-1-5-21-798396033-2988315780-652485267-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]
[HKEY_USERS\S-1-5-21-798396033-2988315780-652485267-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_USERS\S-1-5-21-798396033-2988315780-652485267-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]
[HKEY_USERS\S-1-5-21-798396033-2988315780-652485267-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
 
-= EOF =-


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 AM

Posted 25 February 2014 - 01:29 PM

Also would you be able to explain to me the reasoning behind fixing the "ntuser.pol"

This version of ntuser.pol was created by the adware.
 
After step 1 "snap.do" and "browser faster" should disappear from your list of programs.
Is everything running smoothly now? Or are there still any problems left?
Let's also do a final check up:


Step 1

Please download this attached Attached File  fixlist.txt   267bytes   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#14 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 25 February 2014 - 01:35 PM

Things seem to be running smoothly. Uninstall registries were removed successfully as well.

 

I just need to step out to class for a few hours. Ill get back to you with step 2 shortly.

 

Here is the fixlist from step 1:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by Spud at 2014-02-25 10:32:32 Run:2
Running from C:\Users\Spud\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5E94F24-3D8F-49B5-A39C-E1CD03362A43}" /f
REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}" /f
*****************
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5E94F24-3D8F-49B5-A39C-E1CD03362A43}" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====


#15 Spudguy

Spudguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 25 February 2014 - 07:12 PM

Here is the ESET log:

 

Most of it looks like, either some install files to a few harmless programs, quarantined stuff or a few Cracks to old games.  But there a few suspicious looking things.

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=40acc00457283542bbe059bb139e5bee
# engine=17226
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-26 12:03:53
# local_time=2014-02-25 04:03:53 (-0800, Pacific Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 3298766 3311094 0 0
# compatibility_mode=5893 16776573 100 94 0 144916483 0 0
# scanned=335523
# found=20
# cleaned=0
# scan_time=9333
sh=39DCD8F4E1C8FC2AB38CF1AF20ADF815A5B50552 ft=1 fh=c71c0011f2d45131 vn="a variant of Win64/SProtector.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\Browser faster25-02-2014_09-27-16\Browserfaster_x64.dll"
sh=864C7EBC4A410297519CED16BE5A182B43520CE1 ft=1 fh=c71c0011a01f00de vn="a variant of Win64/SProtector.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\Smooth Browsing25-02-2014_09-27-16\SmoothBrowsing_x64.dll"
sh=A32AA942597786B380ABDA361918B5E6BF4F26D1 ft=1 fh=e10233d53431d7f2 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="C:\Program Files (x86)\LEGO Lord Of The Rings\rld.dll"
sh=7113D3A10D8722FE80A3717E87BC7354F55674B4 ft=1 fh=a654d788654f8e37 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="C:\Program Files (x86)\LucasArts\LEGO Star Wars III The Clone Wars\paul.dll"
sh=C80B0CE37AF1B1398A13102D4E1CCC2EC6D38209 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave7.zip"
sh=C80B0CE37AF1B1398A13102D4E1CCC2EC6D38209 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave7.zip"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Spud\Downloads\cbsidlm-cbsi176-MacDrive_Standard-ORG-10313024.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Spud\Downloads\ccsetup328.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Spud\Downloads\ccsetup402.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Spud\Downloads\ccsetup408.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Spud\Downloads\ccsetup409.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Spud\Downloads\ccsetup410.exe"
sh=B7FD7CCF49DAA7A2154020E9C543B6AAD33ACB27 ft=1 fh=6fc2b4bbe3606611 vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="C:\Users\Spud\Downloads\disk-defrag-setup.exe"
sh=0DA5BDEA890EA6B222372E0FFBF279F181DA55DB ft=0 fh=0000000000000000 vn="Win32/HackKMS.A potentially unsafe application" ac=I fn="C:\Users\Spud\Downloads\Microsoft Word 2010 + Crack {LCD}.rar"
sh=172D869518B941809AFBDCB15751A69091BC9EBE ft=1 fh=4d170eab29818e2e vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="C:\Users\Spud\Downloads\registry-cleaner-setup.exe"
sh=C6CD64B909506B088F7ED4EB7462C5DD2CCC48E7 ft=1 fh=428c969a0641854e vn="Win32/InstalleRex.E potentially unwanted application" ac=I fn="C:\Users\Spud\Downloads\setup.exe"
sh=3AFD52C0A913D5E8A0D0EBFA9E6683CEEAED366D ft=1 fh=a11e60c5b2132ddb vn="a variant of Win32/InstallCore.W potentially unwanted application" ac=I fn="C:\Users\Spud\Downloads\vlc_nsetup.exe"
sh=7AE71CAF4A9B27AF82FFC95C3FCB308D82B27E20 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CX potentially unsafe application" ac=I fn="D:\MacDrive-v8.0.5.31-Keygen.included.zip"
sh=CB3FFC689972B8B1980E15E235FBCF7E63103158 ft=1 fh=c03368eb2adf7184 vn="Win32/Keygen.AJ potentially unsafe application" ac=I fn="D:\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0 Keygen.exe"
sh=FD4DD9605A03F619D09B650452E8C81618578B3A ft=1 fh=4c256b24a244bc05 vn="Win32/Toolbar.AskSBar potentially unwanted application" ac=I fn="D:\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0.exe"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users