Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files moves to flash drive converted to system files and hidden


  • This topic is locked This topic is locked
17 replies to this topic

#1 PSWII60

PSWII60

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 28 February 2014 - 03:28 AM

Any files I move to external drives are converted to windows system files, hidden, and have a shortcut created.  Anything in a folder is not touched.  It doesn't seem to reinfect other computers that it is subsequently plugged into.  Tried Malware Bytes and it did not remove the problem.  Running Windows 8.1.  Saw a suggestion of using Combofix on another forum, not Windows 8.1 Compatible. DSS is not compatible either it tells me.  



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 28 February 2014 - 03:52 AM

Hello,

it's important that you don't open one of these shortcuts from now on. This leads to a re-infection.
Please run a FRST scan to begin with:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by aharonov, 28 February 2014 - 10:50 AM.


#3 PSWII60

PSWII60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 28 February 2014 - 10:44 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Andy (administrator) on BEHEMOTH on 28-02-2014 10:24:00
Running from C:\Users\Andy\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(a3LKzbygkUl1) C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11585408 2012-11-16] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\Run: [tmpF123] - wscript.exe //B "C:\Users\Andy\AppData\Local\Temp\tmpF123.tmp.microsoft.vbs" <===== ATTENTION
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\Run: [e7b93b397c3976f2e9ec654820857a9d] - C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe [367616 2014-02-15] (a3LKzbygkUl1) <===== ATTENTION
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\MountPoints2: F - "F:\Setup.exe" 
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7b93b397c3976f2e9ec654820857a9d.exe ()
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF123.tmp.microsoft.vbs ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: No Name - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\staged [2014-02-27]
FF Extension: ChatZilla - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-12-30]
FF Extension: FlashGot - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-12-30]
FF Extension: NoScript - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-01-03]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-26]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-26]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-26]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-26]
CHR Extension: (Tampermonkey) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-26]
CHR Extension: (Website Logon) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-12-26]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-26]
CHR Extension: (RSS Feed Reader) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2013-12-26]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) =================
 
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2013-10-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-30] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3346912 2013-10-31] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [450632 2013-02-22] (RTS Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-30] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-02-19] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-28 10:24 - 2014-02-28 10:24 - 00023222 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-02-28 10:23 - 2014-02-28 10:24 - 00000000 ____D () C:\FRST
2014-02-28 10:23 - 2014-02-28 10:23 - 02155520 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-02-27 22:06 - 2014-02-27 22:07 - 00000000 ____D () C:\Users\Andy\Downloads\Silversun Pickups
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Users\Andy\Desktop\CoC
2014-02-26 23:17 - 2014-02-26 23:17 - 00000222 _____ () C:\Users\Andy\Desktop\Guns of Icarus Online.url
2014-02-25 22:18 - 2014-02-25 22:18 - 00061023 _____ () C:\Users\Andy\Downloads\[kickass.to]microsoft.office.proffesional.plus.2010.corporate.final.full.activated.nogrp.torrent
2014-02-25 22:13 - 2014-02-25 22:14 - 00000000 ____D () C:\Users\Andy\Downloads\Office pro 2010 - x64-x86
2014-02-25 22:12 - 2014-02-25 22:12 - 00014726 _____ () C:\Users\Andy\Downloads\6d79858123735930465cc0ee87ea0683.torrent
2014-02-25 22:00 - 2014-02-25 22:00 - 00688992 _____ (Swearware) C:\Users\Andy\Downloads\dds.com
2014-02-25 02:25 - 2014-02-25 02:32 - 126646597 _____ () C:\Users\Andy\Downloads\Killer Instinct Top 8 RG MCZ Sonic Fox vs Orso - Winter Brawl 8 Tournament.mp4
2014-02-23 19:20 - 2014-02-23 19:59 - 00000000 ____D () C:\Users\Andy\Downloads\Berserk Dual Audio Complete BD
2014-02-23 03:20 - 2014-02-23 03:24 - 00000000 ____D () C:\Users\Andy\Downloads\free style jupiter
2014-02-21 23:34 - 2014-02-22 00:12 - 463522367 _____ () C:\Users\Andy\Downloads\EO2-37.mp4
2014-02-21 23:33 - 2014-02-22 00:17 - 624042628 _____ () C:\Users\Andy\Downloads\EO2-36.mp4
2014-02-21 15:23 - 2014-02-24 14:33 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (4)
2014-02-21 00:54 - 2014-02-21 01:46 - 236377364 _____ () C:\Users\Andy\Downloads\Peak of Orgasm Compilation.flv
2014-02-20 01:36 - 2014-02-20 02:05 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (3)
2014-02-19 08:53 - 2014-02-19 08:53 - 00002545 _____ () C:\Users\Public\Desktop\C.B.R.lnk
2014-02-19 08:53 - 2014-02-19 08:53 - 00000000 ____D () C:\CBR
2014-02-19 07:18 - 2014-02-19 07:19 - 00000000 ____D () C:\Users\Andy\Downloads\mods
2014-02-19 06:27 - 2014-02-19 06:27 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Andy\Downloads\tdsskiller.exe
2014-02-19 06:27 - 2014-02-19 06:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-02-19 06:24 - 2014-02-24 13:55 - 00041984 ___SH () C:\Users\Andy\Desktop\Thumbs.db
2014-02-19 06:24 - 2014-02-19 06:24 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-19 06:11 - 2014-01-01 00:49 - 2523043840 _____ () C:\Users\Andy\Desktop\Autodesk_3ds_Max_Design_2014_SP3_EN_x64.iso
2014-02-19 05:59 - 2013-12-31 17:41 - 00312832 _____ () C:\Users\Andy\Desktop\xf-adsk64.exe
2014-02-17 15:10 - 2014-02-17 15:10 - 00000008 _____ () C:\Users\Andy\Desktop\cancellation attorney.txt
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-02-15 13:47 - 2014-02-15 13:47 - 00000000 ____D () C:\Users\Andy\Documents\Adobe
2014-02-15 13:38 - 2014-02-15 13:45 - 00000000 ____D () C:\AdwCleaner
2014-02-15 13:38 - 2014-02-15 13:38 - 01166132 _____ () C:\Users\Andy\Downloads\AdwCleaner.exe
2014-02-15 13:17 - 2014-02-15 13:17 - 05183211 _____ (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-02-15 12:44 - 2014-02-15 12:44 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-15 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-14 16:31 - 2014-02-24 14:00 - 00000000 ____D () C:\Users\Andy\Desktop\Games
2014-02-12 00:41 - 2014-02-12 01:44 - 00000000 ____D () C:\Users\Andy\Downloads\supro
2014-02-12 00:04 - 2014-02-13 02:23 - 00000000 ____D () C:\Users\Andy\Downloads\Corruption of Champions
2014-02-11 00:38 - 2014-02-11 00:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Yye_Software
2014-02-11 00:37 - 2014-02-11 00:48 - 00000000 ____D () C:\Users\Andy\Downloads\RNG Reporter
2014-02-10 01:39 - 2014-02-10 01:39 - 00000000 ____D () C:\GOG Games
2014-02-10 01:08 - 2014-02-10 02:05 - 00000000 ____D () C:\Users\Andy\AppData\Local\GOG.com
2014-02-10 01:07 - 2014-02-10 01:07 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-02-09 19:55 - 2014-02-09 19:55 - 00002177 _____ () C:\Users\Public\Desktop\ProDiscover Basic.lnk
2014-02-09 19:55 - 2014-02-09 19:55 - 00000000 ____D () C:\Program Files (x86)\Technology Pathways
2014-02-09 19:54 - 2014-02-09 19:54 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-02-09 16:37 - 2014-02-09 16:37 - 02547200 _____ () C:\Users\Andy\Downloads\ch09.ppt
2014-02-09 16:37 - 2014-02-09 16:37 - 01370624 _____ () C:\Users\Andy\Downloads\ch07.ppt
2014-02-09 15:56 - 2014-02-15 14:47 - 00000000 ____D () C:\Users\Andy\Desktop\work
2014-02-09 14:45 - 2014-02-09 14:45 - 00032708 _____ () C:\Users\Andy\Downloads\download (1).htm
2014-02-09 14:44 - 2014-02-09 14:44 - 00032728 _____ () C:\Users\Andy\Downloads\download.htm
2014-02-09 14:40 - 2014-02-09 14:40 - 00001281 _____ () C:\Users\Public\Desktop\Hex Workshop Hex Editor (64 bit).lnk
2014-02-09 14:40 - 2014-02-09 14:40 - 00000000 ____D () C:\Program Files\BreakPoint Software
2014-02-09 14:03 - 2014-02-09 14:17 - 00000000 ____D () C:\Users\Andy\Desktop\Forensics disc
2014-02-09 13:45 - 2014-02-09 13:48 - 00000000 ____D () C:\Users\Andy\Downloads\ninjakitty
2014-02-09 13:36 - 2014-02-19 06:53 - 00000000 ____D () C:\Users\Andy\Downloads\Comics
2014-02-09 13:13 - 2014-02-09 13:16 - 00000000 ____D () C:\Users\Andy\Downloads\phone walpaper
2014-02-07 03:49 - 2014-02-07 03:49 - 00000136 _____ () C:\Users\Andy\Downloads\Togekiss.pkm
2014-02-07 03:46 - 2014-02-07 03:46 - 00000136 _____ () C:\Users\Andy\Downloads\Shellder.pkm
2014-02-07 03:43 - 2014-02-07 03:43 - 00000136 _____ () C:\Users\Andy\Downloads\Samus.pkm
2014-02-07 03:41 - 2014-02-07 03:41 - 00000136 _____ () C:\Users\Andy\Downloads\ペンドラー.pkm
2014-02-07 03:33 - 2014-02-07 03:33 - 00000136 _____ () C:\Users\Andy\Downloads\Captain.pkm
2014-02-07 03:27 - 2014-02-07 03:27 - 00000000 ____D () C:\Users\Andy\Pokegen
2014-02-07 02:56 - 2014-02-07 02:56 - 00000136 _____ () C:\Users\Andy\Downloads\Larvesta.pkm
2014-02-04 21:55 - 2014-02-15 13:48 - 00000000 ___HD () C:\Users\Andy\AppData\Local\zxOIcxYCf6QQn
2014-01-30 21:15 - 2014-01-30 21:15 - 00000000 ____D () C:\Users\Andy\Downloads\Danny Brown - Old {2013-Album}
2014-01-30 19:31 - 2014-01-30 19:31 - 00222214 _____ () C:\Users\Andy\Downloads\b31544e958194ac1fdf70e2a6b8dd413.jpeg
2014-01-30 19:31 - 2014-01-30 19:31 - 00187849 _____ () C:\Users\Andy\Downloads\be6a52d92e754c61e69b3da5183b37d9.jpeg
2014-01-29 16:15 - 2014-01-29 16:15 - 00000000 ____D () C:\Users\Andy\Downloads\CoCEd
2014-01-29 13:41 - 2014-01-29 16:24 - 00000000 ____D () C:\Program Files (x86)\Course Vector
2014-01-29 13:41 - 2014-01-29 13:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\com.coursevector.minerva
2014-01-29 01:41 - 2014-01-29 01:41 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2014-01-29 01:39 - 2014-01-29 01:39 - 00000000 ____D () C:\Users\Andy\Documents\Square Enix
2014-01-29 01:36 - 2014-01-29 01:37 - 00000000 ____D () C:\Users\Andy\Documents\Proteus
2014-01-29 01:30 - 2014-01-29 01:30 - 00000000 ____D () C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-01-29 01:28 - 2014-01-29 01:28 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\3909
2014-01-29 01:18 - 2014-01-29 01:32 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-29 01:18 - 2014-01-29 01:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-01-29 01:18 - 2014-01-29 01:18 - 00000000 ____D () C:\Users\Andy\AppData\Local\BIT.TRIP RUNNER
 
==================== One Month Modified Files and Folders =======
 
2014-02-28 10:24 - 2014-02-28 10:24 - 00023222 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-02-28 10:24 - 2014-02-28 10:23 - 00000000 ____D () C:\FRST
2014-02-28 10:23 - 2014-02-28 10:23 - 02155520 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-02-28 10:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-28 09:49 - 2013-12-26 23:29 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 09:47 - 2014-01-07 15:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-28 08:54 - 2013-12-26 23:27 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-282275561-2967082040-2976299687-1001
2014-02-28 08:49 - 2013-12-26 23:30 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-28 08:49 - 2013-12-26 23:29 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 05:39 - 2013-12-30 16:48 - 01833756 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-28 03:30 - 2014-01-09 22:30 - 00000000 ____D () C:\Users\Andy\AppData\Local\PMB Files
2014-02-28 03:30 - 2014-01-09 22:30 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-28 03:14 - 2013-12-30 11:57 - 02422272 ___SH () C:\Users\Andy\Downloads\Thumbs.db
2014-02-28 03:13 - 2013-11-14 02:28 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-28 03:10 - 2013-08-22 09:46 - 00353330 _____ () C:\WINDOWS\setupact.log
2014-02-28 03:09 - 2014-01-16 14:43 - 00000000 ____D () C:\Users\Andy\Downloads\games
2014-02-28 03:04 - 2014-01-03 15:43 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
2014-02-28 02:31 - 2013-12-26 23:22 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61B053C5-5719-4694-9683-F32B3122D7C9}
2014-02-27 23:45 - 2014-01-08 19:52 - 00000132 _____ () C:\Users\Andy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-27 22:09 - 2013-12-30 20:21 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\uTorrent
2014-02-27 22:07 - 2014-02-27 22:06 - 00000000 ____D () C:\Users\Andy\Downloads\Silversun Pickups
2014-02-27 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Users\Andy\Desktop\CoC
2014-02-27 15:45 - 2014-01-07 18:06 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-02-27 00:06 - 2013-12-27 00:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-26 23:17 - 2014-02-26 23:17 - 00000222 _____ () C:\Users\Andy\Desktop\Guns of Icarus Online.url
2014-02-26 13:16 - 2014-01-07 15:16 - 00000000 ____D () C:\Users\Andy\Documents\flashgot
2014-02-25 22:18 - 2014-02-25 22:18 - 00061023 _____ () C:\Users\Andy\Downloads\[kickass.to]microsoft.office.proffesional.plus.2010.corporate.final.full.activated.nogrp.torrent
2014-02-25 22:14 - 2014-02-25 22:13 - 00000000 ____D () C:\Users\Andy\Downloads\Office pro 2010 - x64-x86
2014-02-25 22:12 - 2014-02-25 22:12 - 00014726 _____ () C:\Users\Andy\Downloads\6d79858123735930465cc0ee87ea0683.torrent
2014-02-25 22:00 - 2014-02-25 22:00 - 00688992 _____ (Swearware) C:\Users\Andy\Downloads\dds.com
2014-02-25 19:50 - 2014-01-12 20:03 - 00000022 _____ () C:\Users\Andy\Desktop\call for driver.txt
2014-02-25 02:32 - 2014-02-25 02:25 - 126646597 _____ () C:\Users\Andy\Downloads\Killer Instinct Top 8 RG MCZ Sonic Fox vs Orso - Winter Brawl 8 Tournament.mp4
2014-02-24 14:33 - 2014-02-21 15:23 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (4)
2014-02-24 14:00 - 2014-02-14 16:31 - 00000000 ____D () C:\Users\Andy\Desktop\Games
2014-02-24 13:55 - 2014-02-19 06:24 - 00041984 ___SH () C:\Users\Andy\Desktop\Thumbs.db
2014-02-23 19:59 - 2014-02-23 19:20 - 00000000 ____D () C:\Users\Andy\Downloads\Berserk Dual Audio Complete BD
2014-02-23 19:16 - 2014-01-02 12:31 - 00000000 ____D () C:\Users\Andy\Downloads\New folder
2014-02-23 03:24 - 2014-02-23 03:20 - 00000000 ____D () C:\Users\Andy\Downloads\free style jupiter
2014-02-22 00:17 - 2014-02-21 23:33 - 624042628 _____ () C:\Users\Andy\Downloads\EO2-36.mp4
2014-02-22 00:12 - 2014-02-21 23:34 - 463522367 _____ () C:\Users\Andy\Downloads\EO2-37.mp4
2014-02-21 01:46 - 2014-02-21 00:54 - 236377364 _____ () C:\Users\Andy\Downloads\Peak of Orgasm Compilation.flv
2014-02-20 23:47 - 2014-01-07 15:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 02:05 - 2014-02-20 01:36 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (3)
2014-02-19 08:53 - 2014-02-19 08:53 - 00002545 _____ () C:\Users\Public\Desktop\C.B.R.lnk
2014-02-19 08:53 - 2014-02-19 08:53 - 00000000 ____D () C:\CBR
2014-02-19 07:19 - 2014-02-19 07:18 - 00000000 ____D () C:\Users\Andy\Downloads\mods
2014-02-19 06:53 - 2014-02-09 13:36 - 00000000 ____D () C:\Users\Andy\Downloads\Comics
2014-02-19 06:27 - 2014-02-19 06:27 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Andy\Downloads\tdsskiller.exe
2014-02-19 06:27 - 2014-02-19 06:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-02-19 06:26 - 2014-01-09 03:09 - 00000000 ____D () C:\Users\Andy\Downloads\New folder (2)
2014-02-19 06:26 - 2014-01-09 01:01 - 00000000 ____D () C:\Users\Andy\Downloads\refer
2014-02-19 06:25 - 2013-12-31 15:40 - 00000000 ____D () C:\Users\Andy\Downloads\Digital Tutors - Modeling Hard Surface Curvature in 3ds Max
2014-02-19 06:24 - 2014-02-19 06:24 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-19 06:24 - 2013-10-31 04:41 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-02-19 06:23 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-19 03:32 - 2013-11-14 02:20 - 00010972 _____ () C:\WINDOWS\PFRO.log
2014-02-19 02:28 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-17 15:10 - 2014-02-17 15:10 - 00000008 _____ () C:\Users\Andy\Desktop\cancellation attorney.txt
2014-02-16 18:14 - 2014-01-09 15:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-15 14:47 - 2014-02-09 15:56 - 00000000 ____D () C:\Users\Andy\Desktop\work
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-04 21:55 - 00000000 ___HD () C:\Users\Andy\AppData\Local\zxOIcxYCf6QQn
2014-02-15 13:48 - 2013-09-05 01:44 - 00000000 ___HD () C:\Users\Andy\AppData\Local\mz7OtOJQ7ajJEe
2014-02-15 13:48 - 2012-05-29 07:37 - 00000000 ___HD () C:\Users\Andy\AppData\Local\p7TG34yv4pCF
2014-02-15 13:47 - 2014-02-15 13:47 - 00000000 ____D () C:\Users\Andy\Documents\Adobe
2014-02-15 13:47 - 2013-12-26 23:22 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Adobe
2014-02-15 13:45 - 2014-02-15 13:38 - 00000000 ____D () C:\AdwCleaner
2014-02-15 13:45 - 2013-12-30 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 13:38 - 2014-02-15 13:38 - 01166132 _____ () C:\Users\Andy\Downloads\AdwCleaner.exe
2014-02-15 13:17 - 2014-02-15 13:17 - 05183211 _____ (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-02-15 13:04 - 2013-12-30 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 12:44 - 2014-02-15 12:44 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 02:23 - 2014-02-12 00:04 - 00000000 ____D () C:\Users\Andy\Downloads\Corruption of Champions
2014-02-12 08:44 - 2013-12-26 23:29 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 08:44 - 2013-12-26 23:29 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 01:44 - 2014-02-12 00:41 - 00000000 ____D () C:\Users\Andy\Downloads\supro
2014-02-11 00:48 - 2014-02-11 00:37 - 00000000 ____D () C:\Users\Andy\Downloads\RNG Reporter
2014-02-11 00:38 - 2014-02-11 00:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Yye_Software
2014-02-10 21:53 - 2013-08-22 09:44 - 05111712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-10 02:05 - 2014-02-10 01:08 - 00000000 ____D () C:\Users\Andy\AppData\Local\GOG.com
2014-02-10 01:39 - 2014-02-10 01:39 - 00000000 ____D () C:\GOG Games
2014-02-10 01:07 - 2014-02-10 01:07 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-02-09 19:55 - 2014-02-09 19:55 - 00002177 _____ () C:\Users\Public\Desktop\ProDiscover Basic.lnk
2014-02-09 19:55 - 2014-02-09 19:55 - 00000000 ____D () C:\Program Files (x86)\Technology Pathways
2014-02-09 19:54 - 2014-02-09 19:54 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-02-09 16:37 - 2014-02-09 16:37 - 02547200 _____ () C:\Users\Andy\Downloads\ch09.ppt
2014-02-09 16:37 - 2014-02-09 16:37 - 01370624 _____ () C:\Users\Andy\Downloads\ch07.ppt
2014-02-09 14:45 - 2014-02-09 14:45 - 00032708 _____ () C:\Users\Andy\Downloads\download (1).htm
2014-02-09 14:44 - 2014-02-09 14:44 - 00032728 _____ () C:\Users\Andy\Downloads\download.htm
2014-02-09 14:40 - 2014-02-09 14:40 - 00001281 _____ () C:\Users\Public\Desktop\Hex Workshop Hex Editor (64 bit).lnk
2014-02-09 14:40 - 2014-02-09 14:40 - 00000000 ____D () C:\Program Files\BreakPoint Software
2014-02-09 14:17 - 2014-02-09 14:03 - 00000000 ____D () C:\Users\Andy\Desktop\Forensics disc
2014-02-09 13:48 - 2014-02-09 13:45 - 00000000 ____D () C:\Users\Andy\Downloads\ninjakitty
2014-02-09 13:16 - 2014-02-09 13:13 - 00000000 ____D () C:\Users\Andy\Downloads\phone walpaper
2014-02-08 23:43 - 2014-01-20 16:38 - 00000208 _____ () C:\Users\Andy\Desktop\send docs.txt
2014-02-08 22:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-02-07 03:49 - 2014-02-07 03:49 - 00000136 _____ () C:\Users\Andy\Downloads\Togekiss.pkm
2014-02-07 03:46 - 2014-02-07 03:46 - 00000136 _____ () C:\Users\Andy\Downloads\Shellder.pkm
2014-02-07 03:43 - 2014-02-07 03:43 - 00000136 _____ () C:\Users\Andy\Downloads\Samus.pkm
2014-02-07 03:41 - 2014-02-07 03:41 - 00000136 _____ () C:\Users\Andy\Downloads\ペンドラー.pkm
2014-02-07 03:33 - 2014-02-07 03:33 - 00000136 _____ () C:\Users\Andy\Downloads\Captain.pkm
2014-02-07 03:27 - 2014-02-07 03:27 - 00000000 ____D () C:\Users\Andy\Pokegen
2014-02-07 03:27 - 2013-12-30 16:34 - 00000000 ____D () C:\Users\Andy
2014-02-07 02:56 - 2014-02-07 02:56 - 00000136 _____ () C:\Users\Andy\Downloads\Larvesta.pkm
2014-02-01 01:44 - 2014-01-22 18:48 - 00000770 _____ () C:\Users\Andy\Desktop\andy jobs.txt
2014-01-30 21:15 - 2014-01-30 21:15 - 00000000 ____D () C:\Users\Andy\Downloads\Danny Brown - Old {2013-Album}
2014-01-30 19:31 - 2014-01-30 19:31 - 00222214 _____ () C:\Users\Andy\Downloads\b31544e958194ac1fdf70e2a6b8dd413.jpeg
2014-01-30 19:31 - 2014-01-30 19:31 - 00187849 _____ () C:\Users\Andy\Downloads\be6a52d92e754c61e69b3da5183b37d9.jpeg
2014-01-29 16:24 - 2014-01-29 13:41 - 00000000 ____D () C:\Program Files (x86)\Course Vector
2014-01-29 16:15 - 2014-01-29 16:15 - 00000000 ____D () C:\Users\Andy\Downloads\CoCEd
2014-01-29 13:41 - 2014-01-29 13:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\com.coursevector.minerva
2014-01-29 01:42 - 2013-06-04 18:04 - 00522223 _____ () C:\WINDOWS\DirectX.log
2014-01-29 01:41 - 2014-01-29 01:41 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2014-01-29 01:39 - 2014-01-29 01:39 - 00000000 ____D () C:\Users\Andy\Documents\Square Enix
2014-01-29 01:39 - 2014-01-22 07:29 - 00001982 _____ () C:\Users\Andy\Documents\TombRaider.log
2014-01-29 01:37 - 2014-01-29 01:36 - 00000000 ____D () C:\Users\Andy\Documents\Proteus
2014-01-29 01:32 - 2014-01-29 01:18 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-29 01:32 - 2014-01-29 01:18 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-01-29 01:30 - 2014-01-29 01:30 - 00000000 ____D () C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP
2014-01-29 01:28 - 2014-01-29 01:28 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\3909
2014-01-29 01:26 - 2014-01-21 22:37 - 00000000 ____D () C:\Users\Andy\Documents\Tomb Raider - Legend
2014-01-29 01:26 - 2014-01-21 16:22 - 00000000 ____D () C:\Users\Andy\Documents\Eidos
2014-01-29 01:20 - 2013-12-27 12:21 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Braid
2014-01-29 01:18 - 2014-01-29 01:18 - 00000000 ____D () C:\Users\Andy\AppData\Local\BIT.TRIP RUNNER
2014-01-29 01:18 - 2013-12-28 11:01 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2014-01-29 01:18 - 2013-12-28 11:01 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2014-01-29 01:18 - 2013-12-28 11:01 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2014-01-29 01:18 - 2013-12-28 11:01 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2014-01-29 01:18 - 2013-12-27 02:03 - 00000000 ____D () C:\Users\Andy\Documents\my games
 
Files to move or delete:
====================
C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe
 
 
Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\AcDeltree.exe
C:\Users\Andy\AppData\Local\Temp\AVG.exe
C:\Users\Andy\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe
C:\Users\Andy\AppData\Local\Temp\msvcp100.dll
C:\Users\Andy\AppData\Local\Temp\msvcr100.dll
C:\Users\Andy\AppData\Local\Temp\nss3.dll
C:\Users\Andy\AppData\Local\Temp\ose00000.exe
C:\Users\Andy\AppData\Local\Temp\Quarantine.exe
C:\Users\Andy\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Andy\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Andy\AppData\Local\Temp\vray_adv_24004_max2014_x64.exe
C:\Users\Andy\AppData\Local\Temp\worker.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-26 03:26
 
==================== End Of Log ============================
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Andy at 2014-02-28 10:24:29
Running from C:\Users\Andy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Autodesk 3ds Max 2014 English Documentation (HKLM-x32\...\{2277CDAC-95D8-4A3B-AEE0-E2341E86C2A0}) (Version: 16.0 - Autodesk)
Autodesk 3ds Max Design 2014 (HKLM\...\Autodesk 3ds Max Design 2014) (Version: 16.3.253.0 - Autodesk)
Autodesk 3ds Max Design 2014 (Version: 16.3.253.0 - Autodesk) Hidden
Autodesk 3ds Max Design 2014 64-bit Populate Data (HKLM\...\{2BCAFE22-BE25-4437-815C-54596D630397}) (Version: 1.0.0.1 - Autodesk)
Autodesk 3ds Max Design 2014 SP3 (HKLM\...\Autodesk 3ds Max Design 2014 SP2) (Version: 16.3.253.0 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Civil View for 3ds Max Design 2014 (HKLM-x32\...\{B12531BD-CAB2-49E6-8D37-EEC970B45BA8}) (Version: 2.0.1.0 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max Design 2014 64-bit (HKLM\...\{280881E4-0E3C-40E6-9B76-E05A865551BB}) (Version: 1.1.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max Design 2014 64-bit (HKLM\...\{CBC74B06-FE35-482C-89D6-CE95A0289C06}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.03.29211 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.03.29211 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 UR1 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014 UR1) (Version: 13.03.29211 - Autodesk)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
C309g-m (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CBR (HKLM\...\{A8305DB2-3F6A-43CF-8CE3-EFD3D0F1C352}) (Version: 0.7 - G.Waser)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.5901 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2608 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3919 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5004 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.5004 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6117 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version:  - Rising Star Games)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Divekick (HKLM-x32\...\Steam App 244730) (Version:  - Iron Galaxy Studios)
Doomsday Engine 1.13.2 (HKLM-x32\...\Doomsday Engine_is1) (Version:  - deng Team)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Heretic: Shadow of the Serpent Riders (HKLM-x32\...\Steam App 2390) (Version:  - Raven Software)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hex Workshop v6.7 (HKLM\...\{A47DAFC0-AF57-4462-BD40-B3F02F33CB40}) (Version: 6.7.3.5308 - BreakPoint Software)
HeXen II (HKLM-x32\...\Steam App 9060) (Version:  - Raven Software)
HeXen: Beyond Heretic (HKLM-x32\...\Steam App 2360) (Version:  - Raven Software)
HeXen: Deathkings of the Dark Citadel (HKLM-x32\...\Steam App 2370) (Version:  - Raven Software)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{7F265322-43A2-4C06-925B-F32F938B102C}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{5A1FBC15-2DE2-4B71-809F-33E746908CE4}) (Version: 14.0 - HP)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}) (Version: 1.0.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6454.0 - IDT)
Insanely Twisted Shadow Planet (HKLM-x32\...\Steam App 205730) (Version:  - Shadow Planet Productions)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.7.1002 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - Final Form Games)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Game Long Name (HKLM\...\UDK-db727d4b-9dff-4a5e-b3fe-17537b67c10f) (Version:  - Epic Games, Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 19.0.1326.63 (HKLM-x32\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
Primal Carnage (HKLM-x32\...\Steam App 215470) (Version:  - Lukewarm Media)
ProDiscover Basic 4.8a (HKLM-x32\...\{78BC5838-099A-402E-8868-ED8AA3506F42}) (Version: 4.80.0000 - Technology Pathways LLC)
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - Ed Key and David Kanaga)
PS_AIO_06_C309g-m_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)
Q.U.B.E. (HKLM-x32\...\Steam App 203730) (Version:  - Toxic Games)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21220 - Realtek Semiconductor Corp.)
Rise of the Triad (HKLM-x32\...\Steam App 217140) (Version:  - Interceptor Entertainment)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Serena (HKLM-x32\...\Steam App 272060) (Version:  - Senscape)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM-x32\...\Steam App 225020) (Version:  - Core Design)
Tomb Raider I (HKLM-x32\...\Steam App 224960) (Version:  - Core Design)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM-x32\...\Steam App 225000) (Version:  - Core Design)
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM-x32\...\Steam App 224980) (Version:  - Core Design)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - Redlynx Ltd)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-959088ed-2fab-4cd0-b421-55b8709ca2a3) (Version:  - Epic Games, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
V-Ray 2.40.04  max2014 x64 2.40.04 (HKLM-x32\...\V-Ray 2.40.04  max2014 x64 2.40.04) (Version:  - )
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows 8 Codec Pack 2.0.1 (HKLM-x32\...\Windows 8 - Codec Pack) (Version: 2.0.1 - Windows 8 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wizorb (HKLM-x32\...\Steam App 207420) (Version:  - Tribute Games)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
09-02-2014 19:39:43 Installed Hex Workshop v6.7
18-02-2014 08:21:49 Scheduled Checkpoint
19-02-2014 13:52:45 Installed CBR
28-02-2014 08:59:15 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2013-08-22 08:25 - 2014-01-03 16:59 - 00001100 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {002DDAD0-E4CB-4CD1-9EA4-5A12809FA722} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19218588-8F8C-4023-92A7-B3ADC3554B87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {250DE89F-37AD-4B9B-BB33-52FC5DAE1398} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.)
Task: {2C131EC7-F33B-4695-AAF8-F62482F39958} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E58C352-33E0-4328-B463-31838BB73997} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36D6F6AF-FB8E-42C3-B179-7AFBD3A871E5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BA8D286-5F54-4F5D-B6AD-C0A0E7596F8E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {51D30B3E-5AE8-437B-A219-DD5CCF25E5C4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {628424F9-3A4A-42C1-9203-B8F13200811E} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {755D63F7-432D-43D7-BEEF-1BAB46E00663} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8B3BF4A7-D12A-4F2C-B460-E148BA7EC678} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A218047E-2A8E-43F0-A9D1-6741C26EBE45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-02-15] (Hewlett-Packard)
Task: {B6492408-92B2-431F-B174-3F16B3D31FC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {B9CC1473-E36B-46FA-8D6A-6BBA0A65ACD9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA93F03C-8443-487C-A120-0AFD88D9FE3F} - System32\Tasks\AdobeAAMUpdater-1.0-Behemoth-Andy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {F2C5F6DD-37AE-4B72-9E18-F03C39E01AB0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-13 12:35 - 2013-02-13 12:35 - 00180200 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 12:35 - 2013-02-13 12:35 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-10-27 07:00 - 2013-10-27 07:00 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2013-03-19 16:21 - 2013-03-19 16:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-02-07 11:19 - 2013-02-07 11:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-02-24 19:51 - 2013-02-24 19:51 - 00704520 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2013-02-07 11:19 - 2013-02-07 11:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2013-10-31 04:22 - 2013-02-15 19:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-12-30 15:47 - 2014-02-15 13:04 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-21 17:50 - 2014-02-19 20:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 17:50 - 2014-02-19 20:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-21 17:50 - 2014-02-19 20:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-21 17:50 - 2014-02-19 20:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 17:50 - 2014-02-19 20:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 17:50 - 2014-02-19 20:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-21 17:50 - 2014-02-19 20:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Andy\Local Settings:7nfR4VvUP0hUrm9gNHK1YN
AlternateDataStreams: C:\Users\Andy\AppData\Local:7nfR4VvUP0hUrm9gNHK1YN
AlternateDataStreams: C:\Users\Andy\AppData\Local\Application Data:7nfR4VvUP0hUrm9gNHK1YN
AlternateDataStreams: C:\Users\Andy\AppData\Local\Temporary Internet Files:t78kwgOa2wmLBoK7qMtP1sxa
AlternateDataStreams: C:\Users\Andy\AppData\Local\zxOIcxYCf6QQn:I60oTiZAos1ScuOh0gRaNX
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2014 06:46:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/28/2014 03:41:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/28/2014 03:39:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/28/2014 02:28:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8342672
 
Error: (02/28/2014 02:28:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8342672
 
Error: (02/28/2014 02:28:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/27/2014 11:00:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/27/2014 09:49:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17992937
 
Error: (02/27/2014 09:49:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17992937
 
Error: (02/27/2014 09:49:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (02/28/2014 10:00:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/28/2014 06:47:50 AM) (Source: DCOM) (User: Behemoth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/28/2014 06:47:20 AM) (Source: DCOM) (User: Behemoth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/28/2014 03:40:57 AM) (Source: DCOM) (User: Behemoth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/28/2014 03:40:17 AM) (Source: DCOM) (User: Behemoth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/27/2014 11:00:06 PM) (Source: DCOM) (User: Behemoth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/27/2014 10:59:36 PM) (Source: DCOM) (User: Behemoth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/27/2014 11:01:47 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/26/2014 00:46:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/26/2014 03:27:43 AM) (Source: DCOM) (User: Behemoth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 12063.27 MB
Available physical RAM: 8175.96 MB
Total Pagefile: 14127.27 MB
Available Pagefile: 9192.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:904.97 GB) (Free:315.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.43 GB) (Free:2.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 4C4AAF04)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 28 February 2014 - 10:58 AM

Ok. Now please run the following fix.
Afterwards restart your computer and plug in all your external drives that are infected and tell me what drive letters (e.g. E: and G:) they have been assigned.


Please download this attached Attached File  fixlist.txt   1.06KB   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.
Restart your computer.

#5 PSWII60

PSWII60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 28 February 2014 - 08:10 PM

Fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by Andy at 2014-02-28 20:09:40 Run:1
Running from C:\Users\Andy\Desktop\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(a3LKzbygkUl1) C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe
C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\Run: [tmpF123] - wscript.exe //B "C:\Users\Andy\AppData\Local\Temp\tmpF123.tmp.microsoft.vbs" <===== ATTENTION
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\Run: [e7b93b397c3976f2e9ec654820857a9d] - C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe [367616 2014-02-15] (a3LKzbygkUl1) <===== ATTENTION
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF123.tmp.microsoft.vbs
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7b93b397c3976f2e9ec654820857a9d.exe
C:\Users\Andy\AppData\Local\Temp\tmpF123.tmp.microsoft.vbs
C:\Users\Andy\AppData\Local\Temp\*.exe
C:\Users\Andy\AppData\Local\Temp\*.dll
Folder: C:\Users\Andy\AppData\Roaming\3909
Folder: C:\Users\Andy\AppData\Local\zxOIcxYCf6QQn
Folder: C:\Users\Andy\AppData\Local\mz7OtOJQ7ajJEe
Folder: C:\Users\Andy\AppData\Local\p7TG34yv4pCF
*****************
 
[5164] C:\Windows\System32\wscript.exe => Process closed successfully.
[5252] C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe => Process closed successfully.
C:\Users\Andy\AppData\Local\Temp\IEMonitor.exe => Moved successfully.
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tmpF123 => Value deleted successfully.
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\Software\Microsoft\Windows\CurrentVersion\Run\\e7b93b397c3976f2e9ec654820857a9d => Value deleted successfully.
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF123.tmp.microsoft.vbs => Moved successfully.
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7b93b397c3976f2e9ec654820857a9d.exe => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\tmpF123.tmp.microsoft.vbs => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\*.dll => Moved successfully.
 
========================= Folder: C:\Users\Andy\AppData\Roaming\3909 ========================
 
2014-01-29 01:28 - 2014-01-29 01:29 - 0000000 ____D () C:\Users\Andy\AppData\Roaming\3909\PapersPlease
2014-01-29 01:28 - 2014-01-29 01:28 - 0000560 _____ () C:\Users\Andy\AppData\Roaming\3909\PapersPlease\settings.sav
2014-01-29 01:29 - 2014-01-29 01:29 - 0000040 _____ () C:\Users\Andy\AppData\Roaming\3909\PapersPlease\stats.sav
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Andy\AppData\Local\zxOIcxYCf6QQn ========================
 
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Andy\AppData\Local\mz7OtOJQ7ajJEe ========================
 
2012-12-11 04:47 - 2012-12-11 04:47 - 0000990 ____H () C:\Users\Andy\AppData\Local\mz7OtOJQ7ajJEe\UVpeIvnS6DaM.dl_
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Andy\AppData\Local\p7TG34yv4pCF ========================
 
2013-11-14 16:01 - 2013-11-14 16:01 - 0000914 ____H () C:\Users\Andy\AppData\Local\p7TG34yv4pCF\QMq2vBaTv.in_
 
====== End of Folder: ======
 
 
==== End of Fixlog ====


#6 PSWII60

PSWII60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 28 February 2014 - 08:23 PM

Drives are

G: (an SD Card, I can reformat this in my PSP if that would help)

H: (a flash drive)

 

There is a second flash drive, but I cannot find it, and will likely just toss it rather than reinfect, if I find it.

 

There is my android phone as well, but it does not show up as a drive.  It shows as it's model SCH-S960L.  Doesn't seem infected, but it's connected anyway since it was connected previously.

 

Also is it normal that this boot was roughly triple the length of normal?


Edited by PSWII60, 01 March 2014 - 02:25 AM.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 01 March 2014 - 06:18 AM

All right, let's continue.
You can unplug your Android phone if it is not infected. And there is no need to format any of these cards or sticks, we should be able to get the data back easily.

(I assume that the to drives still have the letters G: and H: now.)


Step 1

Please download this attached Attached File  fixlist.txt   165bytes   3 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 01 March 2014 - 06:19 AM.


#8 PSWII60

PSWII60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 01 March 2014 - 05:42 PM

Yes, they are the same letters still.

 

Fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by Andy at 2014-03-01 17:39:41 Run:2
Running from C:\Users\Andy\Desktop\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CMD: dir /a "G:\"
CMD: dir /a "H:\"
C:\Users\Andy\AppData\Local\zxOIcxYCf6QQn
C:\Users\Andy\AppData\Local\mz7OtOJQ7ajJEe
C:\Users\Andy\AppData\Local\p7TG34yv4pCF
*****************
 
 
=========  dir /a "G:\" =========
 
 Volume in drive G has no label.
 Volume Serial Number is B056-729D
 
 Directory of G:\
 
The parameter is incorrect.
                   0 MEMSTICK.IND
The parameter is incorrect.
??                   0 MSTK_PRO.IND
02/28/2014  10:25 AM    <DIR>          PSP
02/28/2014  10:25 AM    <DIR>          SEPLUGINS
02/28/2014  10:25 AM    <DIR>          ISO
02/28/2014  10:25 AM    <DIR>          MP_ROOT
02/28/2014  10:25 AM    <DIR>          MUSIC
02/28/2014  10:25 AM    <DIR>          PICTURE
02/28/2014  10:25 AM    <DIR>          VIDEO
02/10/2012  12:49 AM           145,120 vshorig.prx
06/06/2013  01:05 AM               296 WMPInfo.xml
02/28/2014  08:13 PM    <DIR>          System Volume Information
               4 File(s)        145,416 bytes
               8 Dir(s)  23,060,119,552 bytes free
 
========= End of CMD: =========
 
 
=========  dir /a "H:\" =========
 
 Volume in drive H is STORE N GO
 Volume Serial Number is 488A-D384
 
 Directory of H:\
 
01/26/2014  08:32 PM         1,074,190 tmpF123.tmp.microsoft.vbs
02/24/2014  01:52 PM    <DIR>          System Volume Information
01/31/2014  12:31 PM       176,967,680 totally spies 113 incredible shrinking world [dummy].avi
02/24/2014  01:57 PM               880 totally spies 113 incredible shrinking world [dummy].lnk
02/24/2014  01:55 PM    <DIR>          New folder (5)
               3 File(s)    178,042,750 bytes
               2 Dir(s)  15,145,484,288 bytes free
 
========= End of CMD: =========
 
C:\Users\Andy\AppData\Local\zxOIcxYCf6QQn => Moved successfully.
C:\Users\Andy\AppData\Local\mz7OtOJQ7ajJEe => Moved successfully.
C:\Users\Andy\AppData\Local\p7TG34yv4pCF => Moved successfully.
 
==== End of Fixlog ====
 
 
 
 
FRST
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Andy (administrator) on BEHEMOTH on 01-03-2014 17:40:40
Running from C:\Users\Andy\Desktop\frst
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11585408 2012-11-16] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-282275561-2967082040-2976299687-1001\...\MountPoints2: F - "F:\Setup.exe" 
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: No Name - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\staged [2014-02-27]
FF Extension: ChatZilla - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-12-30]
FF Extension: FlashGot - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-12-30]
FF Extension: NoScript - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vmto0ace.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-01-03]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-26]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-26]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-26]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-26]
CHR Extension: (Tampermonkey) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-26]
CHR Extension: (Website Logon) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-12-26]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-26]
CHR Extension: (RSS Feed Reader) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2013-12-26]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) =================
 
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2013-10-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-30] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3346912 2013-10-31] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [450632 2013-02-22] (RTS Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-30] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-02-28] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-28 21:44 - 2014-02-28 21:44 - 00062428 _____ () C:\Users\Andy\Downloads\renderpic.aspx
2014-02-28 20:15 - 2014-02-28 20:15 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-28 15:33 - 2014-03-01 17:40 - 00000000 ____D () C:\Users\Andy\Desktop\frst
2014-02-28 12:34 - 2014-02-28 19:55 - 00000049 _____ () C:\Users\Andy\Desktop\call.txt
2014-02-28 10:23 - 2014-03-01 17:39 - 00000000 ____D () C:\FRST
2014-02-27 22:06 - 2014-02-27 22:07 - 00000000 ____D () C:\Users\Andy\Downloads\Silversun Pickups
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Users\Andy\Desktop\CoC
2014-02-25 22:13 - 2014-02-25 22:14 - 00000000 ____D () C:\Users\Andy\Downloads\Office pro 2010 - x64-x86
2014-02-25 22:00 - 2014-02-25 22:00 - 00688992 _____ (Swearware) C:\Users\Andy\Downloads\dds.com
2014-02-25 02:25 - 2014-02-25 02:32 - 126646597 _____ () C:\Users\Andy\Downloads\Killer Instinct Top 8 RG MCZ Sonic Fox vs Orso - Winter Brawl 8 Tournament.mp4
2014-02-23 19:20 - 2014-02-23 19:59 - 00000000 ____D () C:\Users\Andy\Downloads\Berserk Dual Audio Complete BD
2014-02-23 03:20 - 2014-02-23 03:24 - 00000000 ____D () C:\Users\Andy\Downloads\free style jupiter
2014-02-21 23:34 - 2014-02-22 00:12 - 463522367 _____ () C:\Users\Andy\Downloads\EO2-37.mp4
2014-02-21 23:33 - 2014-02-22 00:17 - 624042628 _____ () C:\Users\Andy\Downloads\EO2-36.mp4
2014-02-21 15:23 - 2014-02-24 14:33 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (4)
2014-02-20 01:36 - 2014-02-20 02:05 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (3)
2014-02-19 08:53 - 2014-02-19 08:53 - 00002545 _____ () C:\Users\Public\Desktop\C.B.R.lnk
2014-02-19 08:53 - 2014-02-19 08:53 - 00000000 ____D () C:\CBR
2014-02-19 07:18 - 2014-02-19 07:19 - 00000000 ____D () C:\Users\Andy\Downloads\mods
2014-02-19 06:27 - 2014-02-19 06:27 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Andy\Downloads\tdsskiller.exe
2014-02-19 06:27 - 2014-02-19 06:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-02-19 06:24 - 2014-02-24 13:55 - 00041984 ___SH () C:\Users\Andy\Desktop\Thumbs.db
2014-02-17 15:10 - 2014-02-17 15:10 - 00000008 _____ () C:\Users\Andy\Desktop\cancellation attorney.txt
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-02-15 13:47 - 2014-02-15 13:47 - 00000000 ____D () C:\Users\Andy\Documents\Adobe
2014-02-15 13:38 - 2014-02-15 13:45 - 00000000 ____D () C:\AdwCleaner
2014-02-15 13:38 - 2014-02-15 13:38 - 01166132 _____ () C:\Users\Andy\Downloads\AdwCleaner.exe
2014-02-15 13:17 - 2014-02-15 13:17 - 05183211 _____ (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-02-15 12:44 - 2014-02-15 12:44 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-15 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-14 16:31 - 2014-02-28 10:46 - 00000000 ____D () C:\Users\Andy\Desktop\Games
2014-02-12 00:41 - 2014-02-12 01:44 - 00000000 ____D () C:\Users\Andy\Downloads\supro
2014-02-12 00:04 - 2014-02-13 02:23 - 00000000 ____D () C:\Users\Andy\Downloads\Corruption of Champions
2014-02-11 00:38 - 2014-02-11 00:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Yye_Software
2014-02-11 00:37 - 2014-02-11 00:48 - 00000000 ____D () C:\Users\Andy\Downloads\RNG Reporter
2014-02-10 01:39 - 2014-02-10 01:39 - 00000000 ____D () C:\GOG Games
2014-02-10 01:08 - 2014-02-10 02:05 - 00000000 ____D () C:\Users\Andy\AppData\Local\GOG.com
2014-02-10 01:07 - 2014-02-10 01:07 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-02-09 19:55 - 2014-02-09 19:55 - 00002177 _____ () C:\Users\Public\Desktop\ProDiscover Basic.lnk
2014-02-09 19:55 - 2014-02-09 19:55 - 00000000 ____D () C:\Program Files (x86)\Technology Pathways
2014-02-09 19:54 - 2014-02-09 19:54 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-02-09 16:37 - 2014-02-09 16:37 - 02547200 _____ () C:\Users\Andy\Downloads\ch09.ppt
2014-02-09 16:37 - 2014-02-09 16:37 - 01370624 _____ () C:\Users\Andy\Downloads\ch07.ppt
2014-02-09 15:56 - 2014-02-15 14:47 - 00000000 ____D () C:\Users\Andy\Desktop\work
2014-02-09 14:45 - 2014-02-09 14:45 - 00032708 _____ () C:\Users\Andy\Downloads\download (1).htm
2014-02-09 14:44 - 2014-02-09 14:44 - 00032728 _____ () C:\Users\Andy\Downloads\download.htm
2014-02-09 14:40 - 2014-02-09 14:40 - 00001281 _____ () C:\Users\Public\Desktop\Hex Workshop Hex Editor (64 bit).lnk
2014-02-09 14:40 - 2014-02-09 14:40 - 00000000 ____D () C:\Program Files\BreakPoint Software
2014-02-09 14:03 - 2014-02-09 14:17 - 00000000 ____D () C:\Users\Andy\Desktop\Forensics disc
2014-02-09 13:45 - 2014-02-09 13:48 - 00000000 ____D () C:\Users\Andy\Downloads\ninjakitty
2014-02-09 13:36 - 2014-02-19 06:53 - 00000000 ____D () C:\Users\Andy\Downloads\Comics
2014-02-09 13:13 - 2014-02-09 13:16 - 00000000 ____D () C:\Users\Andy\Downloads\phone walpaper
2014-02-07 03:49 - 2014-02-07 03:49 - 00000136 _____ () C:\Users\Andy\Downloads\Togekiss.pkm
2014-02-07 03:46 - 2014-02-07 03:46 - 00000136 _____ () C:\Users\Andy\Downloads\Shellder.pkm
2014-02-07 03:43 - 2014-02-07 03:43 - 00000136 _____ () C:\Users\Andy\Downloads\Samus.pkm
2014-02-07 03:41 - 2014-02-07 03:41 - 00000136 _____ () C:\Users\Andy\Downloads\ペンドラー.pkm
2014-02-07 03:33 - 2014-02-07 03:33 - 00000136 _____ () C:\Users\Andy\Downloads\Captain.pkm
2014-02-07 03:27 - 2014-02-07 03:27 - 00000000 ____D () C:\Users\Andy\Pokegen
2014-02-07 02:56 - 2014-02-07 02:56 - 00000136 _____ () C:\Users\Andy\Downloads\Larvesta.pkm
2014-01-30 21:15 - 2014-01-30 21:15 - 00000000 ____D () C:\Users\Andy\Downloads\Danny Brown - Old {2013-Album}
2014-01-30 19:31 - 2014-01-30 19:31 - 00222214 _____ () C:\Users\Andy\Downloads\b31544e958194ac1fdf70e2a6b8dd413.jpeg
2014-01-30 19:31 - 2014-01-30 19:31 - 00187849 _____ () C:\Users\Andy\Downloads\be6a52d92e754c61e69b3da5183b37d9.jpeg
 
==================== One Month Modified Files and Folders =======
 
2014-03-01 17:40 - 2014-02-28 15:33 - 00000000 ____D () C:\Users\Andy\Desktop\frst
2014-03-01 17:40 - 2014-02-28 10:23 - 00000000 ____D () C:\FRST
2014-03-01 17:39 - 2013-12-26 23:22 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61B053C5-5719-4694-9683-F32B3122D7C9}
2014-03-01 17:36 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-01 02:39 - 2014-01-07 15:16 - 00000000 ____D () C:\Users\Andy\Documents\flashgot
2014-03-01 02:00 - 2014-01-03 15:43 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
2014-03-01 01:49 - 2013-12-26 23:29 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 01:47 - 2014-01-07 15:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-28 21:50 - 2013-12-30 11:57 - 02870272 ___SH () C:\Users\Andy\Downloads\Thumbs.db
2014-02-28 21:44 - 2014-02-28 21:44 - 00062428 _____ () C:\Users\Andy\Downloads\renderpic.aspx
2014-02-28 20:28 - 2013-12-26 23:27 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-282275561-2967082040-2976299687-1001
2014-02-28 20:19 - 2013-12-30 16:48 - 01861327 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-28 20:19 - 2013-12-26 23:30 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-28 20:19 - 2013-11-14 02:28 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-28 20:15 - 2014-02-28 20:15 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-02-28 20:15 - 2013-12-26 23:29 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 20:15 - 2013-10-31 04:41 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-02-28 20:15 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-28 20:14 - 2013-11-14 02:20 - 00011306 _____ () C:\WINDOWS\PFRO.log
2014-02-28 20:14 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-28 20:13 - 2013-08-22 09:46 - 00354124 _____ () C:\WINDOWS\setupact.log
2014-02-28 20:09 - 2013-12-26 23:22 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-28 19:55 - 2014-02-28 12:34 - 00000049 _____ () C:\Users\Andy\Desktop\call.txt
2014-02-28 19:54 - 2014-01-02 12:31 - 00000000 ____D () C:\Users\Andy\Downloads\New folder
2014-02-28 15:03 - 2013-12-27 00:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-28 10:46 - 2014-02-14 16:31 - 00000000 ____D () C:\Users\Andy\Desktop\Games
2014-02-28 03:30 - 2014-01-09 22:30 - 00000000 ____D () C:\Users\Andy\AppData\Local\PMB Files
2014-02-28 03:30 - 2014-01-09 22:30 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-28 03:09 - 2014-01-16 14:43 - 00000000 ____D () C:\Users\Andy\Downloads\games
2014-02-27 23:45 - 2014-01-08 19:52 - 00000132 _____ () C:\Users\Andy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-27 22:09 - 2013-12-30 20:21 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\uTorrent
2014-02-27 22:07 - 2014-02-27 22:06 - 00000000 ____D () C:\Users\Andy\Downloads\Silversun Pickups
2014-02-27 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Users\Andy\Desktop\CoC
2014-02-27 15:45 - 2014-01-07 18:06 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-02-25 22:14 - 2014-02-25 22:13 - 00000000 ____D () C:\Users\Andy\Downloads\Office pro 2010 - x64-x86
2014-02-25 22:00 - 2014-02-25 22:00 - 00688992 _____ (Swearware) C:\Users\Andy\Downloads\dds.com
2014-02-25 19:50 - 2014-01-12 20:03 - 00000022 _____ () C:\Users\Andy\Desktop\call for driver.txt
2014-02-25 02:32 - 2014-02-25 02:25 - 126646597 _____ () C:\Users\Andy\Downloads\Killer Instinct Top 8 RG MCZ Sonic Fox vs Orso - Winter Brawl 8 Tournament.mp4
2014-02-24 14:33 - 2014-02-21 15:23 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (4)
2014-02-24 13:55 - 2014-02-19 06:24 - 00041984 ___SH () C:\Users\Andy\Desktop\Thumbs.db
2014-02-23 19:59 - 2014-02-23 19:20 - 00000000 ____D () C:\Users\Andy\Downloads\Berserk Dual Audio Complete BD
2014-02-23 03:24 - 2014-02-23 03:20 - 00000000 ____D () C:\Users\Andy\Downloads\free style jupiter
2014-02-22 00:17 - 2014-02-21 23:33 - 624042628 _____ () C:\Users\Andy\Downloads\EO2-36.mp4
2014-02-22 00:12 - 2014-02-21 23:34 - 463522367 _____ () C:\Users\Andy\Downloads\EO2-37.mp4
2014-02-20 23:47 - 2014-01-07 15:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 02:05 - 2014-02-20 01:36 - 00000000 ____D () C:\Users\Andy\Desktop\New folder (3)
2014-02-19 08:53 - 2014-02-19 08:53 - 00002545 _____ () C:\Users\Public\Desktop\C.B.R.lnk
2014-02-19 08:53 - 2014-02-19 08:53 - 00000000 ____D () C:\CBR
2014-02-19 07:19 - 2014-02-19 07:18 - 00000000 ____D () C:\Users\Andy\Downloads\mods
2014-02-19 06:53 - 2014-02-09 13:36 - 00000000 ____D () C:\Users\Andy\Downloads\Comics
2014-02-19 06:27 - 2014-02-19 06:27 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Andy\Downloads\tdsskiller.exe
2014-02-19 06:27 - 2014-02-19 06:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-02-19 06:26 - 2014-01-09 03:09 - 00000000 ____D () C:\Users\Andy\Downloads\New folder (2)
2014-02-19 06:26 - 2014-01-09 01:01 - 00000000 ____D () C:\Users\Andy\Downloads\refer
2014-02-19 06:25 - 2013-12-31 15:40 - 00000000 ____D () C:\Users\Andy\Downloads\Digital Tutors - Modeling Hard Surface Curvature in 3ds Max
2014-02-17 15:10 - 2014-02-17 15:10 - 00000008 _____ () C:\Users\Andy\Desktop\cancellation attorney.txt
2014-02-16 18:14 - 2014-01-09 15:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-15 14:47 - 2014-02-09 15:56 - 00000000 ____D () C:\Users\Andy\Desktop\work
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\PACE Anti-Piracy
2014-02-15 13:48 - 2014-02-15 13:48 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-02-15 13:47 - 2014-02-15 13:47 - 00000000 ____D () C:\Users\Andy\Documents\Adobe
2014-02-15 13:47 - 2013-12-26 23:22 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Adobe
2014-02-15 13:45 - 2014-02-15 13:38 - 00000000 ____D () C:\AdwCleaner
2014-02-15 13:45 - 2013-12-30 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 13:38 - 2014-02-15 13:38 - 01166132 _____ () C:\Users\Andy\Downloads\AdwCleaner.exe
2014-02-15 13:17 - 2014-02-15 13:17 - 05183211 _____ (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-02-15 13:04 - 2013-12-30 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 12:44 - 2014-02-15 12:44 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 12:43 - 2014-02-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 02:23 - 2014-02-12 00:04 - 00000000 ____D () C:\Users\Andy\Downloads\Corruption of Champions
2014-02-12 08:44 - 2013-12-26 23:29 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 08:44 - 2013-12-26 23:29 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 01:44 - 2014-02-12 00:41 - 00000000 ____D () C:\Users\Andy\Downloads\supro
2014-02-11 00:48 - 2014-02-11 00:37 - 00000000 ____D () C:\Users\Andy\Downloads\RNG Reporter
2014-02-11 00:38 - 2014-02-11 00:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Yye_Software
2014-02-10 21:53 - 2013-08-22 09:44 - 05111712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-10 02:05 - 2014-02-10 01:08 - 00000000 ____D () C:\Users\Andy\AppData\Local\GOG.com
2014-02-10 01:39 - 2014-02-10 01:39 - 00000000 ____D () C:\GOG Games
2014-02-10 01:07 - 2014-02-10 01:07 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-02-09 19:55 - 2014-02-09 19:55 - 00002177 _____ () C:\Users\Public\Desktop\ProDiscover Basic.lnk
2014-02-09 19:55 - 2014-02-09 19:55 - 00000000 ____D () C:\Program Files (x86)\Technology Pathways
2014-02-09 19:54 - 2014-02-09 19:54 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-02-09 16:37 - 2014-02-09 16:37 - 02547200 _____ () C:\Users\Andy\Downloads\ch09.ppt
2014-02-09 16:37 - 2014-02-09 16:37 - 01370624 _____ () C:\Users\Andy\Downloads\ch07.ppt
2014-02-09 14:45 - 2014-02-09 14:45 - 00032708 _____ () C:\Users\Andy\Downloads\download (1).htm
2014-02-09 14:44 - 2014-02-09 14:44 - 00032728 _____ () C:\Users\Andy\Downloads\download.htm
2014-02-09 14:40 - 2014-02-09 14:40 - 00001281 _____ () C:\Users\Public\Desktop\Hex Workshop Hex Editor (64 bit).lnk
2014-02-09 14:40 - 2014-02-09 14:40 - 00000000 ____D () C:\Program Files\BreakPoint Software
2014-02-09 14:17 - 2014-02-09 14:03 - 00000000 ____D () C:\Users\Andy\Desktop\Forensics disc
2014-02-09 13:48 - 2014-02-09 13:45 - 00000000 ____D () C:\Users\Andy\Downloads\ninjakitty
2014-02-09 13:16 - 2014-02-09 13:13 - 00000000 ____D () C:\Users\Andy\Downloads\phone walpaper
2014-02-08 23:43 - 2014-01-20 16:38 - 00000208 _____ () C:\Users\Andy\Desktop\send docs.txt
2014-02-08 22:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-02-07 03:49 - 2014-02-07 03:49 - 00000136 _____ () C:\Users\Andy\Downloads\Togekiss.pkm
2014-02-07 03:46 - 2014-02-07 03:46 - 00000136 _____ () C:\Users\Andy\Downloads\Shellder.pkm
2014-02-07 03:43 - 2014-02-07 03:43 - 00000136 _____ () C:\Users\Andy\Downloads\Samus.pkm
2014-02-07 03:41 - 2014-02-07 03:41 - 00000136 _____ () C:\Users\Andy\Downloads\ペンドラー.pkm
2014-02-07 03:33 - 2014-02-07 03:33 - 00000136 _____ () C:\Users\Andy\Downloads\Captain.pkm
2014-02-07 03:27 - 2014-02-07 03:27 - 00000000 ____D () C:\Users\Andy\Pokegen
2014-02-07 03:27 - 2013-12-30 16:34 - 00000000 ____D () C:\Users\Andy
2014-02-07 02:56 - 2014-02-07 02:56 - 00000136 _____ () C:\Users\Andy\Downloads\Larvesta.pkm
2014-02-01 01:44 - 2014-01-22 18:48 - 00000770 _____ () C:\Users\Andy\Desktop\andy jobs.txt
2014-01-30 21:15 - 2014-01-30 21:15 - 00000000 ____D () C:\Users\Andy\Downloads\Danny Brown - Old {2013-Album}
2014-01-30 19:31 - 2014-01-30 19:31 - 00222214 _____ () C:\Users\Andy\Downloads\b31544e958194ac1fdf70e2a6b8dd413.jpeg
2014-01-30 19:31 - 2014-01-30 19:31 - 00187849 _____ () C:\Users\Andy\Downloads\be6a52d92e754c61e69b3da5183b37d9.jpeg
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-26 03:26
 
==================== End Of Log ============================
 
 
Sorry for the late replies, I had to work yesterday and today.  


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 02 March 2014 - 06:08 AM

Great! How are the external drives after step 1? Are they back to normal?


Step 1

Please download this attached Attached File  fixlist.txt   92bytes   3 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#10 PSWII60

PSWII60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 03 March 2014 - 12:56 AM

Yeah, the flash drive work great!
 
 
Fixlog
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 01
Ran by Andy at 2014-03-02 10:24:19 Run:3
Running from C:\Users\Andy\Desktop\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
G:\*.vbs
G:\*.lnk
attrib -h -s "G:\*" /s /d
H:\*.vbs
H:\*.lnk
attrib -h -s "H:\*" /s /d
*****************
 
"G:\*.vbs" => File/Directory not found.
"G:\*.lnk" => File/Directory not found.
H:\*.vbs => Moved successfully.
H:\*.lnk => Moved successfully.
 
==== End of Fixlog ====
 
 
 
ESET Log
 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=df074c4128d82745ab4b9755b6527958
# engine=17289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-03 04:26:29
# local_time=2014-03-02 11:26:29 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 4176301 15732891 0 0
# scanned=430139
# found=9
# cleaned=0
# scan_time=13429
sh=ECA52CA5E70DFF2BCD988EB97F3C71E8D779807B ft=1 fh=af7cc5c97ad7ee4d vn="a variant of MSIL/Injector.CKC trojan" ac=I fn="C:\FRST\Quarantine\e7b93b397c3976f2e9ec654820857a9d.exe28-02-2014_20-09-41"
sh=ECA52CA5E70DFF2BCD988EB97F3C71E8D779807B ft=1 fh=af7cc5c97ad7ee4d vn="a variant of MSIL/Injector.CKC trojan" ac=I fn="C:\FRST\Quarantine\IEMonitor.exe28-02-2014_20-09-41"
sh=175163C6EC627EE01593EF00BBF729206F0F743C ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\totally spies 113 incredible shrinking world [dummy].lnk02-03-2014_10-24-20"
sh=5C007858252B29A57FA8FE7E5F7224852AF18B77 ft=1 fh=d36126c300105e81 vn="a variant of MSIL/DomaIQ.J potentially unwanted application" ac=I fn="C:\FRST\Quarantine\worker.exe28-02-2014_20-09-42"
sh=EBA58D2F824FA927644BD1682FA45625E7D68677 ft=1 fh=4b1cb1e4f8fec7ba vn="a variant of Win32/Injector.XFZ trojan" ac=I fn="C:\Users\Andy\Downloads\games\Monster Girl Quest Adult Game\Setup.exe"
sh=5132A8BB97D203B6AAC0B41B8B91298FF5A813EB ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Users\Andy\Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso"
sh=FE98E1F22458B9FCA1BA558E035D89620127D4F6 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="C:\Users\Andy\Downloads\Programs\Autodesk_Mudbox_2014_English_Win_64bit_dlm.iso"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Keygen.HA potentially unsafe application" ac=I fn="C:\Users\Andy\Downloads\Programs\ADOBE.CREATIVE.SUITE.6.0.MASTER.COLLECTION.LS16.ESD-ISO\MCCS6LS16.iso"
sh=BC7F6756E76FAF672ED4C176B2DFC2CEDE7DC8CA ft=1 fh=894a45bc0255cd5b vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="C:\Users\Andy\Downloads\Programs\Autodesk 3ds Max Design 2014 SP3 Win64\Crack\xf-adsk64.exe"
 
 
So should I just delete the found files then?
 
Also I found the other flash drive that was infected, I'm assuming it's best to just toss it at this point?  I'd really rather not risk a reinfection, or take advantage of the assistance.

Edited by PSWII60, 03 March 2014 - 12:59 AM.


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 03 March 2014 - 05:33 AM

This is good to hear!
You can delete all found files (execpt the ones in C:\FRST\Quarantine; they are already taken care of). But there is no more active malware.

There is no need to toss the other flash drive. We can disinfect it easily. Just don't open any of the shortcuts on it.
Please plug in that flash drive an tell me its drive letter.

#12 PSWII60

PSWII60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 03 March 2014 - 08:17 AM

This one is drive G, The other drives were safe to remove at this point right?  They seemed fine.



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 03 March 2014 - 09:35 AM

Yes, the others were safe to remove.


Please download this attached Attached File  fixlist.txt   17bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.


#14 PSWII60

PSWII60
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 03 March 2014 - 10:38 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 01
Ran by Andy at 2014-03-03 10:37:18 Run:6
Running from C:\Users\Andy\Desktop\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CMD: dir /a "G:\"
*****************
 
 
=========  dir /a "G:\" =========
 
 Volume in drive G is STORE N GO
 Volume Serial Number is 7697-A959
 
 Directory of G:\
 
01/27/2014  12:24 PM    <DIR>          System Volume Information
01/26/2014  08:32 PM         1,074,190 tmpF123.tmp.microsoft.vbs
               1 File(s)      1,074,190 bytes
               1 Dir(s)  32,000,344,064 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog ====


#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 03 March 2014 - 12:33 PM

Great. Now we take care of the last flash drive and then we're done!


Step 1

Please download this attached Attached File  fixlist.txt   50bytes   3 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I dont' need to see the log.

 

 

 

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users