Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SoftwareProtection.exe


  • This topic is locked This topic is locked
8 replies to this topic

#1 shadoze

shadoze

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 04 March 2014 - 09:34 AM

I noticed this got installed somehow and tried to uninstall but am not sure if i am fully rid of it. Wonder if anything else was installed un-noticed?



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 04 March 2014 - 09:49 AM

Hello,
 
let's find out with a FRST scan then:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 shadoze

shadoze
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 04 March 2014 - 11:40 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014 02
Ran by user1 (administrator) on KEVIN on 04-03-2014 20:38:30
Running from C:\Users\user1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(RAIDCALL.COM) C:\Program Files (x86)\RaidCall\raidcall.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2014-01-16] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-11] (AVAST Software)
HKU\S-1-5-21-2458756720-2035447187-2057280441-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2458756720-2035447187-2057280441-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB3AE0E7436E6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=599486&fr=spigot-yhp-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3C4DA1A8-A811-49D1-992F-ECAAFC490839} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
SearchScopes: HKCU - {3C4DA1A8-A811-49D1-992F-ECAAFC490839} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\2q4aezfz.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF Homepage: hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\user1\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user1\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user1\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF SearchPlugin: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\2q4aezfz.default\searchplugins\yahoo_ff.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-11]
 
Chrome: 
=======
CHR HomePage: hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultNewTabURL: 
CHR Extension: (Adblock Plus) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-21]
CHR Extension: (avast! Online Security) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-12]
CHR Extension: (Skype Click to Call) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-21]
CHR Extension: (Totoro Rainy Day) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2014-02-21]
CHR Extension: (facemoji - Stickers for Facebook Chat) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehbdflnjkigggmglekojmmilmkhmale [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\user1\AppData\Local\Temp\crx25DA.tmp [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR StartMenuInternet: Google Chrome - C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-11] (AVAST Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-11] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-11] ()
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-10-24] (Razer USA Ltd)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-14] (Razer Inc)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-10-24] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TBPanel; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\user1\AppData\Local\Temp\GPU-Z.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-04 20:38 - 2014-03-04 20:38 - 00013966 _____ () C:\Users\user1\Desktop\FRST.txt
2014-03-04 20:38 - 2014-03-04 20:38 - 00000000 ____D () C:\FRST
2014-03-04 20:35 - 2014-03-04 20:36 - 02156544 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2014-03-04 10:54 - 2014-03-04 11:53 - 109306724 _____ () C:\Users\user1\Downloads\FLLTBSVRCKNRL13.zip
2014-03-01 16:17 - 2014-03-01 16:27 - 44045861 _____ () C:\Users\user1\Downloads\Yume no Hajimarinrin.zip
2014-02-25 10:29 - 2014-02-25 10:29 - 01639000 _____ (techPowerUp (www.techpowerup.com)) C:\Users\user1\Documents\GPU-Z.0.7.7.exe
2014-02-22 10:33 - 2014-02-22 10:33 - 00000760 _____ () C:\DelFix.txt
2014-02-21 18:09 - 2014-02-21 18:09 - 00000000 ____D () C:\Users\user1\Downloads\backups
2014-02-21 13:35 - 2014-03-04 05:50 - 00000896 _____ () C:\Windows\setupact.log
2014-02-21 13:35 - 2014-02-21 13:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-21 13:34 - 2014-03-04 05:50 - 00002502 _____ () C:\Windows\PFRO.log
2014-02-21 12:24 - 2014-02-21 12:24 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-21 12:24 - 2014-02-21 12:24 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-21 12:24 - 2014-02-21 12:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-21 12:20 - 2014-02-21 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-21 12:20 - 2014-02-21 12:20 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-21 12:20 - 2014-02-21 12:20 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-21 12:20 - 2014-02-21 12:20 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-21 12:20 - 2014-02-21 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-21 12:16 - 2014-02-21 12:16 - 00921000 _____ (Oracle Corporation) C:\Users\user1\Documents\chromeinstall-7u51.exe
2014-02-21 12:09 - 2014-02-21 12:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-21 12:08 - 2014-02-21 12:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user1\Documents\revosetup.exe
2014-02-19 11:11 - 2014-02-19 11:11 - 00118149 _____ () C:\Users\user1\Documents\wmpChrome.crx
2014-02-19 09:56 - 2014-02-22 10:31 - 00000000 ____D () C:\Windows\erdnt
2014-02-19 08:11 - 2014-02-22 10:33 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 11:09 - 2014-02-18 11:10 - 00025902 _____ () C:\Users\user1\Documents\Addition.txt
2014-02-18 11:07 - 2014-02-18 11:10 - 00027182 _____ () C:\Users\user1\Documents\FRST.txt
2014-02-17 14:53 - 2014-02-17 14:54 - 00009795 _____ () C:\Users\user1\Documents\hijackthis.log
2014-02-12 14:50 - 2014-02-12 14:51 - 14188912 _____ (Razer Inc.) C:\Users\user1\Documents\Razer_Synapse_Framework_V1.16.06.18562.exe
2014-02-12 14:42 - 2014-02-12 14:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-02-11 04:21 - 2014-02-11 04:26 - 12952805 _____ () C:\Users\user1\Downloads\289-jwwbooth.flv
2014-02-10 10:41 - 2014-02-10 10:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-10 10:41 - 2014-02-10 10:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-10 10:40 - 2014-02-10 10:41 - 00118149 _____ () C:\Users\user1\Downloads\wmpChrome.crx
2014-02-06 20:17 - 2014-02-06 20:17 - 00005846 _____ () C:\Users\user1\Documents\audioclip-1391746620270-1396.mp4
2014-02-02 12:34 - 2014-02-02 12:34 - 00000000 ____D () C:\Users\user1\AppData\Local\Mumble
 
==================== One Month Modified Files and Folders =======
 
2014-03-04 20:38 - 2014-03-04 20:38 - 00013966 _____ () C:\Users\user1\Desktop\FRST.txt
2014-03-04 20:38 - 2014-03-04 20:38 - 00000000 ____D () C:\FRST
2014-03-04 20:37 - 2011-11-01 16:18 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000UA.job
2014-03-04 20:36 - 2014-03-04 20:35 - 02156544 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2014-03-04 20:35 - 2011-11-01 19:52 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Skype
2014-03-04 14:36 - 2011-10-29 12:37 - 01726257 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 11:53 - 2014-03-04 10:54 - 109306724 _____ () C:\Users\user1\Downloads\FLLTBSVRCKNRL13.zip
2014-03-04 07:36 - 2013-10-31 00:23 - 00000000 ____D () C:\Users\user1\New folder
2014-03-04 06:37 - 2011-11-01 16:18 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000Core.job
2014-03-04 05:58 - 2009-07-13 20:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 05:58 - 2009-07-13 20:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 05:51 - 2013-11-11 15:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-04 05:50 - 2014-02-21 13:35 - 00000896 _____ () C:\Windows\setupact.log
2014-03-04 05:50 - 2014-02-21 13:34 - 00002502 _____ () C:\Windows\PFRO.log
2014-03-04 05:50 - 2011-10-29 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-04 05:50 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 02:42 - 2011-11-01 16:19 - 00002365 _____ () C:\Users\user1\Desktop\Google Chrome.lnk
2014-03-01 16:27 - 2014-03-01 16:17 - 44045861 _____ () C:\Users\user1\Downloads\Yume no Hajimarinrin.zip
2014-03-01 04:54 - 2013-12-30 17:54 - 00000000 ____D () C:\Users\user1\AppData\Roaming\uTorrent
2014-02-27 20:35 - 2011-11-01 16:31 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Mumble
2014-02-25 10:29 - 2014-02-25 10:29 - 01639000 _____ (techPowerUp (www.techpowerup.com)) C:\Users\user1\Documents\GPU-Z.0.7.7.exe
2014-02-22 10:33 - 2014-02-22 10:33 - 00000760 _____ () C:\DelFix.txt
2014-02-22 10:33 - 2014-02-19 08:11 - 00000000 ____D () C:\Windows\ERUNT
2014-02-22 10:31 - 2014-02-19 09:56 - 00000000 ____D () C:\Windows\erdnt
2014-02-21 19:53 - 2012-04-27 08:00 - 00000000 ____D () C:\Users\user1\AppData\Roaming\vlc
2014-02-21 18:09 - 2014-02-21 18:09 - 00000000 ____D () C:\Users\user1\Downloads\backups
2014-02-21 14:16 - 2011-11-06 13:30 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-02-21 13:40 - 2009-07-13 21:13 - 00779306 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-21 13:35 - 2014-02-21 13:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-21 12:29 - 2012-03-22 17:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-21 12:29 - 2012-03-10 17:29 - 00000000 ____D () C:\Users\user1\AppData\Roaming\Ventrilo
2014-02-21 12:29 - 2011-11-21 20:39 - 00000000 ____D () C:\Users\user1\Tracing
2014-02-21 12:28 - 2013-05-06 07:24 - 00000000 ____D () C:\Windows\Minidump
2014-02-21 12:28 - 2011-10-29 13:05 - 00000000 ____D () C:\Windows\Panther
2014-02-21 12:24 - 2014-02-21 12:24 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-21 12:24 - 2014-02-21 12:24 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-21 12:24 - 2014-02-21 12:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-21 12:21 - 2013-10-04 07:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-21 12:20 - 2014-02-21 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-21 12:20 - 2014-02-21 12:20 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-21 12:20 - 2014-02-21 12:20 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-21 12:20 - 2014-02-21 12:20 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-21 12:20 - 2014-02-21 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-21 12:16 - 2014-02-21 12:16 - 00921000 _____ (Oracle Corporation) C:\Users\user1\Documents\chromeinstall-7u51.exe
2014-02-21 12:15 - 2012-02-20 23:50 - 00000000 ____D () C:\Users\user1\AppData\Local\Adobe
2014-02-21 12:14 - 2012-02-20 23:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-21 12:14 - 2012-02-20 23:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-21 12:09 - 2014-02-21 12:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-21 12:09 - 2014-02-21 12:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user1\Documents\revosetup.exe
2014-02-19 19:24 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-19 11:11 - 2014-02-19 11:11 - 00118149 _____ () C:\Users\user1\Documents\wmpChrome.crx
2014-02-19 10:11 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-02-19 10:06 - 2009-07-13 18:34 - 64225280 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-19 10:06 - 2009-07-13 18:34 - 21757952 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-19 10:06 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-19 10:06 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-19 10:06 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-18 11:10 - 2014-02-18 11:09 - 00025902 _____ () C:\Users\user1\Documents\Addition.txt
2014-02-18 11:10 - 2014-02-18 11:07 - 00027182 _____ () C:\Users\user1\Documents\FRST.txt
2014-02-17 14:54 - 2014-02-17 14:53 - 00009795 _____ () C:\Users\user1\Documents\hijackthis.log
2014-02-17 10:38 - 2013-10-26 23:56 - 00000000 ____D () C:\Users\user1\Documents\misc album art
2014-02-16 12:56 - 2011-11-01 16:31 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-02-15 07:44 - 2011-10-30 16:55 - 00140584 _____ () C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 06:32 - 2011-11-01 16:18 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000UA
2014-02-13 06:32 - 2011-11-01 16:18 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000Core
2014-02-12 15:02 - 2009-07-13 20:45 - 05058840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-12 14:54 - 2012-12-07 08:53 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-02-12 14:51 - 2014-02-12 14:50 - 14188912 _____ (Razer Inc.) C:\Users\user1\Documents\Razer_Synapse_Framework_V1.16.06.18562.exe
2014-02-12 14:42 - 2014-02-12 14:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-02-11 04:26 - 2014-02-11 04:21 - 12952805 _____ () C:\Users\user1\Downloads\289-jwwbooth.flv
2014-02-10 10:41 - 2014-02-10 10:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-10 10:41 - 2014-02-10 10:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-10 10:41 - 2014-02-10 10:40 - 00118149 _____ () C:\Users\user1\Downloads\wmpChrome.crx
2014-02-06 20:17 - 2014-02-06 20:17 - 00005846 _____ () C:\Users\user1\Documents\audioclip-1391746620270-1396.mp4
2014-02-02 12:34 - 2014-02-02 12:34 - 00000000 ____D () C:\Users\user1\AppData\Local\Mumble
 
Some content of TEMP:
====================
C:\Users\user1\AppData\Local\Temp\utt5E9F.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 06:51
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014 02
Ran by user1 at 2014-03-04 20:38:56
Running from C:\Users\user1\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS5 (HKLM-x32\...\{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2008 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 10.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
Nero 9 Essentials (HKLM-x32\...\{757bbad4-d6ed-41eb-aebc-a4a70bc0f66c}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.11.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.11.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Control Panel 270.61 (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.61 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.78.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7061 - NVIDIA Corporation) Hidden
NVIDIA Update 1.1.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.1.34 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.1.34 - NVIDIA Corporation) Hidden
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6.18562 - Razer Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.8.347.gbcec6996 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B5B7C5DB-74C3-43E0-8413-0C6C1CA4DED0}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Vtune 7.20 (HKLM-x32\...\MySSID_is1) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
22-02-2014 18:32:24 ComboFix created restore point
22-02-2014 18:33:27 End of disinfection
27-02-2014 13:38:44 Windows Update
04-03-2014 12:21:49 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2014-02-19 10:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A28A099-F245-4BB9-B44E-73723A2CFD1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B2FF0566-82EC-40BE-9413-22CBB4BAEEA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000Core => C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-01] (Google Inc.)
Task: {C9980416-1FE4-40F6-B279-E946E0556630} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-11] (AVAST Software)
Task: {DD7E38D2-68D2-4E33-9278-163A5E326153} - System32\Tasks\AdobeAAMUpdater-1.0-KEVIN-user1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-02-22] (Adobe Systems Incorporated)
Task: {FD22150E-E9CB-4654-83AA-9C781499071E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000UA => C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-01] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000Core.job => C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458756720-2035447187-2057280441-1000UA.job => C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-11-13 19:58 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-03-04 13:54 - 2014-03-04 11:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll
2013-11-11 15:54 - 2013-11-11 15:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-04 02:42 - 2014-03-01 18:35 - 00051016 _____ () C:\Users\user1\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 02:42 - 2014-03-01 18:35 - 00716616 _____ () C:\Users\user1\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 02:42 - 2014-03-01 18:35 - 00100168 _____ () C:\Users\user1\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 02:42 - 2014-03-01 18:35 - 04061000 _____ () C:\Users\user1\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 02:42 - 2014-03-01 18:35 - 00394568 _____ () C:\Users\user1\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 02:42 - 2014-03-01 18:35 - 01647432 _____ () C:\Users\user1\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-04 02:42 - 2014-03-01 18:35 - 13632840 _____ () C:\Users\user1\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
2013-03-05 16:30 - 2013-03-05 16:30 - 00090112 _____ () C:\Program Files (x86)\RaidCall\crashreport.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Users^user1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Google Update => "C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\user1\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\user1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2014 00:59:51 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/04/2014 05:52:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2014 05:08:24 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/02/2014 10:13:55 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/02/2014 09:11:08 PM) (Source: Application Hang) (User: )
Description: The program raidcall.exe version 1.0.11364.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 141c
 
Start Time: 01cf35b46eaa4b79
 
Termination Time: 136
 
Application Path: C:\Program Files (x86)\RaidCall\raidcall.exe
 
Report Id: 34ec22eb-a292-11e3-a28c-6c626de58381
 
Error: (03/02/2014 03:25:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/01/2014 08:28:13 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (02/28/2014 01:24:50 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (02/27/2014 09:04:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: League of Legends.exe, version: 4.3.0.487, time stamp: 0x530c09d0
Faulting module name: League of Legends.exe, version: 4.3.0.487, time stamp: 0x530c09d0
Exception code: 0xc0000005
Fault offset: 0x00436e5f
Faulting process id: 0x1254
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
 
Error: (02/27/2014 06:16:25 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (03/04/2014 05:51:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/26/2014 10:35:05 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/22/2014 10:50:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/22/2014 10:48:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:47:07 PM on ‎2/‎22/‎2014 was unexpected.
 
Error: (02/21/2014 01:36:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/19/2014 10:46:47 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (02/19/2014 07:24:31 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2014 07:22:16 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2014 10:08:47 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/19/2014 10:06:31 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-19 10:05:25.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-19 10:05:25.430
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 4095.18 MB
Available physical RAM: 1464.12 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 4823.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:679.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A5CC1DFC)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 05 March 2014 - 03:01 AM

I don't see anything suspicious in your logs.

Is your computer running smoothly or are there any problems or symptoms present?



#5 shadoze

shadoze
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 05 March 2014 - 04:01 AM

For the most part it's running pretty normal. I was just wondering because when i scanned with malwarebytes it found something called opencandy plus the softwareprotection.exe that I had found too so I was worried there might be more hidden malware.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 05 March 2014 - 04:13 AM

This is just some unwanted adware like stuff and nothing to really worry about. And in your logs I don't see any more of it. So if your computer is running fine there is no need for further action.

#7 shadoze

shadoze
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 05 March 2014 - 04:55 AM

Okay thank you very much for your time!! :)



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 05 March 2014 - 05:00 AM

You're welcome.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 05 March 2014 - 05:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users