Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-downloaderWin32.Rechide!IK in Google Updater!


  • This topic is locked This topic is locked
12 replies to this topic

#1 godivarides

godivarides

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 04 March 2014 - 06:57 PM

Not sure what happened to my first post, said I didn't have authorization!

 

Anyway found this Trojan-downloaderWin32.Rechide!IK in Google updater after running Emsisoft Malware. 

 

No other spyware / malware service found anything yet my system was getting slower and slower

 

Uninstalled Chrome.

 

Checked for updates on TDSSKiller, JRT, Rkill and ran - nothing.

 

Ran Emsisoft Emergency ad it found:

 

Setting.DisableTaskMgr (A)

2 Registry keys

 

Setting.DisableRegistryTools (A)

3 registry keys

 

Application.Generic.592087 (B)

1 file - no risk in Avira Antivirus

 

This has finished running - but I haven't quarantined or deleted - thought I would ask here.

 

 

I also found SOPHOS and running now, which found 1 threat so far.

 

Thank you in advance for your help!



BC AdBot (Login to Remove)

 


#2 godivarides

godivarides
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 04 March 2014 - 08:07 PM

SOPHOS malware completed found: Mal/Generic-S

 

no other malware/spyware found this.



#3 godivarides

godivarides
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 04 March 2014 - 10:51 PM

Rebooted and ran SOPHOS again - CLEAN



#4 godivarides

godivarides
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 05 March 2014 - 10:50 AM

Just completed EmsisSoft Emergency Kit again - CLEAN.

 

What else should one do to keep "clean"?  I'm running a variety of spyware & malware.

 

thank you



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 05 March 2014 - 12:34 PM

Hello,

can you please post up the log files of the scans that have found any threats?
And also run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#6 godivarides

godivarides
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 05 March 2014 - 01:45 PM

Hello,

 

Thank you for your reply.

 

Here is the EMSISOFT scan report which discovered the trojan:

 

Emsisoft Anti-Malware - Version 5.1
Last update: 27/02/2014 11:26:36 AM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, C:\, D:\, F:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:    03/03/2014 9:03:24 PM

C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe     detected: Trojan-Downloader.Win32.Rechide!IK

Scanned

Files:     492970
Traces:     588778
Cookies:     0
Processes:     100

Found

Files:     1
Traces:     0
Cookies:     0
Processes:     0
Registry keys:     0

Scan end:    04/03/2014 9:34:43 AM
Scan time:    12:31:19

C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe    Quarantined Trojan-Downloader.Win32.Rechide!IK

Quarantined

Files:     1
Traces:     0
Cookies:     0
 

 

****************************************

 

Can't find the SOPHOS scan log, is it saved automatically?

 

Will download the FRST and run it.



#7 godivarides

godivarides
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 05 March 2014 - 01:51 PM

Here are the 2 reports requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
Ran by Sandra (administrator) on GT60130712 on 05-03-2014 11:48:10
Running from C:\Users\Sandra\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Emsi Software GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files (x86)\ACT\SideACT.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Dropbox, Inc.) C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Emsisoft GmbH) C:\EEK\start.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [THXCfg64] - C:\windows\system32\THXCfg64.dll [25600 2010-09-14] (Creative Technology Ltd.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3009336 2012-11-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\windows\system32\nvspcap64.dll [1064224 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [S-Bar] - C:\Program Files (x86)\S-Bar\S-Bar.exe [5504416 2012-12-03] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [KLM] - C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [VGAOCAP] - C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-08-13] (MSI)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Live Update 5] - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-226031397-426934007-3279398888-1001\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-14] (SUPERAntiSpyware)
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL =
SearchScopes: HKCU - {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/emsisoft_webscan.cab
Winsock: Catalog9 01 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0mmbupzd.default-1384815363968
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-30]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [3045688 2011-10-03] (Emsi Software GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-08-19] (MSI)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
S2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-07] ()

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [85800 2011-02-20] (Emsi Software GmbH)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-03-04] (Emsisoft GmbH)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-30] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-30] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-07] (Bigfoot Networks, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows ® Win 7 DDK provider)
R3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-03-04] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2013-12-17] ()
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-06] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-15] (Synaptics Incorporated)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 11:48 - 2014-03-05 11:48 - 00018415 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-03-05 11:47 - 2014-03-05 11:48 - 00000000 ____D () C:\FRST
2014-03-05 11:45 - 2014-03-05 11:46 - 02157056 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe
2014-03-05 11:24 - 2014-03-05 11:26 - 00065536 ___HT () C:\Users\Sandra\Desktop\~Old Outlook.pst.tmp
2014-03-04 14:54 - 2014-03-04 14:55 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-04 14:53 - 2014-03-04 14:53 - 00003211 _____ () C:\Users\Sandra\Desktop\Sophos Virus Removal Tool.lnk
2014-03-04 14:53 - 2014-03-04 14:53 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-04 14:53 - 2014-03-04 14:53 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-03-04 14:48 - 2014-03-04 14:50 - 84760872 _____ (Sophos Limited) C:\Users\Sandra\Downloads\Sophos Virus Removal Tool.exe
2014-03-04 14:48 - 2014-03-04 14:50 - 221008128 _____ () C:\Users\Sandra\Downloads\EmsisoftEmergencyKit(2).exe
2014-03-04 12:32 - 2014-03-04 12:35 - 221008128 _____ () C:\Users\Sandra\Downloads\EmsisoftEmergencyKit(1).exe
2014-03-04 12:30 - 2014-03-04 12:34 - 221008128 _____ () C:\Users\Sandra\Downloads\EmsisoftEmergencyKit.exe
2014-03-03 13:08 - 2014-03-03 13:08 - 06992149 _____ (Motorola ) C:\Users\Sandra\Downloads\setup_final.exe
2014-03-03 12:56 - 2014-03-03 12:56 - 00000000 ____D () C:\Users\Sandra\Documents\Podcast
2014-03-03 12:56 - 2014-03-03 12:56 - 00000000 ____D () C:\ProgramData\Motorola Media Link
2014-03-03 12:52 - 2014-03-03 12:52 - 00000069 _____ () C:\windows\NeroDigital.ini
2014-03-03 12:52 - 2014-03-03 12:52 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Motorola
2014-03-03 12:52 - 2014-03-03 12:52 - 00000000 ____D () C:\Users\Public\Documents\Podcast
2014-03-03 12:50 - 2014-03-03 12:56 - 00002104 _____ () C:\Users\Public\Desktop\MOTOROLA MEDIA LINK.lnk
2014-03-03 12:50 - 2014-03-03 12:50 - 00000000 ____D () C:\Binaries
2014-03-03 12:49 - 2014-03-03 12:50 - 00000000 ____D () C:\ProgramData\Nero
2014-03-03 12:49 - 2014-03-03 12:49 - 00000000 ____D () C:\Program Files (x86)\Motorola Media Link
2014-03-03 12:48 - 2014-03-03 12:48 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Downloaded Installations
2014-03-03 12:46 - 2014-03-03 12:47 - 48363560 _____ (Motorola ) C:\Users\Sandra\Downloads\MML_Installer-v1.5.1915.0.exe
2014-02-28 09:13 - 2014-02-28 09:13 - 00002023 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-02-25 10:56 - 2014-02-25 10:56 - 00002017 _____ () C:\Users\Public\Desktop\Live Update 5.lnk
2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-16 15:04 - 2014-02-16 15:10 - 00003488 _____ () C:\windows\System32\Tasks\Motorola Device Manager Update
2014-02-16 15:04 - 2014-02-16 15:10 - 00003470 _____ () C:\windows\System32\Tasks\Motorola Device Manager Engine
2014-02-16 15:04 - 2014-02-16 15:10 - 00003296 _____ () C:\windows\System32\Tasks\Motorola Device Manager Initial Update
2014-02-16 15:02 - 2014-02-16 15:03 - 33586888 _____ (Motorola Mobility) C:\Users\Sandra\Downloads\MotorolaDeviceManager_2.4.5.exe
2014-02-15 11:33 - 2014-02-15 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 08:03 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-14 08:03 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-14 08:00 - 2014-02-06 05:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-14 08:00 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-14 08:00 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-14 08:00 - 2014-02-06 04:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-14 08:00 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-14 08:00 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-14 08:00 - 2014-02-06 03:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-14 08:00 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-14 08:00 - 2014-02-06 03:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-14 08:00 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-14 08:00 - 2014-02-06 03:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-14 08:00 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-14 08:00 - 2014-02-06 03:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-14 08:00 - 2014-02-06 03:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-14 08:00 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-14 08:00 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-14 08:00 - 2014-02-06 03:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-14 08:00 - 2014-02-06 03:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-14 08:00 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-14 08:00 - 2014-02-06 02:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-14 08:00 - 2014-02-06 02:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-14 08:00 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-14 08:00 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-14 08:00 - 2014-02-06 02:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-14 08:00 - 2014-02-06 02:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-14 08:00 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-14 08:00 - 2014-02-06 02:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-14 08:00 - 2014-02-06 02:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-14 08:00 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-14 08:00 - 2014-02-06 02:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-14 08:00 - 2014-02-06 02:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-14 08:00 - 2014-02-06 02:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-14 08:00 - 2014-02-06 02:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-14 08:00 - 2014-02-06 02:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-14 08:00 - 2014-02-06 01:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-14 08:00 - 2014-02-06 01:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-14 08:00 - 2014-02-06 01:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-14 08:00 - 2014-02-06 01:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-14 08:00 - 2014-02-06 01:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 09:03 - 2013-12-31 16:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-13 09:03 - 2013-12-31 16:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-13 09:03 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 09:03 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 09:03 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 09:03 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 09:03 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 09:03 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 09:03 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-13 09:03 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-13 09:03 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-13 09:03 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-13 09:03 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-13 09:03 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-13 09:03 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-13 09:03 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-13 09:03 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 09:03 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-13 09:03 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-13 09:03 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 09:03 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-13 09:03 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-13 09:03 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-13 09:03 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-13 09:03 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 09:03 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 09:03 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 09:03 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-09 13:10 - 2014-02-09 13:11 - 58081928 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\EIE11_EN-US_MSN_WIN764.EXE
2014-02-06 11:04 - 2014-02-06 11:04 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-03-05 11:48 - 2014-03-05 11:48 - 00018415 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-03-05 11:48 - 2014-03-05 11:47 - 00000000 ____D () C:\FRST
2014-03-05 11:47 - 2013-07-17 12:00 - 1158292480 _____ () C:\Users\Sandra\Desktop\Old Outlook.pst
2014-03-05 11:46 - 2014-03-05 11:45 - 02157056 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe
2014-03-05 11:26 - 2014-03-05 11:24 - 00065536 ___HT () C:\Users\Sandra\Desktop\~Old Outlook.pst.tmp
2014-03-05 11:25 - 2013-07-18 13:49 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 11:25 - 2013-07-12 13:25 - 01819251 _____ () C:\windows\WindowsUpdate.log
2014-03-04 18:27 - 2009-07-13 21:45 - 00024656 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 18:27 - 2009-07-13 21:45 - 00024656 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 18:26 - 2009-07-13 22:13 - 00801938 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-04 18:20 - 2013-12-30 18:51 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-04 18:19 - 2013-12-30 20:36 - 00002998 _____ () C:\windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-03-04 18:19 - 2013-10-15 11:04 - 00000000 ___RD () C:\Users\Sandra\Dropbox
2014-03-04 18:19 - 2013-10-06 14:17 - 00012145 _____ () C:\windows\setupact.log
2014-03-04 18:19 - 2013-07-18 15:42 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Dropbox
2014-03-04 18:18 - 2013-12-30 20:36 - 00000508 _____ () C:\windows\Tasks\Malwarebytes Anti-Exploit.job
2014-03-04 18:18 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-04 14:55 - 2014-03-04 14:54 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-04 14:53 - 2014-03-04 14:53 - 00003211 _____ () C:\Users\Sandra\Desktop\Sophos Virus Removal Tool.lnk
2014-03-04 14:53 - 2014-03-04 14:53 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-04 14:53 - 2014-03-04 14:53 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-03-04 14:50 - 2014-03-04 14:48 - 84760872 _____ (Sophos Limited) C:\Users\Sandra\Downloads\Sophos Virus Removal Tool.exe
2014-03-04 14:50 - 2014-03-04 14:48 - 221008128 _____ () C:\Users\Sandra\Downloads\EmsisoftEmergencyKit(2).exe
2014-03-04 12:35 - 2014-03-04 12:32 - 221008128 _____ () C:\Users\Sandra\Downloads\EmsisoftEmergencyKit(1).exe
2014-03-04 12:35 - 2013-10-21 21:07 - 00000556 _____ () C:\Users\Sandra\Desktop\Emsisoft Emergency Kit.lnk
2014-03-04 12:35 - 2013-10-21 21:06 - 00000000 ____D () C:\EEK
2014-03-04 12:34 - 2014-03-04 12:30 - 221008128 _____ () C:\Users\Sandra\Downloads\EmsisoftEmergencyKit.exe
2014-03-04 12:17 - 2013-10-24 20:36 - 00002420 _____ () C:\Users\Sandra\Desktop\Rkill.txt
2014-03-04 12:10 - 2013-08-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-04 12:07 - 2013-08-30 17:19 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Google
2014-03-03 13:08 - 2014-03-03 13:08 - 06992149 _____ (Motorola ) C:\Users\Sandra\Downloads\setup_final.exe
2014-03-03 12:56 - 2014-03-03 12:56 - 00000000 ____D () C:\Users\Sandra\Documents\Podcast
2014-03-03 12:56 - 2014-03-03 12:56 - 00000000 ____D () C:\ProgramData\Motorola Media Link
2014-03-03 12:56 - 2014-03-03 12:50 - 00002104 _____ () C:\Users\Public\Desktop\MOTOROLA MEDIA LINK.lnk
2014-03-03 12:52 - 2014-03-03 12:52 - 00000069 _____ () C:\windows\NeroDigital.ini
2014-03-03 12:52 - 2014-03-03 12:52 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Motorola
2014-03-03 12:52 - 2014-03-03 12:52 - 00000000 ____D () C:\Users\Public\Documents\Podcast
2014-03-03 12:52 - 2013-11-23 12:59 - 00000000 ____D () C:\ProgramData\Motorola
2014-03-03 12:52 - 2013-11-23 12:56 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Motorola
2014-03-03 12:50 - 2014-03-03 12:50 - 00000000 ____D () C:\Binaries
2014-03-03 12:50 - 2014-03-03 12:49 - 00000000 ____D () C:\ProgramData\Nero
2014-03-03 12:49 - 2014-03-03 12:49 - 00000000 ____D () C:\Program Files (x86)\Motorola Media Link
2014-03-03 12:49 - 2013-11-23 12:57 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-03-03 12:48 - 2014-03-03 12:48 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Downloaded Installations
2014-03-03 12:47 - 2014-03-03 12:46 - 48363560 _____ (Motorola ) C:\Users\Sandra\Downloads\MML_Installer-v1.5.1915.0.exe
2014-02-28 09:13 - 2014-02-28 09:13 - 00002023 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-02-28 08:15 - 2013-07-13 09:01 - 00786248 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-27 09:06 - 2010-11-20 20:47 - 00925686 _____ () C:\windows\PFRO.log
2014-02-25 10:56 - 2014-02-25 10:56 - 00002017 _____ () C:\Users\Public\Desktop\Live Update 5.lnk
2014-02-24 16:18 - 2013-07-16 08:25 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Microsoft Help
2014-02-22 18:55 - 2013-07-17 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 11:13 - 2013-08-18 15:19 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\HpUpdate
2014-02-20 15:20 - 2013-12-11 08:30 - 17858952 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-20 15:20 - 2013-07-18 13:49 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 15:20 - 2013-07-18 13:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 15:20 - 2013-07-18 13:49 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-17 09:25 - 2014-01-30 09:01 - 00001941 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-16 15:10 - 2014-02-16 15:04 - 00003488 _____ () C:\windows\System32\Tasks\Motorola Device Manager Update
2014-02-16 15:10 - 2014-02-16 15:04 - 00003470 _____ () C:\windows\System32\Tasks\Motorola Device Manager Engine
2014-02-16 15:10 - 2014-02-16 15:04 - 00003296 _____ () C:\windows\System32\Tasks\Motorola Device Manager Initial Update
2014-02-16 15:03 - 2014-02-16 15:02 - 33586888 _____ (Motorola Mobility) C:\Users\Sandra\Downloads\MotorolaDeviceManager_2.4.5.exe
2014-02-16 10:32 - 2013-07-12 18:29 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 10:28 - 2013-07-12 17:19 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 14:07 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-02-15 11:33 - 2014-02-15 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-09 13:11 - 2014-02-09 13:10 - 58081928 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\EIE11_EN-US_MSN_WIN764.EXE
2014-02-06 11:04 - 2014-02-06 11:04 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\DropboxMaster
2014-02-06 11:04 - 2013-07-30 16:26 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-06 11:04 - 2013-07-12 13:37 - 00000000 ___RD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 05:16 - 2014-02-14 08:00 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 04:30 - 2014-02-14 08:00 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 04:30 - 2014-02-14 08:00 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 04:12 - 2014-02-14 08:00 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 04:07 - 2014-02-14 08:00 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 04:06 - 2014-02-14 08:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-14 08:00 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 03:56 - 2014-02-14 08:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 03:52 - 2014-02-14 08:00 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 03:49 - 2014-02-14 08:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 03:48 - 2014-02-14 08:00 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 03:48 - 2014-02-14 08:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 03:38 - 2014-02-14 08:00 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 03:32 - 2014-02-14 08:00 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 03:20 - 2014-02-14 08:00 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 03:17 - 2014-02-14 08:00 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 03:11 - 2014-02-14 08:00 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 03:01 - 2014-02-14 08:00 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 03:00 - 2014-02-14 08:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-14 08:00 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 02:57 - 2014-02-14 08:00 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 02:52 - 2014-02-14 08:00 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 02:52 - 2014-02-14 08:00 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 02:50 - 2014-02-14 08:00 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 02:49 - 2014-02-14 08:00 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 02:47 - 2014-02-14 08:00 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 02:46 - 2014-02-14 08:00 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 02:25 - 2014-02-14 08:00 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 02:25 - 2014-02-14 08:00 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 02:24 - 2014-02-14 08:00 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 02:22 - 2014-02-14 08:00 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 02:13 - 2014-02-14 08:00 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 02:09 - 2014-02-14 08:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 02:03 - 2014-02-14 08:00 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 01:55 - 2014-02-14 08:00 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 01:41 - 2014-02-14 08:00 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 01:40 - 2014-02-14 08:00 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 01:36 - 2014-02-14 08:00 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 01:34 - 2014-02-14 08:00 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-03 17:07 - 2013-08-03 11:03 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Apple Computer

Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9typ9y.dll
C:\Users\Sandra\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Sandra\AppData\Local\Temp\ProxyX64Process_18467.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 09:48

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014
Ran by Sandra at 2014-03-05 11:48:59
Running from C:\Users\Sandra\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
ACT! (HKCU\...\ACT!) (Version:  - )
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1105.1601 - Micro-Star International Co., Ltd.)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1103.1801 - Micro-Star International Co., Ltd.)
COMODO Firewall (HKLM\...\{40F962CF-3C1E-44EB-A319-5590BEEB90CF}) (Version: 6.3.35694.2953 - COMODO Security Solutions Inc.)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4612 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4612 - CyberLink Corp.) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.6 - Dropbox, Inc.)
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
EasyViewer (x32 Version: 1.3.0.9 - MSI) Hidden
Emsisoft Anti-Malware 5.1 (HKLM-x32\...\Emsisoft Anti-Malware_is1) (Version: 5.1 - Emsi Software GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
GeekBuddy (HKLM\...\{C36B3AE4-FCFE-4A0A-AA3D-71E1A51C1F16}) (Version: 4.11.91 - Comodo Security Solutions Inc)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Color LaserJet CM2320 MFP Series 3.1 (HKLM\...\{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}) (Version: 3.1 - HP)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
hppCLJCM2320 (x32 Version: 003.001.00097 - Hewlett-Packard) Hidden
hppFaxDrvCM2320 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM2320 (x32 Version: 003.001.00095 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppManualsCM2320 (x32 Version: 003.001.00087 - Hewlett-Packard) Hidden
hppPQVideoCM2320 (x32 Version: 003.001.00092 - Hewlett-Packard) Hidden
hppQFolderCM2320 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM2320 (x32 Version: 003.001.00090 - Hewlett-Packard) Hidden
hppSendFaxCM2320 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXCM2320 (x32 Version: 001.017.00048 - Hewlett-Packard) Hidden
hppusgCM2320 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 005.003.00171 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1262 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.) Hidden
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.113 - MSI)
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Music Maker Silver (HKLM-x32\...\MAGIX_{D9372A31-3CA0-467D-9150-27E1D572198F}) (Version: 18.0.3.4 - MAGIX AG)
MAGIX Music Maker Silver (Version: 18.0.3.4 - MAGIX AG) Hidden
MAGIX MX Suite (HKLM-x32\...\MAGIX_{AC11DA89-36BC-4537-BA3D-4E8245DAAAF0}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Photo Manager MX (HKLM-x32\...\MAGIX_{341B042C-52B7-43E5-B13D-698A7B497347}) (Version: 9.0.1.243 - MAGIX AG)
MAGIX Photo Manager MX (Version: 9.0.1.243 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{873C9937-62FE-4761-BC74-74462098EB9B}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_{65585152-8E07-460E-B703-C4231B9EE5A8}) (Version: 3.0.1.44 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (Version: 3.0.1.44 - MAGIX AG) Hidden
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Malwarebytes Anti-Exploit version 0.09.5.0250 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.09.5.0250 - Malwarebytes)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSI HOUSE (HKLM-x32\...\{DA5597C9-9216-44FF-9670-D1E48817B998}) (Version: 10.07.1601 - MSI)
MSI Software Install (HKLM-x32\...\{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}) (Version: 4.0.1105.1701 - Micro-Star International Co., Ltd.)
MSI VGA Overclock Tool (HKLM-x32\...\{95193654-3EF2-4D17-8503-9F80B56D9ED5}) (Version: 12.01.3101 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mufin player 2.5 (HKLM-x32\...\MAGIX_{70CE9848-FB51-4195-ADB0-97556E6B04D7}) (Version: 2.5.1.255 - mufin GmbH)
mufin player 2.5 (Version: 2.5.1.255 - mufin GmbH) Hidden
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.315 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.315 - Qualcomm Atheros) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.90 - Realtek Semiconductor Corp.)
S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 -  )
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.019 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.1.2 - Synaptics Incorporated)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.01 - Creative Technology Limited)
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
Watermark Image software version 1.9.9.7 (HKLM-x32\...\Watermark Image_is1) (Version:  - ) <==== ATTENTION
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xara Web Designer Silver (HKLM-x32\...\MAGIX_{6AC22FA3-C874-4A58-A4AF-82FC427AE81C}) (Version: 7.1.2.22390 - Xara Group Ltd)
Xara Web Designer Silver (Version: 7.1.2.22390 - Xara Group Ltd) Hidden

==================== Restore Points  =========================

21-02-2014 14:46:51 Windows Update
25-02-2014 16:25:31 Windows Update
27-02-2014 15:14:41 Windows Update
28-02-2014 15:12:35 Windows Update
03-03-2014 19:49:24 Installed MOTOROLA MEDIA LINK.
04-03-2014 16:59:37 Windows Update
04-03-2014 21:53:11 Installed Sophos Virus Removal Tool.

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-09-03 14:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {025DD8C2-FD27-47FD-A63A-F7546BD64DED} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {0548C6B8-4137-4618-9CFA-63FEB96F1849} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {4580517F-DBB6-4A82-BD4E-2CE47C83B3EE} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [2013-12-17] (Malwarebytes Corporation)
Task: {487BB9BE-2AF9-444C-96E9-033C5E31FBE2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {5F178567-2E32-479C-AC96-296C8E2D2004} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {6EFB0E03-C09B-490F-AB5D-CE795D2FF92A} - System32\Tasks\{4A1DA7A2-EB2F-4219-BE2F-FF61A3658DC3} => Firefox.exe
Task: {AF64B4BD-57D0-4BBC-B927-1B6B9C63868A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B2A30D31-3990-489B-B87F-C3A6917C8922} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-25] (AVAST Software)
Task: {FC95367D-0A5F-4E72-ABA8-73EC4053756E} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO)
Task: {FF7C842D-71CF-458A-A3B5-646578AA0E7E} - System32\Tasks\{6CA062EC-720E-4EB2-AE05-B0A10095F0E1} => C:\Users\Sandra\Desktop\JRT_NEW.exe [2014-01-07] (Thisisu)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

==================== Loaded Modules (whitelisted) =============

2012-03-14 22:57 - 2013-11-11 08:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-03-14 23:33 - 2010-05-04 11:00 - 00237056 _____ () C:\windows\SYSTEM32\APOMgr64.DLL
2013-07-18 10:30 - 2003-04-24 03:21 - 00278589 _____ () C:\Program Files (x86)\ACT\SideACT.exe
2012-01-31 14:49 - 2012-01-31 14:49 - 00088576 _____ () C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
2014-02-27 12:30 - 2014-02-27 12:30 - 01283792 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 02875600 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 10451664 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 00039120 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 01529040 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2014-03-04 14:51 - 2014-03-04 12:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-19 00:57 - 2011-09-19 00:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-04-30 18:12 - 2011-04-30 18:12 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-09-19 00:59 - 2011-09-19 00:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-04-30 18:13 - 2011-04-30 18:13 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-09-19 00:57 - 2011-09-19 00:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-07-18 10:30 - 2003-04-24 02:47 - 00286773 _____ () C:\Program Files (x86)\ACT\sharenui.dll
2014-03-04 18:19 - 2014-03-04 18:19 - 00041984 _____ () c:\users\sandra\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9typ9y.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Sandra\AppData\Roaming\Dropbox\bin\libcef.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00061440 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00516096 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00130560 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00840192 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00674816 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\LEDMXMLObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00086016 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00835584 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
2009-10-15 07:25 - 2009-10-15 07:25 - 00364544 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
2013-12-30 18:50 - 2013-12-30 18:50 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-14 15:06 - 2014-02-14 15:06 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-03-14 23:06 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-02-15 11:33 - 2014-02-15 11:33 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-20 15:20 - 2014-02-20 15:20 - 16265096 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Qualcomm Atheros Killer Network Manager.lnk => C:\windows\pss\Qualcomm Atheros Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: UpdReg => C:\windows\UpdReg.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2014 11:12:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3370

Error: (03/05/2014 11:12:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3370

Error: (03/05/2014 11:12:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/05/2014 11:12:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2231

Error: (03/05/2014 11:12:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2231

Error: (03/05/2014 11:12:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/05/2014 11:12:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1186

Error: (03/05/2014 11:12:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1186

Error: (03/05/2014 11:12:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/05/2014 10:57:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3058


System errors:
=============
Error: (03/04/2014 10:46:05 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (03/04/2014 09:48:59 PM) (Source: Service Control Manager) (User: )
Description: The Qualcomm Atheros Killer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/04/2014 06:20:45 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/04/2014 06:20:37 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (03/04/2014 00:13:16 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/04/2014 00:13:13 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (03/03/2014 06:24:59 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR21.

Error: (03/03/2014 06:24:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR21.

Error: (03/03/2014 06:24:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR21.

Error: (03/03/2014 06:24:55 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR21.


Microsoft Office Sessions:
=========================
Error: (02/05/2014 00:07:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 338105 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (01/18/2014 07:29:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 142 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/13/2013 03:48:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 109342 seconds with 2160 seconds of active time.  This session ended with a crash.

Error: (10/24/2013 08:52:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/16/2013 08:34:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/08/2013 05:00:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 360 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 12184.7 MB
Available physical RAM: 9596.04 MB
Total Pagefile: 24367.59 MB
Available Pagefile: 20392.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:552.3 GB) (Free:472.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:368.2 GB) (Free:330.16 GB) NTFS
Drive f: (Sandra) (Fixed) (Total:931.48 GB) (Free:423.77 GB) NTFS
Drive g: (AZBACK# 001) (Removable) (Total:29.93 GB) (Free:12.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E0305439)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 05 March 2014 - 04:25 PM

Your log looks clean. Are you experiencing any problems or symptoms or is your computer running fine?

#9 godivarides

godivarides
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 13 March 2014 - 09:39 PM

Odd, I thought I had posted a THANK YOU!

 

But suddenly SuperAnti-Spyware found:  Trojan.Agent/Gen-Downloader

 

I am rerunning SOPHOS right now



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 14 March 2014 - 02:46 AM

SuperAnti-Spyware has a lot of false positives.. Can you post what exactly has been found (file & path)?

#11 godivarides

godivarides
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 14 March 2014 - 09:34 AM

Thank you.

 

SuperAnti-Spyware said it was cleared

 

SOPHOS said it was clean

 

I will try EMSISOFT

 

Anything else?



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 14 March 2014 - 09:37 AM

I haven't seen anything in your logs that requires further action. :)



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 21 March 2014 - 05:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users