Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Advanced System Protector


  • This topic is locked This topic is locked
6 replies to this topic

#1 Sjnjerak

Sjnjerak

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 25 March 2014 - 02:38 PM

Hi everyone,

Yesterday I noticed that my internet was running a lot slower than usual and websites kept freezing awkwardly. When the problem persisted this morning I ran a full system virus-scan with the free version of Avast and found that there were files in the AppData folder, in my user folder, that it was unable to scan. This made me panic, and foolishly I tried to shred everything in AppData. After a while the computer informed me that there were files there that I did not have the rights to destroy despite being an administrator.

That is also when I noticed a newly installed program called Advanced System Protector. I got suspicious as I couldn't remember installing it, and a quick internet search confirmed that it was malware. I started reading on this forum and tried to download various malware removers but I kept getting error messages when I tried to install them. Based on an advice in a previous post I downloaded JRT, and renamed the installation file to "winlogon.exe". Then I was able to run it and it has helped somewhat. Here is the log:
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tomas on 25/03/2014 at 18:40:37.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Failed to stop: [Service] update rightsurf 
Failed to stop: [Service] util rightsurf 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\regclean pro"
Failed to delete: [Folder] "C:\Program Files (x86)\rightsurf"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector"
Successfully deleted: [Folder] "C:\Users\Tomas\documents\optimizer pro"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/03/2014 at 18:49:19.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
I have since then run DDS as well.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by Tomas at 19:01:01 on 2014-03-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5979.3754 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sleep Memory Optimizer\FFSService.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe
C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\RightSurf\updateRightSurf.exe
C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 131.111.12.20 131.111.8.42
TCP: Interfaces\{61BECA66-CBD5-45C5-B5AE-5F1E913C1DC4} : DHCPNameServer = 131.111.12.20 131.111.8.42
TCP: Interfaces\{61BECA66-CBD5-45C5-B5AE-5F1E913C1DC4}\6796277696E6D65646961633037303532333 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{61BECA66-CBD5-45C5-B5AE-5F1E913C1DC4}\6796277696E6D65646961633037303532333F523 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{61BECA66-CBD5-45C5-B5AE-5F1E913C1DC4}\A5978554C4F593832434 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{61BECA66-CBD5-45C5-B5AE-5F1E913C1DC4}\A616773733 : DHCPNameServer = 192.168.103.2
TCP: Interfaces\{61BECA66-CBD5-45C5-B5AE-5F1E913C1DC4}\C416077796E676 : DHCPNameServer = 131.111.12.20 131.111.8.42
TCP: Interfaces\{ED531B87-9093-4BE1-B943-74FBD034809C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F3728EC9-F4DD-4066-9D68-101B3FF2CA44} : NameServer = 131.111.12.20,131.111.8.42
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
AppInit_DLLs= c:\windows\syswow64\nvinit.dll ,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://acer.msn.com
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Secure Applicayion] C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
x64-Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ilpy739f.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser_x64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-6 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-3-10 33736]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-11-6 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-11-6 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-11-6 62776]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-11-6 355920]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2013-7-10 871296]
R2 FFSOpzSvc;Sleep memory optimizer;C:\Program Files\Sleep Memory Optimizer\FFSService.exe [2013-7-10 141192]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-2-26 108032]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-2-29 28264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-10 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-10 2439272]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-7-10 192856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-10 165144]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2013-12-4 127520]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-30 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-30 16939296]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2012-11-6 260640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-1-20 16128]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-10 363800]
R2 Update RightSurf;Update RightSurf;C:\Program Files (x86)\RightSurf\updateRightSurf.exe [2014-2-1 348448]
R2 USecuAppSvc;Acer Theft Shield Service;C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [2012-6-7 235664]
R2 Util RightSurf;Util RightSurf;C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [2014-2-1 348448]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [2013-7-10 72864]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-9 30848]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-11-6 238384]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-6 331264]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-11-6 26504]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-6 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-6 788760]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-8-2 432680]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-10 39200]
R3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-11-22 155824]
RUnknown aswMonFlt;aswMonFlt; [x]
RUnknown aswRvrt;aswRvrt; [x]
RUnknown aswSnx;aswSnx; [x]
RUnknown aswSP;aswSP; [x]
RUnknown aswVmm;aswVmm; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-11-6 255376]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-9 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-9 551552]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-7-10 340584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-20 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-25 18:42:44 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-03-25 18:40:36 -------- d-----w- C:\Windows\ERUNT
2014-03-25 18:34:09 -------- d-----w- C:\Users\Tomas\AppData\Roaming\McAfee
2014-03-25 15:52:49 -------- d-----w- C:\Users\Tomas\AppData\Local\Google
2014-03-25 15:46:46 -------- d-----w- C:\Users\Tomas\AppData\Local\Macromedia
2014-03-25 15:46:00 -------- d-----w- C:\Users\Tomas\AppData\Local\EgisTec IPS
2014-03-25 15:37:03 -------- d-----w- C:\Users\Tomas\AppData\Local\NVIDIA Corporation
2014-03-25 15:36:02 -------- d-----w- C:\Users\Tomas\AppData\Roaming\Atheros
2014-03-25 14:40:14 -------- d-----w- C:\Users\Tomas\AppData\Roaming\AVAST Software
2014-03-25 14:34:30 -------- d-----w- C:\Users\Tomas\AppData\Local\Mozilla
2014-03-25 11:20:58 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D4AE0466-7529-4311-B675-8CBB9A492294}\mpengine.dll
2014-03-24 21:24:57 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2014-03-24 21:21:28 20312 ----a-w- C:\Windows\System32\roboot64.exe
2014-03-24 20:51:03 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-03-24 20:33:26 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-03-23 11:18:37 61112 ----a-w- C:\Windows\System32\drivers\wStLib64.sys
2014-03-17 16:04:04 596256 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp155.dll
2014-03-17 15:56:18 -------- d-----w- C:\HP Universal Print Driver
2014-03-13 21:55:47 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-13 21:55:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-13 21:55:46 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-13 21:55:45 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 21:55:44 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-10 17:53:38 -------- d-----w- C:\Windows\SysWow64\NV
2014-03-10 17:53:38 -------- d-----w- C:\Windows\System32\NV
2014-03-10 17:52:21 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-10 17:52:21 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-10 17:52:21 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-03-10 17:52:21 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-10 17:52:21 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-10 17:52:21 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-10 17:52:21 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-10 17:52:21 2558808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-03-10 17:52:21 1075032 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-03-10 17:40:41 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-10 17:40:41 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-02 19:49:34 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-27 15:37:00 -------- d-----w- C:\Program Files (x86)\OpenSesame
2014-02-26 22:17:04 -------- d-----w- C:\Program Files (x86)\BankID
2014-02-26 20:50:57 -------- d-----w- C:\ProgramData\Freemake
2014-02-26 20:50:42 -------- d-----w- C:\Program Files (x86)\Freemake
2014-02-26 20:32:59 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
2014-02-26 20:32:59 132880 ----a-w- C:\Windows\SysWow64\MSINET.OCX
.
==================== Find3M  ====================
.
2014-02-22 18:03:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 18:03:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-10 20:29:05 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-21 02:53:40 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:53:29 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-27 18:42:16 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
.
============= FINISH: 19:01:13.14 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 17/07/2013 18:01:32
System Uptime: 25/03/2014 18:26:40 (1 hours ago)
.
Motherboard: Acer |  | MA50_HX
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz | U3E1 | 1701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 94 GiB total, 22.62 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP140: 25/03/2014 18:42:38 - avast! antivirus system restore point
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
64 Bit HP CIO Components Installer
7-Zip 9.20
7-Zip Packages
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Instant Update Service
Acer Registration
Acer ScreenSaver
Acer Theft Shield
Acer Updater
Acer USB Charge Manager
Acer VCM
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9) MUI
Agatha Christie - Death on the Nile
Atheros Bluetooth Suite (64)
Atheros Driver Installation Program
µTorrent
Backup Manager V3
BankID Security Application
Battle.net
Bejeweled 3
Broadcom NetLink Controller
CCleaner
Chuzzle Deluxe
D3DX10
Dolby Home Theater v4
Dropbox
ETDWare PS/2-X64 10.6.9.9_WHQL
Evernote v. 4.6.7
FastStone Image Viewer 4.8
FATE
Final Drive: Nitro
Fotogalerija Windows Live
Freemake Video Converter version 4.1.3
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Hearthstone
Identity Card
Insaniquarium Deluxe
Intel® Control Center
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.5
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Launch Manager
McAfee Agent
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Norton Online Backup
NTI Media Maker 9
NVIDIA Control Panel 335.23
NVIDIA GeForce Experience 1.8.2
NVIDIA Graphics Driver 335.23
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 11.10.11
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 11.10.11
NVIDIA Update 11.10.11
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
OpenSesame 2.8.0-win32-2
Origin
Penguins!
Plants vs. Zombies - Game of the Year
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Bowler
Pošta Windows Live
PsychoPy2 1.79.01
Python 2.7.6
R for Windows 3.0.1
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RightSurf
RStudio
S?????? f?t???af??? t?? Windows Live
Saints Row IV
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
SHIELD Streaming
Shredder
Skype™ 6.14
Sleep Memory Optimizer
Slingo Deluxe
Smart Timer
Sony PC Companion 2.10.197
Steam
The Elder Scrolls V: Skyrim
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Virtual Villagers 4 - The Tree of Life
VLC media player 2.1.3
Wedding Dash
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zotero Standalone 4.0.17 (x86 en-US)
Zuma Deluxe
.
==== End Of File ===========================


Any help on how to progress would be greatly appreciated. :)

Thanks!

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 30 March 2014 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Sjnjerak

Sjnjerak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 02 April 2014 - 08:03 AM

Hi Nasdaq,
Thank you for taking the time to help me! I already ran Adwcleaner whilst waiting for a reply from here. So I'll post the output in the order I ran the scans: AdwCleaner, Malwarebytes, Farbar.
Everything seems to work fine now, as far as I can tell. Thank you yet again! :)

Please find the output below:

# AdwCleaner v3.022 - Report created 25/03/2014 at 20:23:55
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tomas - Tomas-PC
# Running from : C:\Users\Tomas\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update RightSurf
[#] Service Deleted : Util RightSurf

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\RightSurf
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\RightSurf
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\RightSurf
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ilpy739f.default\prefs.js ]


[ File : C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\rz5lkqz3.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2154 octets] - [25/03/2014 20:23:27]
AdwCleaner[S0].txt - [1963 octets] - [25/03/2014 20:23:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2023 octets] ##########
 

________________________________________________________________________________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/04/2014
Scan Time: 13:57:06
Logfile: Malware bytes 02-04-2014.txt
Administrator: No

Version: 2.00.0.1000
Malware Database: v2014.04.02.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tomas

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 183620
Time Elapsed: 5 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

_________________________________________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Admin (administrator) on Tomas-PC on 02-04-2014 14:00:12
Running from C:\Users\Tomas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Foundation) C:\Program Files (x86)\Zotero Standalone\zotero.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Secure Applicayion] - C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe [259728 2012-06-07] ()
HKLM\...\Run: [InstantUpdate] - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-07] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-09] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-09] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-08] (Acer Incorporated)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3219176740-607255002-752537666-1001\...\MountPoints2: {f70f9083-53c2-11e3-b246-4c72b93d4f0f} - F:\Startme.exe
HKU\S-1-5-21-3219176740-607255002-752537666-1188\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140326091820.dll (McAfee, Inc.)
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140326091820.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 131.111.12.20 131.111.8.42
Tcpip\..\Interfaces\{F3728EC9-F4DD-4066-9D68-101B3FF2CA44}: [NameServer]131.111.12.20,131.111.8.42

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-26]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-26]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-26]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-26]
CHR Extension: (Freemake Video Converter) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-26]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-26]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-02-26]

==================== Services (Whitelisted) =================

R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-18] (Acer Incorporated)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-25] (Freemake)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-01-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-04-24] (Intel Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-03-26] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-03-26] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [235664 2012-06-07] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-20] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-01-03] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-02] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-26] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-03-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-03-26] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 14:00 - 2014-04-02 14:00 - 00015112 _____ () C:\Users\Tomas\Downloads\FRST.txt
2014-04-02 13:58 - 2014-04-02 14:00 - 00000000 ____D () C:\FRST
2014-04-02 13:57 - 2014-04-02 13:57 - 00001066 _____ () C:\Users\Tomas\Desktop\Malware bytes 02-04-2014.txt
2014-04-02 13:46 - 2014-04-02 13:46 - 02157056 _____ (Farbar) C:\Users\Tomas\Downloads\FRST64.exe
2014-04-02 13:43 - 2014-04-02 13:43 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 13:43 - 2014-04-02 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-02 13:43 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-02 13:43 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-02 13:43 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 13:42 - 2014-04-02 13:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Tomas\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-29 18:04 - 2014-03-29 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Adobe
2014-03-27 23:29 - 2014-03-27 23:29 - 00001207 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-03-27 23:29 - 2014-03-27 23:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2014-03-27 23:28 - 2014-03-28 00:01 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\uTorrent
2014-03-27 23:28 - 2014-03-27 23:28 - 01614416 _____ (BitTorrent Inc.) C:\Users\Tomas\Downloads\uTorrent.exe
2014-03-27 22:34 - 2014-03-27 22:34 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-27 14:06 - 2014-03-27 14:08 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\BankID
2014-03-26 18:20 - 2014-03-26 18:20 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Zotero
2014-03-26 18:20 - 2014-03-26 18:20 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Zotero
2014-03-26 16:06 - 2014-03-26 16:06 - 00067232 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Screensaver
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\McAfee
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Atheros
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-03-26 16:05 - 2014-03-29 12:01 - 00000000 ____D () C:\Users\Admin
2014-03-26 16:05 - 2014-03-26 16:06 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-26 16:05 - 2014-03-26 16:06 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-26 16:05 - 2014-03-26 16:05 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-03-26 16:05 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-03-26 16:05 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA
2014-03-26 16:05 - 2013-08-11 23:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-03-26 16:05 - 2012-11-06 15:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-03-26 16:05 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-26 16:05 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-26 12:50 - 2014-03-26 16:02 - 00000000 ____D () C:\Users\Tomas\Downloads\Wavosaur.1.1.0.0-x64(en)
2014-03-26 12:50 - 2014-03-26 12:50 - 01378561 _____ () C:\Users\Tomas\Downloads\Wavosaur.1.1.0.0-x64(en).zip
2014-03-26 11:34 - 2014-03-26 14:14 - 00000000 ____D () C:\Quarantine
2014-03-26 11:12 - 2014-03-27 23:55 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\vlc
2014-03-26 11:09 - 2014-03-26 12:39 - 00033895 _____ () C:\Users\Tomas\Downloads\quickrun.csv
2014-03-26 10:58 - 2014-03-30 16:24 - 00000000 ____D () C:\Users\Tomas\Documents\Experiment 1
2014-03-26 10:52 - 2014-03-27 16:25 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Skype
2014-03-26 10:52 - 2014-03-26 10:52 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Skype
2014-03-26 10:43 - 2014-03-26 10:44 - 00004216 _____ () C:\Users\Tomas\Documents\cc_20140326_094344.reg
2014-03-26 10:28 - 2014-03-26 10:28 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-03-26 10:28 - 2014-03-26 10:28 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-26 10:19 - 2014-03-26 10:19 - 00262144 _____ () C:\Windows\system32\config\ELAM
2014-03-26 10:18 - 2014-03-26 10:18 - 00782968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00344176 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00185280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-03-26 10:18 - 2014-03-26 10:18 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00121896 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2014-03-26 10:18 - 2014-03-26 10:18 - 00107032 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00094080 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2014-03-26 10:18 - 2014-03-26 10:18 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2014-03-26 10:18 - 2014-03-26 10:18 - 00011208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-26 10:13 - 2014-03-26 10:16 - 46718976 _____ () C:\Users\Tomas\Downloads\Ent88P4Setup.exe
2014-03-26 10:03 - 2014-03-26 10:05 - 108185434 _____ () C:\Users\Tomas\Downloads\Experiment1.opensesame.tar.gz
2014-03-26 09:44 - 2014-03-28 00:02 - 00007704 _____ () C:\Windows\PFRO.log
2014-03-25 22:44 - 2014-04-02 11:21 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Battle.net
2014-03-25 22:44 - 2014-03-25 22:44 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Battle.net
2014-03-25 22:44 - 2014-03-25 22:44 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Blizzard Entertainment
2014-03-25 22:44 - 2014-03-25 22:44 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Blizzard
2014-03-25 22:43 - 2014-04-02 13:29 - 00003752 _____ () C:\Windows\setupact.log
2014-03-25 22:43 - 2014-03-25 22:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-25 22:37 - 2014-03-25 22:37 - 00017232 _____ () C:\Users\Tomas\Documents\cc_20140325_213728.reg
2014-03-25 22:24 - 2014-03-26 16:05 - 00000000 ____D () C:\ProgramData\COMODO
2014-03-25 22:24 - 2014-03-26 16:02 - 00000000 ____D () C:\Program Files\COMODO
2014-03-25 22:24 - 2014-03-26 16:01 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\first_launch
2014-03-25 22:19 - 2014-03-25 22:19 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\.opensesame
2014-03-25 22:17 - 2014-03-25 22:19 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\psychopy2
2014-03-25 22:10 - 2014-03-25 22:10 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\FastStone
2014-03-25 21:55 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-25 21:55 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-25 21:55 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-25 21:55 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-25 21:55 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-25 21:55 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-25 21:55 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-25 21:55 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-25 21:55 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-25 21:55 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-25 21:55 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-25 21:55 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-25 21:55 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-25 21:55 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-25 21:55 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-25 21:55 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-25 21:55 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-25 21:55 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-25 21:53 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-03-25 21:53 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-03-25 21:53 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-03-25 21:53 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-25 21:53 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-03-25 21:53 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-03-25 21:53 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-03-25 21:52 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-03-25 21:52 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-03-25 21:52 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-03-25 21:52 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-03-25 21:52 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-03-25 21:52 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-03-25 21:52 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-03-25 21:52 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-03-25 21:52 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-03-25 21:52 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-03-25 21:52 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-03-25 21:52 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-03-25 21:52 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-03-25 21:52 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-03-25 21:52 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-03-25 21:52 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-03-25 21:52 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-03-25 21:52 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-03-25 21:52 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-03-25 21:51 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-25 21:51 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-25 21:51 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-25 21:51 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-25 21:51 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-25 21:51 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-25 21:51 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-25 21:51 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-25 21:51 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-25 21:51 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-25 21:51 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-25 21:51 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-25 21:51 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-25 21:51 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-25 21:51 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-25 21:51 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-25 21:51 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-25 21:51 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-25 21:51 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-25 21:51 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-25 21:51 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-25 21:51 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-25 21:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-25 21:51 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-25 21:51 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-25 21:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-25 21:51 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-25 21:51 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-25 21:51 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-25 21:51 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-03-25 21:51 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-25 21:51 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-03-25 21:51 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-25 21:51 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-25 21:51 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-25 21:51 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-25 21:51 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-25 21:51 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-25 21:51 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-25 21:51 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-25 21:51 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-25 21:51 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-25 21:51 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-25 21:51 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-25 21:51 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-25 21:51 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-25 21:51 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-25 21:51 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-25 21:51 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-25 21:51 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-25 21:51 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-25 21:51 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-25 21:51 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-03-25 21:51 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-25 21:51 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-25 21:51 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-25 21:51 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-03-25 21:51 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-03-25 21:51 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-03-25 21:51 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-03-25 21:51 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-25 21:51 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-25 21:51 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-03-25 21:51 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-03-25 21:51 - 2012-11-30 06:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-25 21:51 - 2012-11-30 06:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-25 21:51 - 2012-11-30 06:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-25 21:51 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-03-25 21:51 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-03-25 21:51 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-03-25 21:51 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-03-25 21:51 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-03-25 21:51 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-03-25 21:51 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-03-25 21:51 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-03-25 21:51 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-03-25 21:51 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-03-25 21:51 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-03-25 21:51 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-03-25 21:51 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-03-25 21:51 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-03-25 21:51 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-03-25 21:51 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-03-25 21:51 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-03-25 21:51 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-03-25 21:51 - 2012-07-06 21:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-03-25 21:51 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-03-25 21:51 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-03-25 21:51 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-03-25 21:51 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-25 21:51 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-25 21:51 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-03-25 21:51 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-03-25 21:51 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-03-25 21:51 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-03-25 21:50 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-25 21:50 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-25 21:50 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-03-25 21:40 - 2014-03-25 21:40 - 00107622 _____ () C:\Users\Tomas\Documents\cc_20140325_204010.reg
2014-03-25 21:31 - 2014-04-02 13:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 21:31 - 2014-03-25 21:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:30 - 2014-03-25 21:30 - 00018337 _____ () C:\Users\Tomas\Desktop\RKreport[0]_S_03252014_202839 25-3-2014.txt
2014-03-25 21:30 - 2014-03-25 21:30 - 00017883 _____ () C:\Users\Tomas\Desktop\RKreport[0]_D_03252014_203007.txt
2014-03-25 21:30 - 2014-03-25 21:30 - 00017883 _____ () C:\Users\Tomas\Desktop\RKreport[0]_D_03252014_203007 25-3-2014 2.txt
2014-03-25 21:28 - 2014-03-25 21:28 - 00018337 _____ () C:\Users\Tomas\Desktop\RKreport[0]_S_03252014_202839.txt
2014-03-25 21:25 - 2014-03-25 21:25 - 00002111 _____ () C:\Users\Tomas\Desktop\AdwCleaner[S0] 25-3-2014.txt
2014-03-25 21:23 - 2014-03-25 21:24 - 00000000 ____D () C:\AdwCleaner
2014-03-25 20:53 - 2014-03-26 09:44 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-03-25 20:08 - 2014-03-25 20:08 - 00002290 _____ () C:\Users\Tomas\Desktop\JRT 25-3-2014.txt
2014-03-25 20:07 - 2014-03-25 20:07 - 00023039 _____ () C:\Users\Tomas\Desktop\DDS 25-3-2014.txt
2014-03-25 20:04 - 2014-03-25 20:04 - 00009802 _____ () C:\Users\Tomas\Desktop\Attach 25-03-2014.txt
2014-03-25 20:01 - 2014-03-25 20:01 - 00023039 _____ () C:\Users\Tomas\Desktop\dds.txt
2014-03-25 20:01 - 2014-03-25 20:01 - 00009802 _____ () C:\Users\Tomas\Desktop\attach.txt
2014-03-25 19:49 - 2014-03-25 19:49 - 00002290 _____ () C:\Users\Tomas\Desktop\JRT.txt
2014-03-25 19:40 - 2014-03-25 19:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 19:34 - 2014-03-25 19:34 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\McAfee
2014-03-25 16:52 - 2014-03-25 16:52 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Google
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Macromedia
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Tomas\AppData\Local\EgisTec IPS
2014-03-25 16:37 - 2014-03-25 16:37 - 00000000 ____D () C:\Users\Tomas\AppData\Local\NVIDIA Corporation
2014-03-25 16:36 - 2014-03-25 16:36 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Atheros
2014-03-25 15:45 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Adobe
2014-03-25 15:45 - 2014-03-25 15:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Macromedia
2014-03-25 15:43 - 2014-03-25 22:02 - 00067232 _____ () C:\Users\Tomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-25 15:34 - 2014-03-25 16:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Mozilla
2014-03-25 15:34 - 2014-03-25 16:45 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Mozilla
2014-03-24 22:24 - 2012-07-25 13:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-03-24 21:51 - 2014-03-29 12:01 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-24 21:51 - 2014-03-24 21:51 - 00001187 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-24 21:33 - 2014-03-24 21:33 - 00001150 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-24 21:33 - 2014-03-24 21:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-23 12:18 - 2014-03-23 12:18 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-17 17:04 - 2014-03-17 17:04 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-17 17:04 - 2014-03-17 17:04 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-03-17 17:04 - 2014-03-17 17:04 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-17 17:03 - 2013-08-02 10:28 - 00593184 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-03-17 17:03 - 2013-08-02 10:28 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-03-17 17:03 - 2013-08-02 10:27 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml155.dll
2014-03-17 17:03 - 2013-08-02 10:27 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja155.dll
2014-03-17 17:03 - 2013-08-02 10:27 - 00190240 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-03-17 17:03 - 2013-08-02 10:27 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp155.dll
2014-03-17 17:03 - 2013-08-02 10:27 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-03-17 17:03 - 2013-08-02 10:25 - 00442656 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn155.dll
2014-03-17 17:03 - 2013-08-02 10:25 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-03-17 17:03 - 2013-08-02 10:21 - 00441632 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3155.dll
2014-03-17 17:03 - 2011-02-11 16:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-03-17 17:03 - 2011-02-11 16:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-03-17 17:03 - 2009-02-25 18:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-03-17 16:56 - 2014-03-17 16:56 - 00000000 ____D () C:\HP Universal Print Driver
2014-03-13 22:55 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 22:55 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 22:55 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 22:55 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 22:55 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-10 18:53 - 2014-03-10 18:53 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-10 18:53 - 2014-03-10 18:53 - 00000000 ____D () C:\Windows\system32\NV
2014-03-10 18:53 - 2014-03-10 18:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-10 18:52 - 2014-03-10 18:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-10 18:52 - 2014-03-04 14:06 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-10 18:52 - 2014-03-04 14:06 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-10 18:52 - 2014-03-04 14:05 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-10 18:52 - 2014-03-04 14:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-10 18:52 - 2014-03-04 14:05 - 01075032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-03-10 18:52 - 2014-03-04 14:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-10 18:52 - 2014-03-04 14:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-10 18:52 - 2014-03-04 14:05 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-03-10 18:52 - 2014-03-04 14:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-10 18:49 - 2014-03-04 15:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-10 18:49 - 2014-03-04 15:35 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-10 18:49 - 2014-03-04 15:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-10 18:40 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-10 18:40 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

2014-04-02 14:00 - 2014-04-02 14:00 - 00015112 _____ () C:\Users\Tomas\Downloads\FRST.txt
2014-04-02 14:00 - 2014-04-02 13:58 - 00000000 ____D () C:\FRST
2014-04-02 13:57 - 2014-04-02 13:57 - 00001066 _____ () C:\Users\Tomas\Desktop\Malware bytes 02-04-2014.txt
2014-04-02 13:46 - 2014-04-02 13:46 - 02157056 _____ (Farbar) C:\Users\Tomas\Downloads\FRST64.exe
2014-04-02 13:46 - 2014-03-25 21:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 13:43 - 2014-04-02 13:43 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 13:43 - 2014-04-02 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-02 13:42 - 2014-04-02 13:42 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Tomas\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-02 13:36 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 13:36 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 13:35 - 2009-07-14 06:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 13:32 - 2013-07-10 20:24 - 02084720 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 13:29 - 2014-03-25 22:43 - 00003752 _____ () C:\Windows\setupact.log
2014-04-02 13:29 - 2012-11-06 15:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 13:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 11:21 - 2014-03-25 22:44 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Battle.net
2014-04-02 08:42 - 2012-11-06 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-02 08:42 - 2012-11-06 15:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-02 08:42 - 2012-11-06 15:38 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-31 10:33 - 2013-07-17 18:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 10:33 - 2013-07-17 18:11 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 16:24 - 2014-03-26 10:58 - 00000000 ____D () C:\Users\Tomas\Documents\Experiment 1
2014-03-30 16:12 - 2013-07-17 18:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 16:12 - 2013-07-17 18:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-30 15:28 - 2013-07-17 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-30 11:03 - 2014-02-21 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 18:38 - 2013-09-06 16:14 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-03-29 18:05 - 2014-03-29 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 12:01 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Admin
2014-03-29 12:01 - 2014-03-24 21:51 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-28 11:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-28 00:02 - 2014-03-26 09:44 - 00007704 _____ () C:\Windows\PFRO.log
2014-03-28 00:01 - 2014-03-27 23:28 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\uTorrent
2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Adobe
2014-03-27 23:56 - 2014-03-25 15:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Adobe
2014-03-27 23:55 - 2014-03-26 11:12 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\vlc
2014-03-27 23:29 - 2014-03-27 23:29 - 00001207 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-03-27 23:29 - 2014-03-27 23:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2014-03-27 23:28 - 2014-03-27 23:28 - 01614416 _____ (BitTorrent Inc.) C:\Users\Tomas\Downloads\uTorrent.exe
2014-03-27 22:34 - 2014-03-27 22:34 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-27 16:25 - 2014-03-26 10:52 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Skype
2014-03-27 14:08 - 2014-03-27 14:06 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\BankID
2014-03-26 18:20 - 2014-03-26 18:20 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Zotero
2014-03-26 18:20 - 2014-03-26 18:20 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Zotero
2014-03-26 16:06 - 2014-03-26 16:06 - 00067232 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Screensaver
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\McAfee
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Atheros
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2014-03-26 16:06 - 2014-03-26 16:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-03-26 16:06 - 2014-03-26 16:05 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-26 16:06 - 2014-03-26 16:05 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-26 16:05 - 2014-03-26 16:05 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-03-26 16:05 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-03-26 16:05 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA
2014-03-26 16:05 - 2014-03-25 22:24 - 00000000 ____D () C:\ProgramData\COMODO
2014-03-26 16:02 - 2014-03-26 12:50 - 00000000 ____D () C:\Users\Tomas\Downloads\Wavosaur.1.1.0.0-x64(en)
2014-03-26 16:02 - 2014-03-25 22:24 - 00000000 ____D () C:\Program Files\COMODO
2014-03-26 16:01 - 2014-03-25 22:24 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-03-26 14:14 - 2014-03-26 11:34 - 00000000 ____D () C:\Quarantine
2014-03-26 12:50 - 2014-03-26 12:50 - 01378561 _____ () C:\Users\Tomas\Downloads\Wavosaur.1.1.0.0-x64(en).zip
2014-03-26 12:39 - 2014-03-26 11:09 - 00033895 _____ () C:\Users\Tomas\Downloads\quickrun.csv
2014-03-26 10:52 - 2014-03-26 10:52 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Skype
2014-03-26 10:44 - 2014-03-26 10:43 - 00004216 _____ () C:\Users\Tomas\Documents\cc_20140326_094344.reg
2014-03-26 10:28 - 2014-03-26 10:28 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-03-26 10:28 - 2014-03-26 10:28 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-26 10:19 - 2014-03-26 10:19 - 00262144 _____ () C:\Windows\system32\config\ELAM
2014-03-26 10:18 - 2014-03-26 10:18 - 00782968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00344176 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00185280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-03-26 10:18 - 2014-03-26 10:18 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00121896 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2014-03-26 10:18 - 2014-03-26 10:18 - 00107032 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00094080 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2014-03-26 10:18 - 2014-03-26 10:18 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2014-03-26 10:18 - 2014-03-26 10:18 - 00011208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2014-03-26 10:18 - 2014-03-26 10:18 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-26 10:18 - 2012-11-06 15:08 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-26 10:18 - 2012-11-06 15:08 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-26 10:16 - 2014-03-26 10:13 - 46718976 _____ () C:\Users\Tomas\Downloads\Ent88P4Setup.exe
2014-03-26 10:05 - 2014-03-26 10:03 - 108185434 _____ () C:\Users\Tomas\Downloads\Experiment1.opensesame.tar.gz
2014-03-26 09:44 - 2014-03-25 20:53 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-03-25 22:44 - 2014-03-25 22:44 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Battle.net
2014-03-25 22:44 - 2014-03-25 22:44 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Blizzard Entertainment
2014-03-25 22:44 - 2014-03-25 22:44 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Blizzard
2014-03-25 22:43 - 2014-03-25 22:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-25 22:37 - 2014-03-25 22:37 - 00017232 _____ () C:\Users\Tomas\Documents\cc_20140325_213728.reg
2014-03-25 22:28 - 2013-09-10 12:23 - 00001364 _____ () C:\Users\Tomas\Desktop\Article Database.lnk
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\first_launch
2014-03-25 22:19 - 2014-03-25 22:19 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\.opensesame
2014-03-25 22:19 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\psychopy2
2014-03-25 22:17 - 2014-02-03 16:17 - 00000000 ____D () C:\Users\Tomas\.matplotlib
2014-03-25 22:10 - 2014-03-25 22:10 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\FastStone
2014-03-25 22:02 - 2014-03-25 15:43 - 00067232 _____ () C:\Users\Tomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-25 22:01 - 2009-07-14 05:45 - 00312520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-25 22:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-25 21:55 - 2013-08-11 10:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-25 21:40 - 2014-03-25 21:40 - 00107622 _____ () C:\Users\Tomas\Documents\cc_20140325_204010.reg
2014-03-25 21:39 - 2013-07-17 18:22 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-25 21:39 - 2013-07-17 18:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-25 21:31 - 2014-03-25 21:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:30 - 2014-03-25 21:30 - 00018337 _____ () C:\Users\Tomas\Desktop\RKreport[0]_S_03252014_202839 25-3-2014.txt
2014-03-25 21:30 - 2014-03-25 21:30 - 00017883 _____ () C:\Users\Tomas\Desktop\RKreport[0]_D_03252014_203007.txt
2014-03-25 21:30 - 2014-03-25 21:30 - 00017883 _____ () C:\Users\Tomas\Desktop\RKreport[0]_D_03252014_203007 25-3-2014 2.txt
2014-03-25 21:28 - 2014-03-25 21:28 - 00018337 _____ () C:\Users\Tomas\Desktop\RKreport[0]_S_03252014_202839.txt
2014-03-25 21:25 - 2014-03-25 21:25 - 00002111 _____ () C:\Users\Tomas\Desktop\AdwCleaner[S0] 25-3-2014.txt
2014-03-25 21:24 - 2014-03-25 21:23 - 00000000 ____D () C:\AdwCleaner
2014-03-25 21:24 - 2013-07-17 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-25 20:08 - 2014-03-25 20:08 - 00002290 _____ () C:\Users\Tomas\Desktop\JRT 25-3-2014.txt
2014-03-25 20:07 - 2014-03-25 20:07 - 00023039 _____ () C:\Users\Tomas\Desktop\DDS 25-3-2014.txt
2014-03-25 20:04 - 2014-03-25 20:04 - 00009802 _____ () C:\Users\Tomas\Desktop\Attach 25-03-2014.txt
2014-03-25 20:01 - 2014-03-25 20:01 - 00023039 _____ () C:\Users\Tomas\Desktop\dds.txt
2014-03-25 20:01 - 2014-03-25 20:01 - 00009802 _____ () C:\Users\Tomas\Desktop\attach.txt
2014-03-25 19:49 - 2014-03-25 19:49 - 00002290 _____ () C:\Users\Tomas\Desktop\JRT.txt
2014-03-25 19:40 - 2014-03-25 19:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 19:34 - 2014-03-25 19:34 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\McAfee
2014-03-25 16:52 - 2014-03-25 16:52 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Google
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Macromedia
2014-03-25 16:46 - 2014-03-25 16:46 - 00000000 ____D () C:\Users\Tomas\AppData\Local\EgisTec IPS
2014-03-25 16:46 - 2009-07-14 03:34 - 00000635 _____ () C:\Windows\win.ini
2014-03-25 16:45 - 2014-03-25 15:34 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Mozilla
2014-03-25 16:45 - 2014-03-25 15:34 - 00000000 ____D () C:\Users\Tomas\AppData\Local\Mozilla
2014-03-25 16:37 - 2014-03-25 16:37 - 00000000 ____D () C:\Users\Tomas\AppData\Local\NVIDIA Corporation
2014-03-25 16:36 - 2014-03-25 16:36 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Atheros
2014-03-25 15:45 - 2014-03-25 15:45 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Macromedia
2014-03-25 15:31 - 2013-07-25 12:36 - 00000000 ____D () C:\Users\Tomas\AppData\Roaming\Dropbox
2014-03-25 15:27 - 2013-07-25 12:38 - 00000000 ___RD () C:\Users\Tomas\Dropbox
2014-03-25 15:27 - 2013-07-17 18:01 - 00000000 ___RD () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 15:27 - 2013-07-17 18:01 - 00000000 ___RD () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-25 15:27 - 2013-07-17 18:01 - 00000000 ___RD () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-25 15:27 - 2013-07-17 18:01 - 00000000 ___RD () C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-25 15:26 - 2013-07-17 18:01 - 00000000 ____D () C:\Users\Tomas\AppData\Local\VirtualStore
2014-03-25 15:22 - 2013-12-30 17:31 - 00000000 ____D () C:\Users\Tomas\AppData\Local\NVIDIA
2014-03-25 12:19 - 2013-11-23 00:32 - 00002030 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-25 12:19 - 2012-11-06 15:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-25 12:17 - 2013-07-17 18:01 - 00000000 ____D () C:\Users\Tomas
2014-03-25 12:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-25 12:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-24 21:51 - 2014-03-24 21:51 - 00001187 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-24 21:33 - 2014-03-24 21:33 - 00001150 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-24 21:33 - 2014-03-24 21:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-23 12:18 - 2014-03-23 12:18 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-20 14:19 - 2013-10-24 20:25 - 00000000 ____D () C:\Users\Tomas\Documents\Zotero
2014-03-18 20:51 - 2013-08-19 21:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 20:51 - 2013-07-20 20:58 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 17:04 - 2014-03-17 17:04 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-17 17:04 - 2014-03-17 17:04 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-03-17 17:04 - 2014-03-17 17:04 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-03-17 16:56 - 2014-03-17 16:56 - 00000000 ____D () C:\HP Universal Print Driver
2014-03-15 21:27 - 2013-07-17 18:13 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 12:28 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 18:53 - 2014-03-10 18:53 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-10 18:53 - 2014-03-10 18:53 - 00000000 ____D () C:\Windows\system32\NV
2014-03-10 18:53 - 2014-03-10 18:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-10 18:52 - 2014-03-10 18:52 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-10 18:52 - 2013-12-30 13:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-10 18:52 - 2013-07-10 10:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-10 18:52 - 2013-07-10 10:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-10 18:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-03-05 09:26 - 2014-04-02 13:43 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-02 13:43 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-02 13:43 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 15:35 - 2014-03-10 18:49 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 15:35 - 2014-03-10 18:49 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 15:35 - 2014-03-10 18:49 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-04 15:35 - 2014-03-10 18:49 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 14:06 - 2014-03-10 18:52 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 14:06 - 2014-03-10 18:52 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 14:05 - 2014-03-10 18:52 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 14:05 - 2014-03-10 18:52 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 14:05 - 2014-03-10 18:52 - 01075032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-03-04 14:05 - 2014-03-10 18:52 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 14:05 - 2014-03-10 18:52 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 14:05 - 2014-03-10 18:52 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-03-04 14:05 - 2014-03-10 18:52 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

Some content of TEMP:
====================
C:\Users\Tomas\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Tomas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 18:25

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Admin at 2014-04-02 14:00:34
Running from C:\Users\Tomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30660 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.12.0312.1916 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.00.3005 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Acer USB Charge Manager (HKLM-x32\...\{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}) (Version: 1.00.3002 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
BankID Security Application (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.1.3.2 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.)
Evernote v. 4.6.7 (HKLM-x32\...\{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}) (Version: 4.6.7.8409 - Evernote Corp.)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroine's Quest: The Herald of Ragnarok (HKLM-x32\...\Steam App 283880) (Version:  - Crystal Shard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.11.1480 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenSesame 2.8.0-win32-2 (HKLM-x32\...\OpenSesame) (Version: 2.8.0-win32-2 - Sebastiaan Mathot)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PsychoPy2 1.79.01 (HKLM-x32\...\PsychoPy2) (Version: 1.79.01 - Jon Peirce)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.501 - RStudio)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleep Memory Optimizer (HKLM-x32\...\{34BE2594-1D20-4A2E-97A0-B9E2837520AE}) (Version: 1.00.3004 - Acer Incorporated)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3004 - Acer Incorporated)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zotero Standalone 4.0.19 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.19 (x86 en-US)) (Version: 4.0.19 - Zotero)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2E3B4EA8-269C-4423-AAB0-05492E8E3D81} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-01-20] (Intel)
Task: {312CC3A6-C6A4-4B0E-840A-D8F1E5DB72D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {37A934F7-5DF9-47AD-80FE-81D70A2760A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {50E900C3-CE70-4D37-B585-488E0248AE7C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02] (Adobe Systems Incorporated)
Task: {5BF075B9-7DC8-4F62-8FD3-50FCBE5C3D68} - \Advanced System Protector_startup No Task File
Task: {5E2921D8-E595-450A-87CF-F785461C302B} - System32\Tasks\Smart Timer Task Scheduler => Smart_Timer.exe
Task: {91CF51C2-08CF-4C91-BA77-F94FEFE89DE1} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {98A9782F-AEF4-4DBB-83E4-EE2AA698B713} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {997212B3-67BE-42AE-A2DC-84B827B1838C} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {BC90C416-847B-4471-B7C9-9ABAE2307788} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-10 18:49 - 2014-03-04 15:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-10 18:52 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-07 22:38 - 2012-06-07 22:38 - 00235664 _____ () C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe
2012-06-07 22:38 - 2012-06-07 22:38 - 00114320 _____ () C:\Program Files\Acer\Acer Theft Shield\SysCtrl.dll
2012-06-07 22:38 - 2012-06-07 22:38 - 00197776 _____ () C:\Program Files\Acer\Acer Theft Shield\LogMgr2.dll
2012-06-07 22:38 - 2012-06-07 22:38 - 00141456 _____ () C:\Program Files\Acer\Acer Theft Shield\WHNCtrl.dll
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-06-07 22:38 - 2012-06-07 22:38 - 00259728 _____ () C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
2012-06-07 22:38 - 2012-06-07 22:38 - 00213648 _____ () C:\Program Files\Acer\Acer Theft Shield\CommPtl.dll
2012-11-06 14:19 - 2012-02-14 02:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-07 05:29 - 2012-04-07 05:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-04-07 05:29 - 2012-04-07 05:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-03-10 18:49 - 2014-03-04 15:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 23:22 - 2012-01-05 23:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-03-29 18:04 - 2014-03-29 18:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-13 13:58 - 2014-02-13 13:58 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2013-07-10 20:22 - 2011-11-30 04:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-10 10:30 - 2012-04-24 08:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-10-24 19:53 - 2014-03-29 18:38 - 03328416 _____ () C:\Program Files (x86)\Zotero Standalone\xulrunner\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Tomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: ZoneAlarm Installer => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2014 01:30:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 11:30:41 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/02/2014 08:41:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 00:10:44 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/01/2014 05:00:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 09:47:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 11:45:14 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/31/2014 10:35:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 06:26:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (03/30/2014 04:27:38 PM) (Source: Application Hang) (User: )
Description: The program opensesame.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1688

Start Time: 01cf4c0f0699fc5f

Termination Time: 15

Application Path: C:\Program Files (x86)\OpenSesame\opensesame.exe

Report Id: c9dbc0f3-b81f-11e3-b01c-4c72b93d4f0f


System errors:
=============
Error: (04/02/2014 01:40:39 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/02/2014 01:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847

Error: (04/02/2014 08:58:53 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/01/2014 11:22:33 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/01/2014 07:39:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/01/2014 07:03:50 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/01/2014 07:03:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/01/2014 10:17:01 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/01/2014 10:02:26 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/01/2014 09:46:54 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-26 09:18:17.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-26 09:18:17.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-26 09:18:17.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-26 09:18:17.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 5979.36 MB
Available physical RAM: 3628.49 MB
Total Pagefile: 11956.89 MB
Available Pagefile: 9471.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:93.56 GB) (Free:7.76 GB) NTFS
Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:152.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: E057A24A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: A4B57300)

Partition: GPT Partition Type.

==================== End Of Log ============================
 


Edited by Sjnjerak, 02 April 2014 - 08:07 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 02 April 2014 - 12:44 PM


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

How is the computer performing now?

#5 Sjnjerak

Sjnjerak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 02 April 2014 - 12:51 PM

Hi nasdaq,

The computer is performing fine.
Thank you!

Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee VirusScan Enterprise   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 02 April 2014 - 01:21 PM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 08 April 2014 - 08:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users