Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Java & Quicktime (plus more issues i think) help please im disabled


  • This topic is locked This topic is locked
10 replies to this topic

#1 GreekEnigma

GreekEnigma

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 16 May 2014 - 12:25 PM

(if ive attached the log the wrong way please let me know as im very new to the internet)
 
Hi im brand new to this site but was adviced to post logs made with dds (so will do so)
in short me and my brother share a laptop (2 user accounts both administrator accounts)
he is 18 im 30 (but disabled so find it hard to think/use laptop etc)
anyway ive been thinking the laptop is infected with things as the green volume bar pops up at times by itself (acer/packard bell software thing) so when you do volume short cuts it shows a green bar on screen (hard to explan)
well i use
avast free
malwaebytes free
superantispyware free
 
anyway story short everything said fine UNTIL
i installed adwcleaner and emisoft anti maleware (freeware version)
 
ok something called hijackfree (i didnt understand it) well it showed lots of things some saing unsure what it,others green meaning ok but somethings said fake java keylogger!!!! fake quicktime etc
what scares me is hijackfree had loads of things it didnt reconse
also adwcleaner showed things
usually anything in malwarebytes,ccleaner,etc i usually just delete
but then i heard about false positives
well should i backup all pics etc and just erase hard drive and reinstall OS? (i dont want to but got a feeing this laptop is full of nasties)
im scared as used it alot for transactions
anyway ill post the 2 logs
but would be greatful on what security software i should use and where to post about it
thankyou so much ive heard great things about this site
and appreciate you guys doing this for free :) ......nice people do excist :thumbsup:
LOGS.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Bret at 18:02:17 on 2014-05-16
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.3001.1652 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
C:\Program Files (x86)\Launch Manager\OSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
BHO: {50B287B4-EE88-3A9A-E48B-CE804BA1386F} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe"
mRun: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3D9AB11E-DD91-4B15-A035-A9BF34A8AE5B} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3D9AB11E-DD91-4B15-A035-A9BF34A8AE5B}\2456374797 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{3D9AB11E-DD91-4B15-A035-A9BF34A8AE5B}\247534F57457563747 : DHCPNameServer = 212.44.55.100 193.164.97.35
TCP: Interfaces\{3D9AB11E-DD91-4B15-A035-A9BF34A8AE5B}\35B4955303336393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3D9AB11E-DD91-4B15-A035-A9BF34A8AE5B}\A6564753 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3D9AB11E-DD91-4B15-A035-A9BF34A8AE5B}\C496675626F687D224132403 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{90430F85-6238-49AD-B6DE-B5D2C35AC36D} : DHCPNameServer = 172.20.10.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bret\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-17 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-9-17 208416]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-5-15 26176]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-17 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-9-17 423240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-25 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-17 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2013-12-28 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-25 50344]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-2-21 105448]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-11-4 660184]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-27 5341536]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-5-15 57024]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-2-4 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WisLMSvc;WisLMSvc;C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [2013-8-16 118784]
S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-5-15 4163584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-5-15 71472]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-1-25 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-1-25 9800]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-5-7 191944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-10-18 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-11-4 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-27 19456]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-11-4 1228504]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-27 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-27 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2014-3-25 25536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2014-05-16 16:46:54    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9423C42-CB59-48C6-B9FE-5C63B76A5AE1}\mpengine.dll
2014-05-15 17:06:15    --------    d-----w-    C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-15 00:27:28    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-14 23:08:00    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-14 23:08:00    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-14 23:07:59    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-14 23:02:00    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-14 22:19:47    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-14 21:54:42    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-05-14 21:52:52    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-14 21:52:52    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-14 21:52:38    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-05-14 21:52:38    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-05-14 21:52:18    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-05-14 21:52:18    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-05-14 21:52:18    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-05-14 21:52:18    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-05-14 21:52:18    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-05-14 21:51:48    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-05-14 21:30:15    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-05-14 20:54:09    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-14 20:54:09    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-14 20:15:41    --------    d-----w-    C:\Users\Bret\AppData\Roaming\AVAST Software
2014-05-14 04:19:16    --------    d-s---w-    C:\ComboFix
2014-05-13 11:00:09    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-05-13 10:59:56    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 13:48:42    227704    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-04-26 14:06:29    40960    ----a-w-    C:\Windows\SysWow64\ssubtmr6.dll
2014-04-26 14:06:29    36864    ----a-w-    C:\Windows\SysWow64\trayicon_handler.ocx
2014-04-26 14:06:29    28672    ----a-w-    C:\Windows\SysWow64\mousewheel.ocx
2014-04-26 14:06:29    212240    ----a-w-    C:\Windows\SysWow64\richtx32.ocx
2014-04-26 14:06:29    164144    ----a-w-    C:\Windows\SysWow64\comct232.ocx
2014-04-26 14:06:29    --------    d-----w-    C:\Program Files (x86)\DVD Flick
2014-04-25 16:23:03    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-04-25 16:22:58    43152    ----a-w-    C:\Windows\avastSS.scr
2014-04-18 15:19:59    --------    d-----w-    C:\Users\Bret\AppData\Roaming\QuickScan
.
==================== Find3M  ====================
.
2014-05-16 15:42:20    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-14 21:11:42    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 21:11:42    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-25 16:22:59    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-04-25 16:22:59    85328    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-04-25 16:22:59    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-25 16:22:59    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-04-25 16:22:59    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-04-25 16:22:59    1039096    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-03-31 21:46:48    130712    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2014-03-31 21:46:48    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-31 08:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01    5550016    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20    39936    ----a-w-    C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-03-04 09:44:03    722944    ----a-w-    C:\Windows\System32\objsel.dll
2014-03-04 09:44:03    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00    424960    ----a-w-    C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56    57344    ----a-w-    C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56    52736    ----a-w-    C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56    44544    ----a-w-    C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-03-04 09:43:55    56832    ----a-w-    C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55    53760    ----a-w-    C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11    3969984    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
.
============= FINISH: 18:03:49.82 ===============


also i dnt understand hijackfree
but when i run it i clicked online analysis
and it shows somebad th9ings that scare me (and alot of things i havnt taken a pic of that hijackfree dont know what it is?)
Attached File  10.jpg   129.77KB   0 downloads

 

p.s i didnt realize i must not install or delete programs until log n help has been done

my brother has either installed or uninstalled java 64bit (sorry)

ive told him now :)

ummm reason is because as 64bit windows some people say install only 32bit java and some say install both (a lil lost)

thankyou & i promise to make no changes to the system now :)


Edited by GreekEnigma, 16 May 2014 - 04:56 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 AM

Posted 21 May 2014 - 08:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 GreekEnigma

GreekEnigma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 21 May 2014 - 01:31 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

 

Hi, thankyou for the help (im very new to the internet so please bare with me)

i will paste the logs you asked for

but please let me express something

ok ive already showed the security setup i have in top of this thread (ive told its ok?)

but usually if malwarebytes etc finds anything i just delete it etc

but when laptop started showing volume bar for no reason at times i found it odd

i then came by this site and tried emisoft ,found it very confusing but i opened up something called hijackfree,

hijackfree i dnt understand at all! but i clicked a button in it called online analysis, which showed fake java's and quicktime (please look at the pics)

but hijackfree doent look very good as most things it just said (GOOGLE meaning hijackfree had no idea what LOADS of thiings were for some reason

 

I Will show to pic that i screenprinted (i should of screen printed all the stuff hijackfree didnt know what it was but i forgot)

 

I WILL THEN PASTE THE LOGS YOU WANTED

THANKYOU AGAIN :@)

image.jpg

image.jpg

 

BELOW ARE THE LOGS YOU WANTED (P.S I DIDNT CLICK CLEAN ON ADWCLEANER AS I DIDNT KNOW WHAT THEY WERE? AND IF SAFE TO DELETE?)

 

# AdwCleaner v3.210 - Report created 21/05/2014 at 18:25:59
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Bret - JAYS-LAPPY
# Running from : C:\Users\Bret\Downloads\scanners\adwcleaner_3.210.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\Software\Email Notifier
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\prefs.js ]


[ File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l21hrku0.default\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Bret\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1831 octets] - [15/05/2014 00:01:08]
AdwCleaner[R1].txt - [1891 octets] - [15/05/2014 00:40:27]
AdwCleaner[R2].txt - [1951 octets] - [15/05/2014 00:54:14]
AdwCleaner[R3].txt - [1877 octets] - [21/05/2014 18:25:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1937 octets] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Bret (administrator) on JAYS-LAPPY on 21-05-2014 18:30:29
Running from C:\Users\Bret\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [192512 2008-08-22] (Wistron)
HKLM-x32\...\Run: [LMgrOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [430080 2008-05-16] (Wistron Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-25] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3732688033-74849839-84767891-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3732688033-74849839-84767891-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1351E3FABACBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9F443C06-AB9E-4E61-9176-3DDBF25FF254} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {50B287B4-EE88-3A9A-E48B-CE804BA1386F} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bret\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\searchplugins\duckduckgo.xml
FF Extension: WOT - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-01]
FF Extension: anonymoX - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\Extensions\client@anonymox.net.xpi [2013-11-22]
FF Extension: Ghostery - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\Extensions\firefox@ghostery.com.xpi [2013-11-01]
FF Extension: Google Translator for Firefox - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\Extensions\translator@zoli.bod.xpi [2013-11-06]
FF Extension: Adblock Plus - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-17]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Extension: (avast! Online Security) - C:\Users\Bret\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-05-15] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [25536 2014-03-25] ()
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118784 2008-01-15] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-15] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-25] ()
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [191944 2011-10-31] (Hauppauge, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 18:30 - 2014-05-21 18:30 - 00014570 _____ () C:\Users\Bret\Desktop\FRST.txt
2014-05-21 18:29 - 2014-05-21 18:30 - 00000000 ____D () C:\FRST
2014-05-21 18:27 - 2014-05-21 18:28 - 00002017 _____ () C:\Users\Bret\Desktop\AdwCleaner report 4 beepingcomp.txt
2014-05-21 18:21 - 2014-05-21 18:21 - 02067456 _____ (Farbar) C:\Users\Bret\Desktop\FRST64.exe
2014-05-21 18:15 - 2014-05-21 18:15 - 00001904 _____ () C:\Users\Bret\Desktop\beeping help.txt
2014-05-18 05:14 - 2014-05-18 05:14 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-18 05:14 - 2014-05-18 05:14 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-18 05:14 - 2014-05-18 05:14 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-18 05:14 - 2014-05-18 05:14 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-17 00:37 - 2014-05-17 00:38 - 00000000 ____D () C:\Users\Bret\Downloads\This Is the End (2013) [1080p]
2014-05-16 20:00 - 2014-05-16 20:00 - 00000000 ____D () C:\Users\Bret\AppData\Roaming\EurekaLog
2014-05-16 19:11 - 2014-05-16 19:16 - 00000000 ____D () C:\Users\Bret\Desktop\JavaRa-2.6
2014-05-16 18:04 - 2014-05-16 18:04 - 00013554 _____ () C:\Users\Bret\Desktop\attach.txt
2014-05-16 18:04 - 2014-05-16 18:03 - 00021038 _____ () C:\Users\Bret\Desktop\dds.txt
2014-05-15 21:46 - 2014-05-15 21:49 - 34131368 _____ (Oracle Corporation) C:\Users\Bret\Downloads\jre-8u5-windows-x64.exe
2014-05-15 21:03 - 2014-05-16 19:58 - 00000106 _____ () C:\index.ini
2014-05-15 18:07 - 2014-05-15 18:07 - 00001087 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-15 18:07 - 2014-05-15 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-15 18:06 - 2014-05-16 20:15 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-15 18:06 - 2014-05-15 18:06 - 00000000 ____D () C:\Users\Bret\Documents\Anti-Malware
2014-05-15 16:29 - 2014-05-21 17:48 - 00000952 _____ () C:\Windows\setupact.log
2014-05-15 16:29 - 2014-05-15 16:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 01:27 - 2014-05-15 01:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-15 01:27 - 2014-05-15 01:27 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-15 01:27 - 2014-05-15 01:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-15 01:27 - 2014-05-15 01:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-15 01:27 - 2014-05-15 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 01:26 - 2014-05-15 01:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-15 00:08 - 2014-05-15 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 00:08 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 00:08 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 00:07 - 2014-05-15 00:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 00:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-14 23:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 22:54 - 2014-05-14 22:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 22:52 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 22:52 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 22:52 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-14 22:52 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-14 22:52 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-14 22:52 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-14 22:52 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-14 22:52 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-14 22:52 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-14 22:51 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-14 22:41 - 2014-05-14 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 22:30 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 22:30 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 22:30 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 22:30 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 22:30 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 22:30 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 22:30 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 22:30 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 22:30 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 22:30 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 22:30 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 22:30 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 22:30 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 22:30 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 22:30 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 22:30 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 22:30 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 22:30 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 22:30 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 22:30 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 22:30 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 22:30 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 22:30 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 22:30 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 22:30 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 22:30 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 22:30 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 22:30 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 22:30 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 22:30 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 22:29 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 22:29 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 21:54 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 21:54 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 21:54 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 21:54 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 21:54 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 21:54 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 21:44 - 2014-05-14 21:45 - 88882192 _____ (AVAST Software) C:\Users\Bret\Downloads\avast_free_antivirus_setup.exe
2014-05-14 21:15 - 2014-05-14 21:15 - 00000000 ____D () C:\Users\Bret\AppData\Roaming\AVAST Software
2014-05-14 05:19 - 2014-05-14 20:00 - 00000000 ___SD () C:\ComboFix
2014-05-13 14:40 - 2014-05-13 14:40 - 00000000 ____D () C:\Users\Bret\Downloads\Hick (2011) [1080p]
2014-05-13 14:21 - 2014-05-13 14:23 - 00000000 ____D () C:\Users\Bret\Downloads\Furious 6 (2013) [1080p]
2014-05-13 13:57 - 2014-05-13 13:57 - 00000000 ____D () C:\Users\Bret\Downloads\12 Years a Slave (2013) [1080p]
2014-05-13 12:00 - 2014-05-14 21:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-13 12:00 - 2014-05-13 12:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-13 11:59 - 2014-05-14 20:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-12 19:20 - 2014-05-12 19:22 - 00000000 ____D () C:\Users\Bret\Downloads\The Colony (2013) [1080p]
2014-05-12 19:19 - 2014-05-13 13:55 - 00000000 ____D () C:\Users\Bret\Downloads\World War Z (2013) [1080p]
2014-05-12 18:43 - 2014-05-14 20:00 - 00000000 ____D () C:\Users\Bret\Downloads\Shall We Dance (2004) [1080p]
2014-05-12 18:27 - 2014-05-12 18:38 - 00000000 ____D () C:\Users\Bret\Downloads\Homefront (2013) [1080p]
2014-05-12 18:14 - 2014-05-12 18:22 - 00000000 ____D () C:\Users\Bret\Downloads\The Bling Ring (2013) [1080p]
2014-05-12 17:58 - 2014-05-12 18:06 - 00000000 ____D () C:\Users\Bret\Downloads\Desperado (1995) [1080p]
2014-05-12 17:38 - 2014-05-12 17:38 - 00000000 ____D () C:\Users\Bret\Downloads\Passenger 57 (1992) [1080p]
2014-05-12 17:09 - 2014-05-12 17:35 - 00000000 ____D () C:\Users\Bret\Downloads\Weird Science (1985) [1080p]
2014-05-12 16:40 - 2014-05-12 17:08 - 00000000 ____D () C:\Users\Bret\Downloads\The Kings of Summer (2013) [1080p]
2014-05-12 16:12 - 2014-05-12 16:26 - 00000000 ____D () C:\Users\Bret\Downloads\Disconnect (2012) [1080p]
2014-05-04 23:20 - 2014-05-04 23:29 - 00000000 ____D () C:\Users\Bret\Downloads\Speed Racer 92008) [1080p]
2014-05-04 14:32 - 2014-05-04 14:32 - 00000000 ____D () C:\Users\Bret\Downloads\The Hard Word (2002) [1080p]
2014-05-04 13:57 - 2014-05-04 14:16 - 00000000 ____D () C:\Users\Bret\Downloads\Virtuosity (1995) [1080p]
2014-05-04 13:37 - 2014-05-04 13:38 - 00000000 ____D () C:\Users\Bret\Downloads\Byzantium (2012) [1080p]
2014-05-04 13:20 - 2014-05-04 13:31 - 00000000 ____D () C:\Users\Bret\Downloads\Joy Ride (2001) [1080p]
2014-05-04 12:49 - 2014-05-04 12:52 - 00000000 ____D () C:\Users\Bret\Downloads\The Croods (2013) [1080p]
2014-05-04 12:09 - 2014-05-04 12:25 - 00000000 ____D () C:\Users\Bret\Downloads\Stuck in Love (2012) [1080p]
2014-04-28 14:28 - 2014-05-04 13:12 - 00000000 ____D () C:\Users\Bret\Downloads\The Faculty (1998) [1080p]
2014-04-28 14:26 - 2014-05-04 12:39 - 00000000 ____D () C:\Users\Bret\Downloads\Snake Eyes (1998) [1080p]
2014-04-28 13:47 - 2014-05-04 12:05 - 00000000 ____D () C:\Users\Bret\Downloads\Scenic Route (2013) [1080p]
2014-04-28 13:32 - 2014-04-28 13:35 - 00000000 ____D () C:\Users\Bret\Downloads\The Frozen Ground (2013) [1080p]
2014-04-28 13:18 - 2014-04-28 13:29 - 00000000 ____D () C:\Users\Bret\Downloads\The Hangover Part III (2013) [1080p]
2014-04-28 13:01 - 2014-04-28 13:11 - 00000000 ____D () C:\Users\Bret\Downloads\Home Run (2013) [1080p]
2014-04-28 12:46 - 2014-04-28 13:00 - 00000000 ____D () C:\Users\Bret\Downloads\Ambushed (2013) [1080]
2014-04-28 12:23 - 2014-04-28 12:38 - 00000000 ____D () C:\Users\Bret\Downloads\Dead in Tombstone (2013) [1080p]
2014-04-28 12:07 - 2014-04-28 12:22 - 00000000 ____D () C:\Users\Bret\Downloads\Bedazzled (2000) [1080p]
2014-04-26 15:06 - 2014-05-14 21:11 - 00000000 ____D () C:\Program Files (x86)\DVD Flick
2014-04-26 15:06 - 2008-08-31 13:27 - 00028672 _____ (-) C:\Windows\SysWOW64\mousewheel.ocx
2014-04-26 15:06 - 2007-08-31 18:36 - 00036864 _____ (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2014-04-26 15:06 - 2004-03-09 00:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2014-04-26 15:06 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2014-04-26 15:06 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2014-04-25 21:53 - 2014-04-25 21:53 - 00000667 _____ () C:\Users\Bret\Desktop\arc info.txt
2014-04-25 17:39 - 2014-04-08 04:49 - 06005589 _____ () C:\Users\Bret\panvid cam edited - Copy.tms
2014-04-25 17:23 - 2014-04-25 17:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-25 17:22 - 2014-04-25 17:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

2014-05-21 18:30 - 2014-05-21 18:30 - 00014570 _____ () C:\Users\Bret\Desktop\FRST.txt
2014-05-21 18:30 - 2014-05-21 18:29 - 00000000 ____D () C:\FRST
2014-05-21 18:28 - 2014-05-21 18:27 - 00002017 _____ () C:\Users\Bret\Desktop\AdwCleaner report 4 beepingcomp.txt
2014-05-21 18:27 - 2013-12-27 23:55 - 00000000 ____D () C:\AdwCleaner
2014-05-21 18:24 - 2013-12-28 00:15 - 00000000 ____D () C:\Users\Bret\Downloads\scanners
2014-05-21 18:23 - 2014-01-28 11:49 - 01848240 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 18:21 - 2014-05-21 18:21 - 02067456 _____ (Farbar) C:\Users\Bret\Desktop\FRST64.exe
2014-05-21 18:16 - 2013-02-04 21:26 - 00000000 ____D () C:\Program Files\PeerBlock
2014-05-21 18:15 - 2014-05-21 18:15 - 00001904 _____ () C:\Users\Bret\Desktop\beeping help.txt
2014-05-21 18:11 - 2012-05-07 17:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 17:57 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 17:57 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 17:48 - 2014-05-15 16:29 - 00000952 _____ () C:\Windows\setupact.log
2014-05-21 17:48 - 2013-12-22 11:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 17:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 21:34 - 2013-12-22 11:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 21:20 - 2013-07-25 23:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-20 18:26 - 2014-03-30 21:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 10:31 - 2009-07-14 06:13 - 00889222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 16:03 - 2013-07-16 09:02 - 00000000 ____D () C:\Users\Bret\AppData\Roaming\uTorrent
2014-05-18 05:25 - 2012-05-05 22:31 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-18 05:14 - 2014-05-18 05:14 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-18 05:14 - 2014-05-18 05:14 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-18 05:14 - 2014-05-18 05:14 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-18 05:14 - 2014-05-18 05:14 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-18 05:13 - 2013-10-17 23:46 - 00000000 ____D () C:\Program Files\Java
2014-05-17 10:00 - 2013-12-28 00:52 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-17 10:00 - 2013-09-17 18:13 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-17 10:00 - 2013-09-17 18:13 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-17 00:38 - 2014-05-17 00:37 - 00000000 ____D () C:\Users\Bret\Downloads\This Is the End (2013) [1080p]
2014-05-16 20:15 - 2014-05-15 18:06 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-16 20:00 - 2014-05-16 20:00 - 00000000 ____D () C:\Users\Bret\AppData\Roaming\EurekaLog
2014-05-16 19:58 - 2014-05-15 21:03 - 00000106 _____ () C:\index.ini
2014-05-16 19:16 - 2014-05-16 19:11 - 00000000 ____D () C:\Users\Bret\Desktop\JavaRa-2.6
2014-05-16 18:04 - 2014-05-16 18:04 - 00013554 _____ () C:\Users\Bret\Desktop\attach.txt
2014-05-16 18:03 - 2014-05-16 18:04 - 00021038 _____ () C:\Users\Bret\Desktop\dds.txt
2014-05-15 22:23 - 2014-01-30 12:14 - 00000000 ____D () C:\Users\Bret\AppData\Local\CrashDumps
2014-05-15 21:49 - 2014-05-15 21:46 - 34131368 _____ (Oracle Corporation) C:\Users\Bret\Downloads\jre-8u5-windows-x64.exe
2014-05-15 18:07 - 2014-05-15 18:07 - 00001087 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-15 18:07 - 2014-05-15 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-15 18:06 - 2014-05-15 18:06 - 00000000 ____D () C:\Users\Bret\Documents\Anti-Malware
2014-05-15 16:29 - 2014-05-15 16:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 01:28 - 2013-09-16 02:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 01:27 - 2014-05-15 01:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-15 01:27 - 2014-05-15 01:27 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-15 01:27 - 2014-05-15 01:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-15 01:27 - 2014-05-15 01:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-15 01:27 - 2014-05-15 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 01:26 - 2014-05-15 01:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-15 00:08 - 2014-05-15 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 00:08 - 2014-05-15 00:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-14 23:50 - 2014-03-17 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-14 23:20 - 2012-05-05 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 22:55 - 2014-02-03 23:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 22:54 - 2014-05-14 22:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 22:41 - 2014-05-14 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 22:36 - 2013-06-23 17:33 - 00000632 __RSH () C:\Users\Bret\ntuser.pol
2014-05-14 22:36 - 2013-01-28 20:32 - 00000000 ___RD () C:\Users\Bret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 22:36 - 2013-01-28 20:32 - 00000000 ___RD () C:\Users\Bret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 22:36 - 2013-01-28 20:31 - 00000000 ____D () C:\Users\Bret
2014-05-14 22:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 22:21 - 2013-02-01 19:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 22:11 - 2012-05-07 17:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 22:11 - 2012-05-07 17:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 22:11 - 2012-05-07 17:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 21:54 - 2013-02-01 18:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 21:45 - 2014-05-14 21:44 - 88882192 _____ (AVAST Software) C:\Users\Bret\Downloads\avast_free_antivirus_setup.exe
2014-05-14 21:32 - 2013-07-18 00:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 21:27 - 2013-01-27 17:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-14 21:15 - 2014-05-14 21:15 - 00000000 ____D () C:\Users\Bret\AppData\Roaming\AVAST Software
2014-05-14 21:11 - 2014-04-26 15:06 - 00000000 ____D () C:\Program Files (x86)\DVD Flick
2014-05-14 21:11 - 2013-12-24 16:19 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-14 21:11 - 2013-10-31 09:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-14 21:11 - 2013-09-28 21:33 - 00000000 ____D () C:\Users\Guest
2014-05-14 21:11 - 2013-09-17 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-14 21:11 - 2013-09-17 18:13 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-14 21:11 - 2013-09-17 18:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-14 21:11 - 2013-03-20 15:07 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-14 21:11 - 2013-02-04 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-05-14 21:11 - 2012-05-13 22:19 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\uTorrent
2014-05-14 21:11 - 2012-05-07 17:11 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-14 21:11 - 2012-05-05 19:32 - 00000000 ____D () C:\Users\Jason
2014-05-14 21:10 - 2014-05-13 12:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 21:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-05-14 21:08 - 2013-10-31 09:22 - 00000000 ____D () C:\Qoobox
2014-05-14 21:08 - 2013-01-28 20:47 - 00000000 ____D () C:\Users\Bret\AppData\Local\Mozilla
2014-05-14 21:06 - 2013-02-01 18:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-14 20:55 - 2014-05-13 11:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-14 20:00 - 2014-05-14 05:19 - 00000000 ___SD () C:\ComboFix
2014-05-14 20:00 - 2014-05-12 18:43 - 00000000 ____D () C:\Users\Bret\Downloads\Shall We Dance (2004) [1080p]
2014-05-14 20:00 - 2011-04-12 09:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-14 02:59 - 2014-04-12 08:20 - 00000000 ____D () C:\Users\Bret\Movies
2014-05-13 14:40 - 2014-05-13 14:40 - 00000000 ____D () C:\Users\Bret\Downloads\Hick (2011) [1080p]
2014-05-13 14:23 - 2014-05-13 14:21 - 00000000 ____D () C:\Users\Bret\Downloads\Furious 6 (2013) [1080p]
2014-05-13 13:57 - 2014-05-13 13:57 - 00000000 ____D () C:\Users\Bret\Downloads\12 Years a Slave (2013) [1080p]
2014-05-13 13:55 - 2014-05-12 19:19 - 00000000 ____D () C:\Users\Bret\Downloads\World War Z (2013) [1080p]
2014-05-13 12:00 - 2014-05-13 12:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-12 19:22 - 2014-05-12 19:20 - 00000000 ____D () C:\Users\Bret\Downloads\The Colony (2013) [1080p]
2014-05-12 18:38 - 2014-05-12 18:27 - 00000000 ____D () C:\Users\Bret\Downloads\Homefront (2013) [1080p]
2014-05-12 18:22 - 2014-05-12 18:14 - 00000000 ____D () C:\Users\Bret\Downloads\The Bling Ring (2013) [1080p]
2014-05-12 18:06 - 2014-05-12 17:58 - 00000000 ____D () C:\Users\Bret\Downloads\Desperado (1995) [1080p]
2014-05-12 17:38 - 2014-05-12 17:38 - 00000000 ____D () C:\Users\Bret\Downloads\Passenger 57 (1992) [1080p]
2014-05-12 17:35 - 2014-05-12 17:09 - 00000000 ____D () C:\Users\Bret\Downloads\Weird Science (1985) [1080p]
2014-05-12 17:08 - 2014-05-12 16:40 - 00000000 ____D () C:\Users\Bret\Downloads\The Kings of Summer (2013) [1080p]
2014-05-12 16:26 - 2014-05-12 16:12 - 00000000 ____D () C:\Users\Bret\Downloads\Disconnect (2012) [1080p]
2014-05-11 02:00 - 2012-05-09 16:23 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe
2014-05-09 14:29 - 2013-12-22 11:56 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 14:29 - 2013-12-22 11:56 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 14:10 - 2014-01-15 08:23 - 00000000 ____D () C:\Users\Jason\Documents\JOB
2014-05-09 13:46 - 2014-04-05 09:06 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-05-09 07:14 - 2014-05-14 22:52 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 07:11 - 2014-05-14 22:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:40 - 2014-05-14 21:54 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:17 - 2014-05-14 21:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:25 - 2014-05-14 21:54 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 04:07 - 2014-05-14 21:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 04:00 - 2014-05-14 21:54 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 03:10 - 2014-05-14 21:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 23:29 - 2014-05-04 23:20 - 00000000 ____D () C:\Users\Bret\Downloads\Speed Racer 92008) [1080p]
2014-05-04 14:32 - 2014-05-04 14:32 - 00000000 ____D () C:\Users\Bret\Downloads\The Hard Word (2002) [1080p]
2014-05-04 14:16 - 2014-05-04 13:57 - 00000000 ____D () C:\Users\Bret\Downloads\Virtuosity (1995) [1080p]
2014-05-04 13:38 - 2014-05-04 13:37 - 00000000 ____D () C:\Users\Bret\Downloads\Byzantium (2012) [1080p]
2014-05-04 13:31 - 2014-05-04 13:20 - 00000000 ____D () C:\Users\Bret\Downloads\Joy Ride (2001) [1080p]
2014-05-04 13:12 - 2014-04-28 14:28 - 00000000 ____D () C:\Users\Bret\Downloads\The Faculty (1998) [1080p]
2014-05-04 12:52 - 2014-05-04 12:49 - 00000000 ____D () C:\Users\Bret\Downloads\The Croods (2013) [1080p]
2014-05-04 12:39 - 2014-04-28 14:26 - 00000000 ____D () C:\Users\Bret\Downloads\Snake Eyes (1998) [1080p]
2014-05-04 12:25 - 2014-05-04 12:09 - 00000000 ____D () C:\Users\Bret\Downloads\Stuck in Love (2012) [1080p]
2014-05-04 12:11 - 2014-04-16 17:29 - 00000000 ____D () C:\Users\Bret\Downloads\Lightbulb (2009) [1080p]
2014-05-04 12:05 - 2014-04-28 13:47 - 00000000 ____D () C:\Users\Bret\Downloads\Scenic Route (2013) [1080p]
2014-05-04 11:21 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 13:35 - 2014-04-28 13:32 - 00000000 ____D () C:\Users\Bret\Downloads\The Frozen Ground (2013) [1080p]
2014-04-28 13:29 - 2014-04-28 13:18 - 00000000 ____D () C:\Users\Bret\Downloads\The Hangover Part III (2013) [1080p]
2014-04-28 13:11 - 2014-04-28 13:01 - 00000000 ____D () C:\Users\Bret\Downloads\Home Run (2013) [1080p]
2014-04-28 13:00 - 2014-04-28 12:46 - 00000000 ____D () C:\Users\Bret\Downloads\Ambushed (2013) [1080]
2014-04-28 12:38 - 2014-04-28 12:23 - 00000000 ____D () C:\Users\Bret\Downloads\Dead in Tombstone (2013) [1080p]
2014-04-28 12:22 - 2014-04-28 12:07 - 00000000 ____D () C:\Users\Bret\Downloads\Bedazzled (2000) [1080p]
2014-04-28 12:02 - 2014-04-18 15:54 - 00000000 ____D () C:\Users\Bret\Downloads\An Unfinished Life (2005) [1080p]
2014-04-25 21:53 - 2014-04-25 21:53 - 00000667 _____ () C:\Users\Bret\Desktop\arc info.txt
2014-04-25 17:22 - 2014-04-25 17:23 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-25 17:22 - 2014-04-25 17:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-25 17:22 - 2013-09-17 18:13 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400317256056
2014-04-25 17:22 - 2013-09-17 18:13 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400317256056
2014-04-25 17:22 - 2013-09-17 18:13 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-25 17:22 - 2013-09-17 18:13 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-25 17:22 - 2013-09-17 18:13 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-25 17:22 - 2013-09-17 18:13 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-25 17:22 - 2013-09-17 18:13 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-22 16:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Files to move or delete:
====================
C:\Users\Jason\jagex_cl_runescape_LIVE.dat
C:\Users\Jason\jagex_cl_runescape_LIVE1.dat
C:\Users\Jason\random.dat


Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\76127uninstall.exe
C:\Users\Jason\AppData\Local\Temp\AIUninstall.exe
C:\Users\Jason\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jason\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jason\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Jason\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jason\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jason\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jason\AppData\Local\Temp\utt4ADB.tmp.exe
C:\Users\Jason\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Jason\AppData\Local\Temp\_isE0DC.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-12 03:05

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Bret at 2014-05-21 18:31:32
Running from C:\Users\Bret\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
ExpressVPN v3.416 (HKLM-x32\...\ExpressVPN) (Version: v3.416 - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FlashFXP v4.1 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 4.1.8.1701 - OpenSight Software, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Horizon v2.7.6.7 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.6.7 - Daring Development Inc.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Launch Manager V1.5.4 (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.4 - Wistron Corp.)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Managed DirectX (1126) (x32 Version: 9.00.1126 - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Xbox 360 SDK 2.0.20871.2 (HKLM-x32\...\Microsoft Xbox 360 SDK) (Version:  - )
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PX5 Advanced Sound Editor (HKLM-x32\...\{276B495F-9DB0-4FC6-BEB0-85C91FC0F5E2}) (Version: 1.0.0.1 - Turtle Beach)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Secunia PSI (3.0.0.9015) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1030 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TunnelBear (HKLM-x32\...\{a8dd48ef-82ed-4b3a-a3e2-7d8d419c3be9}) (Version: 2.2.14.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.14.0 - TunnelBear) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

14-05-2014 00:43:08 Windows Update
14-05-2014 00:59:55 Windows Update
14-05-2014 01:26:57 Windows Update
14-05-2014 03:28:11 Installed Microsoft Fix it 50906
14-05-2014 18:52:40 Restore Operation
14-05-2014 19:03:30 avast! antivirus system restore point
14-05-2014 19:20:21 Restore Operation
14-05-2014 19:45:03 avast! antivirus system restore point
14-05-2014 20:01:13 Restore Operation
14-05-2014 20:14:02 avast! antivirus system restore point
14-05-2014 20:18:41 Windows Update
14-05-2014 20:51:31 Windows Update
14-05-2014 21:30:48 Windows Update
14-05-2014 21:53:02 Windows Update
15-05-2014 00:26:17 Installed Java 7 Update 55
15-05-2014 20:59:00 avast! antivirus system restore point
18-05-2014 04:13:17 Installed Java 8 Update 5 (64-bit)
20-05-2014 20:23:52 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0ECF4394-4430-4E8A-81D9-7A38C070A8E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {35A83265-29C8-4E93-98B1-B79FB1ED8699} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3732688033-74849839-84767891-1003
Task: {B36C23D8-BA38-432D-AB53-0FDCACE5C472} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25] (AVAST Software)
Task: {C4D7336B-E9C7-48B8-88E9-B6C80C458E95} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2014-03-25] (TunnelBear)
Task: {C67EAAED-2E8D-4FCD-B569-FD98EA89A4CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {CE392737-B7A2-4FA6-A736-6D03DDB6F2FD} - System32\Tasks\{71EF0880-8B9B-4A64-8DA1-0B483D1A6459} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {D044F590-127F-4830-B1E0-CAFBCAB85172} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {D4312CB2-3F8C-49EF-AAAB-080696C1A076} - System32\Tasks\AdobeAAMUpdater-1.0-Jasons-Lappy-Jason => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {E2AC5C3D-04FC-4303-A076-98E90EC879F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {EEB89BCF-C349-46E1-8B41-1E4729677CE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-11 04:21 - 2014-02-11 04:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-20 18:09 - 2014-05-20 18:09 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14052000\algo.dll
2014-05-21 17:52 - 2014-05-21 17:52 - 02254848 _____ () C:\Program Files\AVAST Software\Avast\defs\14052100\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 18:27 - 2013-11-17 18:27 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Bret^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AIM for Windows => "C:\Users\Jason\AppData\Local\AOL\AIM\aim.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RazerGameBooster => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
MSCONFIG\startupreg: SearchProtection => "C:\Users\Jason\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: uTorrent => "C:\Users\Jason\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 04:45:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69826

Error: (05/20/2014 04:45:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69826

Error: (05/20/2014 04:45:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/20/2014 04:44:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12184

Error: (05/20/2014 04:44:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12184

Error: (05/20/2014 04:44:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/20/2014 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11185

Error: (05/20/2014 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11185

Error: (05/20/2014 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/20/2014 04:44:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10171


System errors:
=============
Error: (05/20/2014 08:32:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/20/2014 01:11:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/19/2014 11:27:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:41:11 on ‎19/‎05/‎2014 was unexpected.

Error: (05/18/2014 01:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (05/18/2014 01:05:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (05/18/2014 06:39:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/18/2014 05:02:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (05/18/2014 05:02:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

Error: (05/16/2014 08:07:53 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.11.8 with the system
having network hardware address 28-18-78-1A-EB-85. Network operations on this system may
be disrupted as a result.

Error: (05/16/2014 05:59:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Emsisoft Anti-Malware 8.0 - Service service terminated unexpectedly.  It has done this 3 time(s).


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-14 20:15:16.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:02:58.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 3000.88 MB
Available physical RAM: 1986.71 MB
Total Pagefile: 5999.93 MB
Available Pagefile: 4604.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:58.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7F559B09)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

ide also like to say i didnt realise my brother was downloading alot of movies with utorrent (which i think hes now stopped as i got him netflixs :)

as i dnt want my isp bothering me etc

thankyou



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 AM

Posted 22 May 2014 - 07:57 AM


Please do not copy my replies in quote boxes. I will refer to my posts as I need. Thanks.


Run the AdwCleaner tool and clean everything.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
BHO-x32: No Name - {50B287B4-EE88-3A9A-E48B-CE804BA1386F} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF SearchPlugin: C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\searchplugins\duckduckgo.xml
CHR DefaultSearchProvider: Mysearchdial
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Jason\AppData\Local\Temp\76127uninstall.exe
C:\Users\Jason\AppData\Local\Temp\AIUninstall.exe
C:\Users\Jason\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jason\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jason\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Jason\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jason\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jason\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jason\AppData\Local\Temp\utt4ADB.tmp.exe
C:\Users\Jason\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Jason\AppData\Local\Temp\_isE0DC.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

p.s.
I never used hijackfree, so I cannot comment on what is reported.
I feel confident with the tools I used so let see if we can clean this computer.

#5 GreekEnigma

GreekEnigma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 24 May 2014 - 03:45 PM

hi im about to do as you've asked

but i dnt have a frst folder? (the frst.exe is just on my desktop?) should i make a folder and put frst in it and then copy paste what you want me to and save it in that folder?

also just curious what is that thing i have to copy and paste (curious)

sorry about clicking quote (im unwell and this is a lil confusing)

thankyou for the help



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 AM

Posted 25 May 2014 - 07:19 AM

Open Notepad copy all the text in the box and paste it in Notepad and save the file as fixlist.txt on your desktop.

 

Run the FRST tool and click the FIX button. The tool will use that fixlist.txt to remove the bad items.

 

When done restart the computer normally to reset the registry.

 

Run the SecurityCheck tool and post the logs.



#7 GreekEnigma

GreekEnigma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 29 May 2014 - 12:01 PM

here you go

ps how do i know you or anyone on here isnt a hacker lol? i mean its wonderful that theirs people and with their spare time their helping people deal with infections on pc etc, but how do i know theirs no one iffy on here?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014

 

Ran by Bret at 2014-05-26 23:13:47 Run:1
Running from C:\Users\Bret\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO-x32: No Name - {50B287B4-EE88-3A9A-E48B-CE804BA1386F} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF SearchPlugin: C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\searchplugins\duckduckgo.xml
CHR DefaultSearchProvider: Mysearchdial
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Jason\AppData\Local\Temp\76127uninstall.exe
C:\Users\Jason\AppData\Local\Temp\AIUninstall.exe
C:\Users\Jason\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jason\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jason\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Jason\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jason\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jason\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jason\AppData\Local\Temp\utt4ADB.tmp.exe
C:\Users\Jason\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Jason\AppData\Local\Temp\_isE0DC.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

End
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50B287B4-EE88-3A9A-E48B-CE804BA1386F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{50B287B4-EE88-3A9A-E48B-CE804BA1386F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\w7x8dpid.default-1383323348901\searchplugins\duckduckgo.xml => Moved successfully.
CHR DefaultSearchProvider: Mysearchdial ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Jason\AppData\Local\Temp\76127uninstall.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\AIUninstall.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\Creative Cloud Helper.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\CreativeCloudSet-Up.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\utt4ADB.tmp.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Jason\AppData\Local\Temp\_isE0DC.exe => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

 

  Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.9015)   
 Java 7 Update 55  
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

ps im still getting same problems with volume (greenbar pops up alot byitself, im not touching volume at all)

thisvol.jpg
photo storage

 

i do appreciate the help, but was wondering if anyone on here knows how to use emisoft antimaleware free version?

ive never used it before (and will say its the most confusing thng ive ever seen)

BUT

it is the only thing that is finding things on my pc (even key-logger)

cant someone tell me how to use emisoft and also the hijackfree thats included so i can post logs from them?

i want to uninstall emisoft as hate it, its for advanced people i think, but its finding alot of issues

 

please click the 2pics below (see the bad things its saying is on thel aptop,including a keylogger thats fake java)

image.jpg
uploading pictures

image.jpg
screen capture tool

 

its looking like i should blank hard drive & reinstall OS so far :(


Edited by GreekEnigma, 29 May 2014 - 12:38 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 AM

Posted 05 June 2014 - 08:51 AM

ps how do i know you or anyone on here isnt a hacker lol? i mean its wonderful that theirs people and with their spare time their helping people deal with infections on pc etc, but how do i know theirs no one iffy on here?


You need to have more trust on helpers in this forum.
Do you think that the Administrator would permit someone to do damage.
This forum has been around for a long time and that is a good indication that your should trust helpers.
===

2 ways you can remove Emisoft
1 - Add/remove programs
2 - if an un-installer is not available delete the Folders associated with it.
===

Clean your old versions of Java

Please download JavaRa

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
===

Empty flash cache.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
<<<>>>

If the sound problem persist execute this.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

In Firefox.

Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

===

In Internet Explorer > Menu > Internet Options > Advanced tab
In the Bottom, reset IE....

Restart the computer normally.
===

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Keep me posted.

#9 GreekEnigma

GreekEnigma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 09 July 2014 - 02:12 PM

Im so so sorry for the very late reply (ive been bad with my disability)

 

ok i didn't use java ra (because ive already been using it every now and then before joining this forum)

i did do the empty flash thing you asked

but ive done nothing else yet, as you asked me to reset firefox and chrome (that worries me that ill lose my bookmarks & addons etc?)

 

i await your reply before i do the eset thing you ask

 

Now im not being rude (as i really appreciate the help) But i dnt see us getting anywhere, due to the fact no software/product finds anything wrong

except Emisoft !

 

so i need someone to look at my emisoft log?

i want to do a scan with emisoft free antimalware and show log to someone

and emisoft hijackfree and show the pic it shows of issues (a tool included with emisoft free anti malware) as both these emisoft tools show problems

 

now remember im no tech head

and i admit i hate the look and layout of emisoft (but) it seems like it can find things no over product out their can!

hence why i need someone to look at my emisoft log and pics (only that way will someone on here know if my laptop is full of junk)

 

thankyou.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 AM

Posted 10 July 2014 - 06:46 AM

ive done nothing else yet, as you asked me to reset firefox and chrome (that worries me that ill lose my bookmarks & addons etc?)


My fixes will only reset the browser (URL) settings.

===

http://www.emsisoft.com/en/support/contact/
Get someone from this Support Forum to have a look at your log.

Please run the ESET scan and let me know How the computer is running.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 AM

Posted 16 July 2014 - 08:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users