Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System crashes, services not starting - possible rootkit?


  • This topic is locked This topic is locked
23 replies to this topic

#1 1Ct

1Ct

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 31 May 2014 - 08:13 PM

Hi BleepingComputer Forum and thank you for all your patient, polite and dedicated help.

My Windows 7 x64 computer has been very unstable in the last few weeks, specifically lots of system crashes/unresponsiveness and (mostly power-related) services such as Power, Windows Audio/Audio Endpoint Builder, NVIDIA-related services, occasionally Plug&Play but also Server, Computer Browser etc. refusing to start, crashing or only starting after several reboots. This of course affects the whole system, from slow boot-up times to slow software. I'm not 100% sure these are malware-related issues since COMODO, Malwarebytes or other common malware scanners don't return anything conclusive, but googling the errors that appear in Event Viewer points to rootkit infections. Running system repair tools like sfc does not seem to resolve the issues either, so I suspect something is not right but can't figure out where the bug could be. Thank you for any advice.

Below the DDS log

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by Administrator at 2:37:52 on 2014-06-01
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.4061.1882 [GMT 2:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Opera x64\opera.exe
C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
C:\Program Files (x86)\Naver\LINE\Line.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{22DCF506-D93F-4B8C-BF7A-28FCFFADA643} : NameServer = 192.169.190.190,192.168.0.1
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021}\351444A565F50363 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021}\35C6F66716B602C496E656370254870727563737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021}\D41646A79772370264275796470224F677C6 : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-8 56208]
R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2013-6-27 604192]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2011-1-6 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-1-6 738472]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-4-4 14904]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-14 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-28 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-28 860472]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-4-6 5716848]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-28 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-28 63704]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-12-12 22600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-9-4 598808]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-9-4 39976]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-4-3 2264280]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-3-25 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-17 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\System32\drivers\jnprva.sys [2013-3-21 30072]
S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2012-11-2 45352]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2011-4-5 7058432]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-20 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-3-25 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-20 56832]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-4-6 13312]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-17 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-14 10752]
S4 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]
S4 jnprTdi_743_36355;Juniper Networks TDI Filter Driver (jnprTdi_743_36355);C:\Windows\System32\drivers\jnprTdi_743_36355.sys [2013-6-16 108336]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2014-05-28 08:20:53 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-28 08:17:23 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-28 08:15:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-28 08:15:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-28 08:15:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-28 08:15:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 12:42:49 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-17 12:42:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-17 10:15:37 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-17 10:15:37 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-17 10:10:22 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2014-05-17 10:09:59 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-05-17 09:22:20 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-05-17 09:21:36 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-17 09:19:37 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2014-05-17 09:19:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-05-16 23:26:53 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2014-05-16 23:26:52 44544 ----a-w- C:\Windows\System32\themeservice.dll
2014-05-16 23:26:52 2851328 ----a-w- C:\Windows\System32\themeui.dll
2014-05-16 18:13:04 -------- d-----w- C:\Users\Administrator\.android
2014-05-15 09:24:03 -------- d-----w- C:\Program Files (x86)\ScriptLogic Corporation
2014-05-10 21:15:58 53360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2014-05-10 21:15:56 4881520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2014-05-10 21:15:56 305264 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2014-05-10 21:15:55 275568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2014-05-10 21:15:54 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-05-10 21:15:52 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2014-05-10 21:15:50 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-05-10 21:15:50 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-10 21:15:49 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-05-10 20:17:19 -------- d-----w- C:\Program Files\IIS
2014-05-10 20:07:29 -------- d-----w- C:\Windows\SysWow64\BestPractices
2014-05-10 20:07:20 -------- d-----w- C:\Windows\System32\BestPractices
2014-05-10 20:07:01 -------- d-----w- C:\inetpub
2014-05-07 09:07:23 -------- d-----w- C:\Program Files (x86)\GUM800F.tmp
2014-05-02 21:53:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\DropboxMaster
.
==================== Find3M  ====================
.
2014-05-20 10:49:30 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-20 10:49:30 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-16 21:12:56 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2014-04-16 21:12:55 738472 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2014-04-16 21:12:55 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-09 12:07:02 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-04-09 12:06:35 235008 ----a-w- C:\Windows\System32\elshyph.dll
2014-04-09 12:06:34 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2014-04-09 12:06:31 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-04-09 12:06:31 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2014-04-09 12:06:20 34816 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-04-09 12:06:18 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2014-04-09 12:06:17 337408 ----a-w- C:\Windows\SysWow64\html.iec
2014-04-09 12:06:06 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2014-04-09 12:06:02 1051136 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-04-09 12:06:00 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
2014-04-09 12:04:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-04-09 12:04:59 167424 ----a-w- C:\Windows\System32\iexpress.exe
2014-04-09 12:04:59 13824 ----a-w- C:\Windows\System32\mshta.exe
2014-04-09 12:04:58 48128 ----a-w- C:\Windows\System32\imgutil.dll
2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
2014-03-25 19:22:29 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
2014-03-25 19:22:28 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2014-03-25 19:22:25 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2014-03-25 19:22:23 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH:  2:39:38.47 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 05 June 2014 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536198 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 07 June 2014 - 02:56 PM

A copy/paste of my problem as the bot requested:

 

My Windows 7 x64 computer has been very unstable in the last few weeks, specifically lots of system crashes/unresponsiveness and (mostly power-related) services such as Power, Windows Audio/Audio Endpoint Builder, NVIDIA-related services, occasionally Plug&Play but also Server, Computer Browser etc. refusing to start, crashing or only starting after several reboots. This of course affects the whole system, from slow boot-up times to slow software. I'm not 100% sure these are malware-related issues since COMODO, Malwarebytes and other common malware scanners don't return anything conclusive, but googling some of the errors that appear in Event Viewer points to rootkit infections. Running system repair tools like sfc does not seem to resolve the issues either, so I suspect something is not right but can't figure out where the bug could be. Apologies if this is, in fact, not malware-related. I have my Windows installation DVD available. 

Below the new DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by Administrator at 21:48:29 on 2014-06-07
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.4061.1637 [GMT 2:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
C:\Program Files\Opera x64\opera.exe
C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{22DCF506-D93F-4B8C-BF7A-28FCFFADA643} : NameServer = 192.169.190.190,192.168.0.1
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021}\25F626026202441616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021}\351444A565F50363 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021}\35C6F66716B602C496E656370254870727563737 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-8 56208]
R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2013-6-27 604192]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2011-1-6 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-1-6 738472]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-4-4 14904]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-28 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-28 63704]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-9-4 598808]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-9-4 39976]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-3-25 108800]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\System32\drivers\jnprva.sys [2013-3-21 30072]
S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2012-11-2 45352]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2011-4-5 7058432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-20 19456]
S4 jnprTdi_743_36355;Juniper Networks TDI Filter Driver (jnprTdi_743_36355);C:\Windows\System32\drivers\jnprTdi_743_36355.sys [2013-6-16 108336]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2014-05-28 08:20:53 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-28 08:17:23 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-28 08:15:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-28 08:15:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-28 08:15:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-28 08:15:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 12:42:49 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-17 12:42:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-17 10:15:37 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-17 10:15:37 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-17 10:10:22 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2014-05-17 10:09:59 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-05-17 09:22:20 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-05-17 09:21:36 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-17 09:19:37 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2014-05-17 09:19:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-05-16 23:26:53 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2014-05-16 23:26:52 44544 ----a-w- C:\Windows\System32\themeservice.dll
2014-05-16 23:26:52 2851328 ----a-w- C:\Windows\System32\themeui.dll
2014-05-16 18:13:04 -------- d-----w- C:\Users\Administrator\.android
2014-05-15 09:24:03 -------- d-----w- C:\Program Files (x86)\ScriptLogic Corporation
2014-05-10 21:15:58 53360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2014-05-10 21:15:56 4881520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2014-05-10 21:15:56 305264 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2014-05-10 21:15:55 275568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2014-05-10 21:15:54 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-05-10 21:15:52 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2014-05-10 21:15:50 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-05-10 21:15:50 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-10 21:15:49 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-05-10 20:07:29 -------- d-----w- C:\Windows\SysWow64\BestPractices
2014-05-10 20:07:20 -------- d-----w- C:\Windows\System32\BestPractices
.
==================== Find3M  ====================
.
2014-05-20 10:49:30 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-20 10:49:30 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-16 21:12:56 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2014-04-16 21:12:55 738472 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2014-04-16 21:12:55 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-09 12:07:02 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-04-09 12:06:35 235008 ----a-w- C:\Windows\System32\elshyph.dll
2014-04-09 12:06:34 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2014-04-09 12:06:31 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-04-09 12:06:31 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2014-04-09 12:06:20 34816 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-04-09 12:06:18 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2014-04-09 12:06:17 337408 ----a-w- C:\Windows\SysWow64\html.iec
2014-04-09 12:06:06 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2014-04-09 12:06:02 1051136 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-04-09 12:06:00 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
2014-04-09 12:04:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-04-09 12:04:59 167424 ----a-w- C:\Windows\System32\iexpress.exe
2014-04-09 12:04:59 13824 ----a-w- C:\Windows\System32\mshta.exe
2014-04-09 12:04:58 48128 ----a-w- C:\Windows\System32\imgutil.dll
2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
2014-03-25 19:22:29 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
2014-03-25 19:22:28 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2014-03-25 19:22:25 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2014-03-25 19:22:23 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
.
============= FINISH: 21:52:08.02 ===============
 

Attached Files



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:20 PM

Posted 11 June 2014 - 09:24 PM

Hi, 1Ct! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer without asking me first! This will make it practically impossible for me to assist you.
  • Please don't run things without asking me first, this will also make it impossible for me to help you.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

I don't see much wrong in your logs right now, but I'm going to have you run a scan with a different tool that we can use to fix anything else that might be hiding. :)

 

Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 12 June 2014 - 05:31 AM

Hi Gunto, and thank you for your help.

 

As mentioned, it is possible that the problems I'm having are not related to malware but some other issue (failing HDD or something else). In that case I apologize for wasting your time, but I really wanted a professional to look at it to make sure.

 

Below FRST.txt

----------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by Administrator (administrator) on ASUS on 12-06-2014 12:11:19
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files\Opera x64\opera.exe
(Adobe Systems Incorporated ) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\32\Adobe QT32 Server.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\Adobe QT32 Server.exe
(Opera Software) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\dynamiclinkmediaserver.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Opera Software) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16336416 2009-08-19] (NVIDIA Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\MountPoints2: {954852a6-5eb4-11e0-a5cf-806e6f6e6963} - D:\InstAll.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF659C4088C0ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {9577E9FD-DACA-42D4-A239-B7220E317F35} URL = http://www.google.co.jp/search?hl=ja&q={searchTerms}&lr=lang_ja
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {F18D4965-532F-4907-A55F-7406218BF861} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22DCF506-D93F-4B8C-BF7A-28FCFFADA643}: [NameServer]192.169.190.190,192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: Live HTTP Headers - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-01-23]
FF Extension: Page Speed - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: CSS Usage - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\csscoverage@spaghetticoder.org.xpi [2014-05-10]
FF Extension: Firebug - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\firebug@software.joehewitt.com.xpi [2012-06-12]
FF Extension: FireDiff - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\firediff@johnjbarton.com.xpi [2012-08-05]
FF Extension: FirePHP - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2012-08-05]
FF Extension: Illuminations for Developers - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\sroussey@illumination-for-developers.com.xpi [2012-08-05]
FF Extension: View Cookies - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi [2013-06-29]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-01]
FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-03-14]
FF HKLM-x32\...\Firefox\Extensions: [fe_6.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2012-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-23]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-02-01]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Facebook Disconnect) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-07-02]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-28]
CHR Extension: (Minimal) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog [2013-05-28]
CHR Extension: (Adobe Edge Inspect CC) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Facebook Message Seen Notification Remover) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\piohdenkodpbcigpkmicjapilbfjioil [2013-07-06]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]
 
==================== Services (Whitelisted) =================
 
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S4 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-05-19] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [604192 2013-03-19] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
S4 jnprTdi_743_36355; C:\Windows\system32\Drivers\jnprTdi_743_36355.sys [108336 2013-05-23] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-03-21] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2012-11-02] (Juniper Networks, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-12] (Malwarebytes Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-12 12:11 - 2014-06-12 12:11 - 00020640 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-12 12:09 - 2014-06-12 12:10 - 02081792 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-06-12 11:30 - 2014-06-12 12:11 - 00000000 ____D () C:\FRST
2014-06-11 16:21 - 2014-06-11 16:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-10 17:47 - 2014-06-10 17:48 - 00000000 ____D () C:\Users\Administrator\Desktop\Day 2
2014-06-08 02:58 - 2014-06-08 02:58 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-06-04 01:02 - 2014-06-04 01:07 - 00000000 ____D () C:\Users\Administrator\Desktop\Day 1
2014-06-02 20:16 - 2014-06-02 20:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-02 20:05 - 2014-06-12 11:45 - 00003176 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-06-02 11:00 - 2014-06-07 13:40 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2014-06-01 02:32 - 2014-06-01 02:32 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-01 02:31 - 2014-06-01 02:31 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
2014-06-01 02:20 - 2014-06-01 02:20 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-05-28 11:54 - 2014-05-28 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 11:09 - 2014-05-28 11:23 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-05-28 10:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 10:17 - 2014-06-12 11:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 10:16 - 2014-05-28 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 10:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 10:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 09:44 - 2014-05-28 12:54 - 00000000 ____D () C:\Windows\Minidump
2014-05-22 09:39 - 2014-06-10 16:16 - 00008075 _____ () C:\Windows\setupact.log
2014-05-22 09:39 - 2014-05-22 09:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 14:42 - 2014-05-08 09:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 14:42 - 2014-05-08 08:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 14:42 - 2014-05-08 07:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 14:42 - 2014-05-08 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 14:42 - 2014-05-08 06:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 14:42 - 2014-05-08 06:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 12:15 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 12:15 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 12:12 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 12:12 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 12:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 12:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 12:11 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 12:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 12:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 12:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 12:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 12:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 12:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 12:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 12:11 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 12:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 12:11 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 12:11 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 12:11 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 12:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-17 12:10 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 12:10 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 12:10 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 12:10 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 12:10 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 12:10 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 12:10 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 12:10 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 12:10 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 12:10 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 12:10 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 12:10 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 12:10 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 12:10 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 12:10 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 12:10 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 12:10 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 12:10 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 12:10 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 12:10 - 2012-06-01 07:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-05-17 12:10 - 2012-06-01 07:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-05-17 12:10 - 2012-06-01 07:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-05-17 12:10 - 2012-06-01 07:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-05-17 12:10 - 2012-06-01 07:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-05-17 12:10 - 2012-06-01 07:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-05-17 12:10 - 2012-06-01 06:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2014-05-17 12:10 - 2012-06-01 06:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2014-05-17 12:10 - 2012-06-01 06:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2014-05-17 12:10 - 2012-06-01 06:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2014-05-17 12:10 - 2012-06-01 06:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2014-05-17 12:10 - 2012-06-01 06:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2014-05-17 12:09 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 12:09 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 12:09 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 12:09 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 12:09 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 12:09 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 12:09 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 12:09 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 12:09 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 12:09 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 12:09 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 12:09 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 12:09 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 12:09 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 12:09 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 12:09 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 12:09 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 11:21 - 2014-05-17 11:21 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 __RHD () C:\MSOCache
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-17 10:59 - 2014-05-17 11:21 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-17 10:59 - 2014-05-17 10:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-17 01:26 - 2009-05-19 16:25 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-05-17 01:26 - 2009-05-19 16:24 - 02851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-05-17 01:26 - 2009-05-19 16:24 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2014-05-16 20:13 - 2014-05-16 20:13 - 00000000 ____D () C:\Users\Administrator\.android
2014-05-15 11:24 - 2014-05-15 11:24 - 00000000 ____D () C:\Program Files (x86)\ScriptLogic Corporation
 
==================== One Month Modified Files and Folders =======
 
2014-06-12 12:11 - 2014-06-12 12:11 - 00020640 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-12 12:11 - 2014-06-12 11:30 - 00000000 ____D () C:\FRST
2014-06-12 12:11 - 2011-04-04 21:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp
2014-06-12 12:10 - 2014-06-12 12:09 - 02081792 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-06-12 12:08 - 2011-04-06 01:56 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-06-12 12:05 - 2012-07-25 04:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 11:45 - 2014-06-02 20:05 - 00003176 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-06-12 11:38 - 2011-04-07 08:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2014-06-12 11:35 - 2011-04-04 21:20 - 02083991 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 11:26 - 2011-04-06 01:19 - 00000700 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 11:25 - 2014-05-28 10:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 11:21 - 2011-04-06 01:19 - 00000704 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 03:08 - 2011-06-02 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2014-06-12 02:04 - 2011-05-29 17:58 - 00000000 ____D () C:\Program Files (x86)\Minilyrics
2014-06-11 17:09 - 2013-04-01 00:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-06-11 16:21 - 2014-06-11 16:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-10 23:58 - 2011-04-07 08:35 - 00000000 ___RD () C:\Dropbox
2014-06-10 23:57 - 2014-05-02 23:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-06-10 17:48 - 2014-06-10 17:47 - 00000000 ____D () C:\Users\Administrator\Desktop\Day 2
2014-06-10 17:24 - 2009-07-14 07:13 - 00865644 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 16:16 - 2014-05-22 09:39 - 00008075 _____ () C:\Windows\setupact.log
2014-06-10 15:50 - 2014-04-16 13:19 - 00000600 _____ () C:\Users\Administrator\AppData\Roaming\winscp.rnd
2014-06-10 02:02 - 2011-04-05 22:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-06-09 13:58 - 2011-12-12 20:54 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-09 11:31 - 2011-11-23 12:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-06-08 03:00 - 2012-11-05 20:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity
2014-06-08 02:58 - 2014-06-08 02:58 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-06-07 14:10 - 2011-04-06 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-07 14:10 - 2011-04-06 17:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-07 13:40 - 2014-06-02 11:00 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2014-06-05 17:00 - 2009-07-14 06:45 - 00028832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 17:00 - 2009-07-14 06:45 - 00028832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 16:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 13:14 - 2012-04-03 18:55 - 00001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-06-04 01:07 - 2014-06-04 01:02 - 00000000 ____D () C:\Users\Administrator\Desktop\Day 1
2014-06-04 00:56 - 2014-02-24 00:28 - 122222021 _____ () C:\Users\Administrator\Desktop\Bad.Influence.se1ep1.mp4
2014-06-02 20:19 - 2014-06-02 20:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-02 11:03 - 2011-12-24 16:19 - 00000000 ____D () C:\Windows\pss
2014-06-01 21:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-01 02:32 - 2014-06-01 02:32 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-01 02:32 - 2011-04-04 21:20 - 00000000 ____D () C:\Users\Administrator
2014-06-01 02:31 - 2014-06-01 02:31 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
2014-06-01 02:20 - 2014-06-01 02:20 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-05-29 13:46 - 2012-04-03 13:01 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-29 01:01 - 2011-04-06 00:18 - 00000000 ___RD () C:\Users\Administrator\Desktop\Work
2014-05-28 12:54 - 2014-05-28 09:44 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 11:54 - 2014-05-28 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 11:47 - 2012-11-13 14:14 - 00304838 _____ () C:\Windows\PFRO.log
2014-05-28 11:43 - 2013-09-04 10:53 - 00000000 ____D () C:\Windows\WindowsMobile
2014-05-28 11:33 - 2011-04-05 22:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-28 11:23 - 2014-05-28 11:09 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-05-28 10:16 - 2014-05-28 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2011-12-03 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 18:43 - 2011-04-04 21:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-05-24 11:54 - 2011-04-04 21:20 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:53 - 2011-04-07 08:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 00:03 - 2011-04-05 23:27 - 00000000 ___RD () C:\Users\Administrator\Desktop\大学
2014-05-23 22:27 - 2013-11-14 15:14 - 00000000 ____D () C:\Lyrics
2014-05-22 17:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-22 16:39 - 2009-07-14 07:08 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 09:39 - 2014-05-22 09:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 12:53 - 2011-06-17 18:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-20 12:49 - 2012-07-25 04:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-20 12:49 - 2012-04-05 12:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-20 12:49 - 2011-06-09 22:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-20 01:30 - 2012-09-23 17:57 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-05-20 01:30 - 2012-09-23 17:57 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-05-20 01:30 - 2012-09-23 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-05-17 15:17 - 2011-04-04 21:20 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 15:14 - 2014-05-10 22:11 - 00079244 _____ () C:\Windows\iis7.log
2014-05-17 15:13 - 2009-07-14 06:45 - 06252768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-05-17 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 14:29 - 2013-10-07 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 13:22 - 2011-04-04 22:43 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-17 11:52 - 2011-04-04 23:58 - 00168512 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-17 11:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 11:21 - 2014-05-17 11:21 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-17 11:21 - 2014-05-17 10:59 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 __RHD () C:\MSOCache
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-17 11:19 - 2009-07-14 09:46 - 00000000 ____D () C:\Windows\ShellNew
2014-05-17 10:59 - 2014-05-17 10:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-17 01:57 - 2011-04-06 17:07 - 00000000 ____D () C:\Program Files\Microsoft OfficeOLD
2014-05-17 01:52 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2014-05-16 20:13 - 2014-05-16 20:13 - 00000000 ____D () C:\Users\Administrator\.android
2014-05-16 18:18 - 2013-06-27 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-16 18:18 - 2013-05-16 15:08 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-05-16 18:18 - 2013-05-16 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-05-16 18:07 - 2011-04-07 23:36 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-15 11:24 - 2014-05-15 11:24 - 00000000 ____D () C:\Program Files (x86)\ScriptLogic Corporation
2014-05-13 21:09 - 2014-05-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9_z38s.dll
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-09 15:34
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
ADDITION.txt
-------------------------------------------------------------------------------------
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 01
Ran by Administrator at 2014-06-12 12:20:55
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
 
==================== Installed Programs ======================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe Acrobat X Pro - English, Fran軋is, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.1.369 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Japanese (HKLM-x32\...\{AC76BA86-7AD7-1041-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.0.1.123 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.0.1.123 - ArcSoft) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.22 - ASUS)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0051 - ASUS)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avid Codecs LE (HKLM-x32\...\{A876EBF9-9046-4953-888D-8A60B8777027}) (Version: 2.3.7 - 会社名)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete Stand-Alone) (Version: 3.1.1.0 - Nik Software, Inc.)
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.3.50343.1263 - COMODO Group Inc.)
Contour Storyteller (HKLM-x32\...\Contour Storyteller 3.3.2) (Version: 3.3.2 - Contour)
DCP Builder Basic Edition 0.3 (HKLM\...\DcpBuilderBasicEdition_is1) (Version: 0.3 - Digital Signal Processing Laboratory, University of Perugia)
Dfine 2.0 (HKLM-x32\...\Dfine 2.0 Stand-Alone) (Version: 2.1.0.7 - Nik Software, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
eMule (HKLM-x32\...\eMule) (Version:  - )
Engraver 2.22. (HKLM-x32\...\EngraverII plug-in for Adobe Photoshop and compa~9CA97D3D_is1) (Version:  - )
EZTitles Plug-in Demo 4.1.21 for Adobeョ Premiereョ (HKLM-x32\...\EZTitles Plug-in IV for Adobeョ Premiereョ_is1) (Version:  - EZTitles Development Studio Ltd.)
ffdshow v1.3.4515 [2013-06-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4515.0 - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
Fontlab TypeTool 3 (HKLM-x32\...\TypeTool 3.1_is1) (Version: 3.1 - FontLab)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
KvK Sign & Validate Acrobat Reader PLUG-IN (HKLM-x32\...\InstallShield_{F7FCF592-1DBA-4276-9B3E-902C2D280AC9}) (Version: 4.00.0000 - Vereniging Kamers van Koophandel)
KvK Sign & Validate Acrobat Reader PLUG-IN (x32 Version: 4.00.0000 - Vereniging Kamers van Koophandel) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LINE (HKLM-x32\...\LINE) (Version: 3.6.0.32 - LINE Corporation)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.64 (HKLM\...\MediaInfo) (Version: 0.7.64 - MediaArea.net)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.41 - Crintsoft) <==== ATTENTION
MKVToolNix 6.1.0 (HKLM-x32\...\MKVtoolnix) (Version: 6.1.0 - Moritz Bunkus)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.86.0 - Nokia)
Nokia Suite (x32 Version: 3.3.86.0 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
OpenDCP (HKLM-x32\...\OpenDCP-0.0.26) (Version: 0.0.26 - OpenDCP)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Ovi Maps 3D browser plugin 5.2.7.0 (HKLM-x32\...\{5205E1A4-DC23-4E8D-81F8-90775E742148}_is1) (Version:  - Nokia)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
proDAD Mercalli 2.0 (64bit) (HKLM\...\proDAD-Mercalli-2.0) (Version: 2.0.65 - proDAD GmbH)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.1.0.1824 - GetData Pty Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0 Stand-Alone) (Version: 3.0.0.5 - Nik Software, Inc.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Subtitle Edit 3.3.3 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.3.1745 - Nikse)
SurCode for Dolby Digital (HKLM-x32\...\SurCode for Dolby Digital) (Version:  - )
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{8844595D-7554-49D2-90C4-3771532B7B1A}) (Version: 11.0 - Red Giant Software)
Trapcode Suite 64-bit (Version: 11.0 - Red Giant Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.6-7 - Wacom Technology Corp.)
WAV to AC3 Encoder 5.0 (HKLM-x32\...\WAV to AC3 Encoder_is1) (Version:  - Wieslaw Soltes)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4100 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.6 - Christoph Grether)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
XDCAMBrowser (HKLM-x32\...\{2D076E90-866E-4C2B-B9EF-F74F0F08E365}) (Version: 2.1.0.303 - Sony Corporation)
 
==================== Restore Points  =========================
 
01-06-2014 00:07:07 Configured Microsoft Office Professional Plus 2010
01-06-2014 00:09:05 Configured Microsoft Office Professional Plus 2010
01-06-2014 00:15:09 Configured Microsoft Office Professional Plus 2010
01-06-2014 00:17:40 Configured Microsoft Office Professional Plus 2010
01-06-2014 00:20:38 Configured Microsoft Office Professional Plus 2010
01-06-2014 09:44:00 Removed Internet Information Services (IIS) 7 Manager
07-06-2014 12:05:40 Configured Microsoft Office Professional Plus 2010
07-06-2014 12:07:09 Configured Microsoft Office Professional Plus 2010
 
==================== Hosts content: ==========================
 
2012-12-24 13:51 - 2013-12-01 02:47 - 00003644 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
 
There are 64 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0236AC6F-A406-43D9-A130-961982753739} - System32\Tasks\{BB57308C-62B4-4277-B292-6377726E0E67} => c:\program files (x86)\opera\opera.exe
Task: {060DADA5-C67D-4B38-A97A-CD991B90A784} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] ()
Task: {08C4888B-A752-431D-B82A-4D1A47ACD9AC} - System32\Tasks\AdobeAAMUpdater-1.0-ASUS-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {2A0F82CF-8581-4A2F-922B-A4E857FFC6DF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Task: {32B5D5A4-DA0B-4C0F-913A-059CC7AEE55F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-08-28] (ATK)
Task: {48559AF6-7D3F-4DCB-9009-29090A9ED0EB} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2012-10-01] ()
Task: {7279C368-1632-4750-9EDB-EC9AFF449442} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: {87F2A5A3-1E70-4FEC-A059-3F1BC0B6A257} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06] (Google Inc.)
Task: {8AE9B9E5-E99C-4FEA-92E7-5CEB1A9D2F4E} - System32\Tasks\Hibernate => shutdown
Task: {9416D489-6BBC-40B6-B32D-83EA33F8A30B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {AC5265AE-A428-4A4D-9B5F-90759EB682DA} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2012-10-01] ()
Task: {B7FA4812-14AF-47EB-92B6-782C6823B918} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {BBE563C1-956E-464E-9A3B-9A42836CA6FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06] (Google Inc.)
Task: {E3E988FA-0777-472F-A472-8EA58898DADE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {E45E0FB7-D12F-4DB1-A4B5-EF6931A8B608} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-20] (Adobe Systems Incorporated)
Task: {EA5315C1-2469-4CF6-A279-2E9DB0197A3E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {EE79CEC5-B0FB-418B-B25C-F1978E123B74} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-04 21:25 - 2007-08-08 00:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-04-06 02:09 - 2010-11-15 11:08 - 01182576 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2008-08-13 20:59 - 2008-08-13 20:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2009-08-28 15:00 - 2009-08-28 15:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-28 11:43 - 2009-08-28 11:43 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2011-04-04 21:25 - 2007-03-09 18:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-07-24 10:32 - 2009-07-24 10:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-03-07 14:51 - 2014-03-07 14:51 - 00815104 _____ () C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
2014-01-17 01:22 - 2014-04-25 10:35 - 01022464 _____ () C:\Program Files\Opera x64\gstreamer\gstreamer.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00108544 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstaudioconvert.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00106496 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstaudioresample.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00062464 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstautodetect.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00108032 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstcoreplugins.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00073216 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstdecodebin2.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00074752 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstdirectsound.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00201216 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstffmpegcolorspace.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00340480 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstoggdec.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00045056 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwaveform.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00077312 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwavparse.dll
2014-01-17 01:22 - 2014-04-25 10:35 - 00115712 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwebmdec.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-05-20 12:48 - 2014-05-20 12:48 - 22488240 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll
2011-11-10 16:25 - 2013-04-15 19:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-03-24 02:04 - 2013-11-18 00:24 - 02043792 _____ () C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\32\ImageRenderer.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-10 23:57 - 2014-06-10 23:57 - 00043008 _____ () C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9_z38s.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libcef.dll
2012-02-23 00:01 - 2012-09-20 22:40 - 02043472 _____ () C:\Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\ImageRenderer.dll
2014-06-11 16:19 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 16:19 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 16:19 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 16:19 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 16:19 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
AlternateDataStreams: C:\Users\Administrator\ntuser.dat.log:{4B65B406-E2E3-3CD4-B3BF-78E17DEF2C0F}
AlternateDataStreams: C:\Users\Administrator\AppData\Local\Temp:USFjavfxhERqEk5qIzMyXjJ9ez9
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
AlternateDataStreams: C:\ProgramData\Microsoft:2cZNKu9njlDOk1sL0m1C8rIqc1l
AlternateDataStreams: C:\ProgramData\Microsoft:3zzpVYUlkOHP0DtFjdy
AlternateDataStreams: C:\ProgramData\Microsoft:nRx5jaZb2Viq9uwuc3c4V
AlternateDataStreams: C:\ProgramData\Microsoft:PAWv7B2KjYLKkFA05DiJS3yxo
AlternateDataStreams: C:\ProgramData\TEMP:8F9D7ABB
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18769208.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18769208.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: ADExchange => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CVPND => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: JuniperAccessService => 3
MSCONFIG\Services: mi-raysat_3dsmax2010_64 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RapiMgr => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: WcesComm => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: ContourCameraFinder => "C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe" 
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpeedTestPro => "C:\Program Files\SpeedTestPro\SpeedTestPro.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2014 05:09:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: InDesign.exe, version: 8.0.1.406, time stamp: 0x50335e39
Faulting module name: TRANSPARENCY UI.APLN, version: 8.0.0.370, time stamp: 0x4f72c95e
Exception code: 0xc0000005
Fault offset: 0x00002762
Faulting process id: 0x1640
Faulting application start time: 0xInDesign.exe0
Faulting application path: InDesign.exe1
Faulting module path: InDesign.exe2
Report Id: InDesign.exe3
 
Error: (06/08/2014 09:52:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 2.2.1.25154 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 24c8
 
Start Time: 01cf8350056fba32
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe
 
Report Id: 49d8e72b-ef46-11e3-83b3-485b3966ed32
 
Error: (06/08/2014 00:51:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera_plugin_wrapper.exe, version: 12.17.1863.0, time stamp: 0x534cfe97
Faulting module name: opera_plugin_wrapper.exe, version: 12.17.1863.0, time stamp: 0x534cfe97
Exception code: 0xc000041d
Fault offset: 0x0000000000017718
Faulting process id: 0x4b8
Faulting application start time: 0xopera_plugin_wrapper.exe0
Faulting application path: opera_plugin_wrapper.exe1
Faulting module path: opera_plugin_wrapper.exe2
Report Id: opera_plugin_wrapper.exe3
 
Error: (06/06/2014 09:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 12.17.1863.0, time stamp: 0x534cefc5
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x148
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3
 
Error: (06/06/2014 08:44:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 10.1.10.18, time stamp: 0x536b4f99
Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x536b5ea5
Exception code: 0xc0000005
Fault offset: 0x70b95643
Faulting process id: 0x148
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3
 
Error: (06/06/2014 08:44:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 10.1.10.18, time stamp: 0x536b4f99
Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x536b5ea5
Exception code: 0xc0000005
Fault offset: 0x70ba8dab
Faulting process id: 0x148
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3
 
Error: (06/06/2014 08:27:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 12.17.1863.0, time stamp: 0x534cefc5
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000002bb8f
Faulting process id: 0x1840
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3
 
Error: (06/05/2014 02:24:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Opera.exe, version: 12.17.1863.0, time stamp: 0x534cefc5
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2508
Faulting application start time: 0xOpera.exe0
Faulting application path: Opera.exe1
Faulting module path: Opera.exe2
Report Id: Opera.exe3
 
Error: (06/05/2014 02:49:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Premiere Pro.exe, version: 6.0.5.0, time stamp: 0x5211d7f5
Faulting module name: UIFramework.dll, version: 6.0.5.1, time stamp: 0x5211c8eb
Exception code: 0xc0000005
Fault offset: 0x00000000000d0639
Faulting process id: 0x230
Faulting application start time: 0xAdobe Premiere Pro.exe0
Faulting application path: Adobe Premiere Pro.exe1
Faulting module path: Adobe Premiere Pro.exe2
Report Id: Adobe Premiere Pro.exe3
 
Error: (06/04/2014 00:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Premiere Pro.exe, version: 6.0.5.0, time stamp: 0x5211d7f5
Faulting module name: UIFramework.dll, version: 6.0.5.1, time stamp: 0x5211c8eb
Exception code: 0xc0000005
Fault offset: 0x00000000000d0639
Faulting process id: 0x21fc
Faulting application start time: 0xAdobe Premiere Pro.exe0
Faulting application path: Adobe Premiere Pro.exe1
Faulting module path: Adobe Premiere Pro.exe2
Report Id: Adobe Premiere Pro.exe3
 
 
System errors:
=============
Error: (06/12/2014 11:18:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
 
Error: (06/11/2014 10:43:27 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021} because another computer on the network has the same name.  The server could not start.
 
Error: (06/11/2014 10:42:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
 
Error: (06/11/2014 00:30:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (06/10/2014 05:23:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR8.
 
Error: (06/10/2014 05:23:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR8.
 
Error: (06/10/2014 05:23:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR8.
 
Error: (06/10/2014 05:23:48 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR8.
 
Error: (06/10/2014 03:45:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TEKTON-2012-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0FB2DF0-EE95-4469-A14C-8B5A98F7F021}.
The master browser is stopping or an election is being forced.
 
Error: (06/10/2014 10:40:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
 
 
Microsoft Office Sessions:
=========================
Error: (06/11/2014 05:09:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: InDesign.exe8.0.1.40650335e39TRANSPARENCY UI.APLN8.0.0.3704f72c95ec000000500002762164001cf857fba90c4a2C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exeC:\Program Files (x86)\Adobe\Adobe InDesign CS6\Plug-ins\GRAPHICS\TRANSPARENCY UI.APLN5b9b0d99-f17a-11e3-83b3-485b3966ed32
 
Error: (06/08/2014 09:52:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: uTorrent.exe2.2.1.2515424c801cf8350056fba3260000C:\Program Files (x86)\uTorrent\uTorrent.exe49d8e72b-ef46-11e3-83b3-485b3966ed32
 
Error: (06/08/2014 00:51:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera_plugin_wrapper.exe12.17.1863.0534cfe97opera_plugin_wrapper.exe12.17.1863.0534cfe97c000041d00000000000177184b801cf82a202c49f85C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exeC:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe495bbdf5-ee96-11e3-83b3-485b3966ed32
 
Error: (06/06/2014 09:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe12.17.1863.0534cefc5ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410214801cf81b9891cd038C:\Program Files\Opera x64\opera.exeC:\Windows\SYSTEM32\ntdll.dllc883cb6b-edac-11e3-83b3-485b3966ed32
 
Error: (06/06/2014 08:44:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Acrobat.exe10.1.10.18536b4f99Updater.api_unloaded0.0.0.0536b5ea5c000000570b9564314801cf81b743c832b2C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeUpdater.apia42b6b1a-edaa-11e3-83b3-485b3966ed32
 
Error: (06/06/2014 08:44:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Acrobat.exe10.1.10.18536b4f99Updater.api_unloaded0.0.0.0536b5ea5c000000570ba8dab14801cf81b743c832b2C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeUpdater.api9d6d8cf4-edaa-11e3-83b3-485b3966ed32
 
Error: (06/06/2014 08:27:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe12.17.1863.0534cefc5ntdll.dll6.1.7601.18247521eaf24c0000005000000000002bb8f184001cf81b4f07fc0efC:\Program Files\Opera x64\opera.exeC:\Windows\SYSTEM32\ntdll.dll32e0cd6b-eda8-11e3-83b3-485b3966ed32
 
Error: (06/05/2014 02:24:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Opera.exe12.17.1863.0534cefc5ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102250801cf80b922624e40C:\Program Files\Opera x64\Opera.exeC:\Windows\SYSTEM32\ntdll.dll6517bd88-ecac-11e3-ad05-485b3966ed32
 
Error: (06/05/2014 02:49:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Adobe Premiere Pro.exe6.0.5.05211d7f5UIFramework.dll6.0.5.15211c8ebc000000500000000000d063923001cf8040c4820038C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exeC:\Program Files\Adobe\Adobe Premiere Pro CS6\UIFramework.dll508ed2dc-ec4b-11e3-ad05-485b3966ed32
 
Error: (06/04/2014 00:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Adobe Premiere Pro.exe6.0.5.05211d7f5UIFramework.dll6.0.5.15211c8ebc000000500000000000d063921fc01cf7fd5536b6943C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exeC:\Program Files\Adobe\Adobe Premiere Pro CS6\UIFramework.dll5a4a63bc-ebd6-11e3-ad05-485b3966ed32
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 87%
Total physical RAM: 4061.02 MB
Available physical RAM: 494.48 MB
Total Pagefile: 8938.57 MB
Available Pagefile: 3176.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:159.38 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 000E4F72)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:20 PM

Posted 14 June 2014 - 04:38 AM

Hi,

 

First of all, I would just like to tell you that even if this has nothing to do with malware, you are not wasting my time in any way. This will be a very educational experience for me either way, and I'll be extremely pleased if I can successfully help you. So don't worry about that at all. :)

 

Now then, I am going to have you uninstall some programs.

 

First, there are signs in your logs that you may have pirated Microsoft Office and Adobe Creative Suite. Is this true? While pirating software and using keygens and cracks is useful for getting programs for free, not only is it illegal, but pirated software and software used for piracy are very commonly used to infect unsuspected users with very nasty malware. Even if the pirated/cracked program works as it's supposed to, there could be infections running silently in the background, which, in turn, could be downloading more malware. Due to this, using cracks, keygens and pirated software is very dangerous. If you did pirate them, I strongly recommend uninstalling Office and CS along with the programs below to ensure you are malware-free, but I won't force you.

 

Second, did you install MiniLyrics yourself? If not, I'd like you to remove it with the programs below.

 

Third, I see you have uTorrent installed. This is a peer-to-peer program, and although it is useful for sharing files, it is an extreme security risk. Even if not using it for illegal purposes, you may have your personal information shared without your knowledge, and can both download and even spread infections without knowing as well. The risk of this greatly increases with the sharing of illegal data. Because of the risks of using this program, I highly recommend you remove uTorrent from your computer. If you still want to keep it, let me know, and don't use it until we're done fixing your computer problems.

 

Finally, your versions of Java and Adobe Reader are outdated, so I am going to have you uninstall them and update them later in the fix. However, I must ask, do you use these programs? I ask because they're a rather big security risk even up-to-date, so it's best to not have them if you don't use them often enough. Let me know whether you want the new versions or not. :)

 

Uninstall Programs

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

If you want to use Programs and Features:

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    µTorrent

    Adobe Acrobat X Pro - English, Fran軋is, Deutsch

    Adobe Reader X (10.1.10) - Japanese

    Java 7 Update 45

    Java™ 6 Update 29

    MiniLyrics
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which cleans up a bit better):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    µTorrent

    Adobe Acrobat X Pro - English, Fran軋is, Deutsch

    Adobe Reader X (10.1.10) - Japanese

    Java 7 Update 45

    Java™ 6 Update 29

    MiniLyrics

  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Next, it seems you've disabled quite a number of items in MSConfig. MSConfig can be rather sloppy when disabling start-up items, but I would be happy to disable them for you normally. So, please re-enable any previously disabled items in MSConfig and let me know of any you'd like me to take care of. :)

 

Finally, I'm going to have you run a FRST fix to take care of a few things.

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    Toolbar: HKCU - No Name - {F18D4965-532F-4907-A55F-7406218BF861} -  No File
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
    AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
    AlternateDataStreams: C:\Users\Administrator\ntuser.dat.log:{4B65B406-E2E3-3CD4-B3BF-78E17DEF2C0F}
    AlternateDataStreams: C:\Users\Administrator\AppData\Local\Temp:USFjavfxhERqEk5qIzMyXjJ9ez9
    AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
    AlternateDataStreams: C:\ProgramData\Microsoft:2cZNKu9njlDOk1sL0m1C8rIqc1l
    AlternateDataStreams: C:\ProgramData\Microsoft:3zzpVYUlkOHP0DtFjdy
    AlternateDataStreams: C:\ProgramData\Microsoft:nRx5jaZb2Viq9uwuc3c4V
    AlternateDataStreams: C:\ProgramData\Microsoft:PAWv7B2KjYLKkFA05DiJS3yxo
    AlternateDataStreams: C:\ProgramData\TEMP:8F9D7ABB
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  • Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

Lastly, I'd like you to rerun a FRST scan and post the new log. This time, only FRST.txt will be made. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 14 June 2014 - 08:28 AM

Hi Gunto,
 
Thank you for your kind help and advice.
I understand the risks of running both pirated software and P2P software. I have been running my machine with this setup for years without issues. Of course I know that this doesn't mean that nothing malicious is happening in the background, but for now, I have decided to keep my installed copies of Office and Adobe Suite, although I am willing to get rid of Office and replace it with an alternative if absolutely necessary.
 
For the rest, I have used Revo to uninstall everything you suggested except MiniLyrics, since, as you say, I did in fact install it myself and use it daily. I also use Acrobat daily (I need something to open PDF files) and occasionally apps that require Java, but I did get rid of those for now.
 
Like you say, I did disable a lot of startup items and services through msconfig over the years that I thought were unnecessary. I'd be glad to hear of a better way to clean them up. I re-enabled all startup applications. Should I do the same with disabled services?
 
As instructed, I ran your fix, restarted and ran another FRST scan. After the restart, as usual, the Power, Computer Browser, Windows Audio and Audio Endpoint Builder Services were not running so I have no sound. All are set to automatic startup. This happens every time I restart and I need to force start the Audio services manually and restart again 1-2 times to get the sound working.
Not sure if this is relevant, but after the restart I also got a cryptic error dialog. It didn't say what application it belongs to, it just says "Unable to open history database! History and logging are *DISABLED*"
Googling it points to PeerBlock (among other things) and indeed, after clicking OK PeerBlock (one of my startup items) opened as usual.
 
Below the logs.
 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-14 14:59:40)<=

==> ATTENTION: System is not rebooted.
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====
 
 
 
 
------------
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Administrator (administrator) on ASUS on 14-06-2014 15:00:09
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(TODO: <Company name>) C:\Program Files\P4G\IntlCtrl.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16336416 2009-08-19] (NVIDIA Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => %windir%\WindowsMobile\wmdc.exe
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-02] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [SpeedTestPro] => "C:\Program Files\SpeedTestPro\SpeedTestPro.exe"
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [PC Suite Tray] => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [ContourCameraFinder] => C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe [96256 2012-02-10] ()
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\MountPoints2: {954852a6-5eb4-11e0-a5cf-806e6f6e6963} - D:\InstAll.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF659C4088C0ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {E70522B2-621A-47B2-B2B9-ACD9F37A68D8} URL = http://search.softonic.com/MOY00011/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d009a536000000000000001e6452abcb&r=948
SearchScopes: HKCU - {9577E9FD-DACA-42D4-A239-B7220E317F35} URL = http://www.google.co.jp/search?hl=ja&q={searchTerms}&lr=lang_ja
SearchScopes: HKCU - {E70522B2-621A-47B2-B2B9-ACD9F37A68D8} URL = http://search.softonic.com/MOY00011/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d009a536000000000000001e6452abcb&r=948
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{22DCF506-D93F-4B8C-BF7A-28FCFFADA643}: [NameServer]192.169.190.190,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: Live HTTP Headers - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-01-23]
FF Extension: Page Speed - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: CSS Usage - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\csscoverage@spaghetticoder.org.xpi [2014-05-10]
FF Extension: Firebug - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\firebug@software.joehewitt.com.xpi [2012-06-12]
FF Extension: FireDiff - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\firediff@johnjbarton.com.xpi [2012-08-05]
FF Extension: FirePHP - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2012-08-05]
FF Extension: Illuminations for Developers - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\sroussey@illumination-for-developers.com.xpi [2012-08-05]
FF Extension: View Cookies - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi [2013-06-29]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-01]
FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-03-14]
FF HKLM-x32\...\Firefox\Extensions: [fe_6.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2012-02-01]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-02-01]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Facebook Disconnect) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-07-02]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-28]
CHR Extension: (Minimal) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog [2013-05-28]
CHR Extension: (Adobe Edge Inspect CC) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Facebook Message Seen Notification Remover) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\piohdenkodpbcigpkmicjapilbfjioil [2013-07-06]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S4 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-05-19] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [604192 2013-03-19] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
S4 jnprTdi_743_36355; C:\Windows\system32\Drivers\jnprTdi_743_36355.sys [108336 2013-05-23] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-03-21] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2012-11-02] (Juniper Networks, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-13] (Malwarebytes Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 15:00 - 2014-06-14 15:00 - 00021802 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-14 14:53 - 2014-06-14 14:53 - 00001250 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-14 14:52 - 2014-06-14 14:52 - 02081792 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-06-14 13:28 - 2014-06-14 14:59 - 00003176 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-06-14 12:06 - 2014-06-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-13 19:36 - 2014-06-13 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 12:57 - 2014-06-12 21:36 - 00000000 ____D () C:\Program Files (x86)\CDCheck
2014-06-12 11:30 - 2014-06-14 15:00 - 00000000 ____D () C:\FRST
2014-06-11 16:21 - 2014-06-11 16:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-08 02:58 - 2014-06-08 02:58 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-06-02 20:16 - 2014-06-02 20:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-02 11:00 - 2014-06-13 14:47 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2014-06-01 02:32 - 2014-06-01 02:32 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-01 02:31 - 2014-06-01 02:31 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
2014-06-01 02:20 - 2014-06-01 02:20 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-05-28 11:54 - 2014-05-28 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 11:09 - 2014-05-28 11:23 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-05-28 10:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 10:17 - 2014-06-13 10:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 10:16 - 2014-05-28 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 10:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 10:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 09:44 - 2014-05-28 12:54 - 00000000 ____D () C:\Windows\Minidump
2014-05-22 09:39 - 2014-06-13 19:39 - 00009037 _____ () C:\Windows\setupact.log
2014-05-22 09:39 - 2014-05-22 09:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 14:42 - 2014-05-08 09:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 14:42 - 2014-05-08 08:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 14:42 - 2014-05-08 07:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 14:42 - 2014-05-08 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 14:42 - 2014-05-08 06:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 14:42 - 2014-05-08 06:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 12:15 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 12:15 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 12:12 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 12:12 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 12:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 12:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 12:11 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 12:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 12:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 12:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 12:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 12:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 12:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 12:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 12:11 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 12:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 12:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 12:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 12:11 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 12:11 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 12:11 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 12:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 12:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-17 12:10 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 12:10 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 12:10 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 12:10 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 12:10 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 12:10 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 12:10 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 12:10 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 12:10 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 12:10 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 12:10 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 12:10 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 12:10 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 12:10 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 12:10 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 12:10 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 12:10 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 12:10 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 12:10 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 12:10 - 2012-06-01 07:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-05-17 12:10 - 2012-06-01 07:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-05-17 12:10 - 2012-06-01 07:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-05-17 12:10 - 2012-06-01 07:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-05-17 12:10 - 2012-06-01 07:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-05-17 12:10 - 2012-06-01 07:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-05-17 12:10 - 2012-06-01 06:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2014-05-17 12:10 - 2012-06-01 06:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2014-05-17 12:10 - 2012-06-01 06:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2014-05-17 12:10 - 2012-06-01 06:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2014-05-17 12:10 - 2012-06-01 06:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2014-05-17 12:10 - 2012-06-01 06:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2014-05-17 12:09 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 12:09 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 12:09 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 12:09 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 12:09 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 12:09 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 12:09 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 12:09 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 12:09 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 12:09 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 12:09 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 12:09 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 12:09 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 12:09 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 12:09 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 12:09 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 12:09 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 11:21 - 2014-05-17 11:21 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 __RHD () C:\MSOCache
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-17 10:59 - 2014-05-17 11:21 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-17 10:59 - 2014-05-17 10:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-17 01:26 - 2009-05-19 16:25 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-05-17 01:26 - 2009-05-19 16:24 - 02851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-05-17 01:26 - 2009-05-19 16:24 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2014-05-16 20:13 - 2014-05-16 20:13 - 00000000 ____D () C:\Users\Administrator\.android
2014-05-15 11:24 - 2014-05-15 11:24 - 00000000 ____D () C:\Program Files (x86)\ScriptLogic Corporation

==================== One Month Modified Files and Folders =======

2014-06-14 15:02 - 2014-06-14 15:00 - 00021802 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-14 15:02 - 2011-04-04 21:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp
2014-06-14 15:02 - 2009-07-14 06:45 - 00028832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 15:02 - 2009-07-14 06:45 - 00028832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 15:01 - 2011-09-17 13:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-14 15:01 - 2011-04-07 08:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2014-06-14 15:00 - 2014-06-12 11:30 - 00000000 ____D () C:\FRST
2014-06-14 15:00 - 2011-04-07 08:35 - 00000000 ___RD () C:\Dropbox
2014-06-14 14:59 - 2014-06-14 13:28 - 00003176 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-06-14 14:59 - 2014-05-02 23:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-06-14 14:59 - 2011-04-06 01:19 - 00000700 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 14:56 - 2012-11-13 14:14 - 00306314 _____ () C:\Windows\PFRO.log
2014-06-14 14:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 14:55 - 2011-04-06 01:56 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-06-14 14:55 - 2011-04-04 21:20 - 01120751 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 14:54 - 2011-12-12 20:54 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-14 14:53 - 2014-06-14 14:53 - 00001250 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-14 14:52 - 2014-06-14 14:52 - 02081792 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-06-14 14:46 - 2011-12-24 16:19 - 00000000 ____D () C:\Windows\pss
2014-06-14 14:46 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-14 14:14 - 2011-04-06 01:19 - 00000704 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 14:05 - 2012-07-25 04:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 13:51 - 2011-04-25 22:12 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-06-14 13:48 - 2011-04-04 21:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-14 13:31 - 2013-10-23 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 13:28 - 2014-05-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-14 13:26 - 2011-07-18 13:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 13:16 - 2011-11-23 12:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-06-14 12:59 - 2011-04-05 22:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-14 12:17 - 2011-04-05 22:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-14 12:06 - 2014-06-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-14 01:18 - 2011-05-29 17:58 - 00000000 ____D () C:\Program Files (x86)\Minilyrics
2014-06-14 01:05 - 2014-04-16 13:19 - 00000600 _____ () C:\Users\Administrator\AppData\Roaming\winscp.rnd
2014-06-13 19:39 - 2014-05-22 09:39 - 00009037 _____ () C:\Windows\setupact.log
2014-06-13 19:36 - 2014-06-13 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 19:36 - 2012-05-02 12:52 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-13 19:24 - 2011-12-12 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-13 17:52 - 2011-04-06 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-13 17:52 - 2011-04-06 17:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 14:47 - 2014-06-02 11:00 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2014-06-13 10:11 - 2014-05-28 10:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 02:08 - 2011-04-05 22:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-06-13 00:42 - 2009-07-14 09:46 - 00000000 ____D () C:\Windows\ShellNew
2014-06-12 22:25 - 2011-06-02 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2014-06-12 21:36 - 2014-06-12 12:57 - 00000000 ____D () C:\Program Files (x86)\CDCheck
2014-06-12 15:55 - 2009-07-14 07:13 - 00865644 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 17:09 - 2013-04-01 00:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-06-11 16:21 - 2014-06-11 16:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-08 03:00 - 2012-11-05 20:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity
2014-06-08 02:58 - 2014-06-08 02:58 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-06-05 13:14 - 2012-04-03 18:55 - 00001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-06-02 20:19 - 2014-06-02 20:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-01 21:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-01 02:32 - 2014-06-01 02:32 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-01 02:32 - 2011-04-04 21:20 - 00000000 ____D () C:\Users\Administrator
2014-06-01 02:31 - 2014-06-01 02:31 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
2014-06-01 02:20 - 2014-06-01 02:20 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-05-29 13:46 - 2012-04-03 13:01 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-29 01:01 - 2011-04-06 00:18 - 00000000 ___RD () C:\Users\Administrator\Desktop\Work
2014-05-28 12:54 - 2014-05-28 09:44 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 11:54 - 2014-05-28 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 11:43 - 2013-09-04 10:53 - 00000000 ____D () C:\Windows\WindowsMobile
2014-05-28 11:23 - 2014-05-28 11:09 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-05-28 10:16 - 2014-05-28 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2011-12-03 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 18:43 - 2011-04-04 21:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-05-24 11:54 - 2011-04-04 21:20 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:53 - 2011-04-07 08:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 00:03 - 2011-04-05 23:27 - 00000000 ___RD () C:\Users\Administrator\Desktop\大学
2014-05-23 22:27 - 2013-11-14 15:14 - 00000000 ____D () C:\Lyrics
2014-05-22 17:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-22 16:39 - 2009-07-14 07:08 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 09:39 - 2014-05-22 09:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 12:49 - 2012-07-25 04:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-20 12:49 - 2012-04-05 12:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-20 12:49 - 2011-06-09 22:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 15:17 - 2011-04-04 21:20 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 15:14 - 2014-05-10 22:11 - 00079244 _____ () C:\Windows\iis7.log
2014-05-17 15:13 - 2009-07-14 06:45 - 06252768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-05-17 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 14:29 - 2013-10-07 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 13:22 - 2011-04-04 22:43 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-17 11:52 - 2011-04-04 23:58 - 00168512 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-17 11:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-05-17 11:22 - 2014-05-17 11:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 11:21 - 2014-05-17 11:21 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-17 11:21 - 2014-05-17 10:59 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 __RHD () C:\MSOCache
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-05-17 11:19 - 2014-05-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-17 10:59 - 2014-05-17 10:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-17 01:57 - 2011-04-06 17:07 - 00000000 ____D () C:\Program Files\Microsoft OfficeOLD
2014-05-17 01:52 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2014-05-16 20:13 - 2014-05-16 20:13 - 00000000 ____D () C:\Users\Administrator\.android
2014-05-16 18:18 - 2013-06-27 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-16 18:18 - 2013-05-16 15:08 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-05-16 18:18 - 2013-05-16 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-05-16 18:07 - 2011-04-07 23:36 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-15 11:24 - 2014-05-15 11:24 - 00000000 ____D () C:\Program Files (x86)\ScriptLogic Corporation

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbx72fl.dll
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 15:34

==================== End Of Log ============================


#8 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 14 June 2014 - 05:49 PM

A small update: the PeerBlock error was unrelated and is now fixed.



#9 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:20 PM

Posted 16 June 2014 - 12:52 AM

Hi,

 

Thanks for posting those logs. :) However, it looks like the fixlog.txt you posted is incomplete. Are you sure you copied the whole thing? If you didn't, please copy and paste the full report into your next response.

 

With regards to a .pdf reader and a replacement for Office, a completely free alternative to Microsoft Office is OpenOffice, which not only processes .pdf files with this extension, but plenty of other formats as well, so you can even replace Acrobat with it. If you decide to use it, I'd like you to remove MS Office. :)

 

For Java, if you don't use it often, I recommend keeping it uninstalled. If you come across something that needs it, you can always install it and then remove it when you're done. :)

 

Yes, please re-enable any services disabled in MSConfig as well, since I can also take care of those. Also, I'd like to know how you'd like me to handle your start-up items and services; would you like me to disable anything unnecessary, or would you like certain items to be enabled? If it's the latter, please let me know which entries you want me to keep.

 

Now, let's try to solve the problems you're having with some of the services that have been crashing. First, I'm going to have you backup your registry just in case something goes wrong. Then, I'm going to have you reset the configuration of the services that have been crashing to default, and see how that works.

 

ERUNT

I need you to backup your registry using ERUNT.

  • Download the ERUNT installer from here, and save it to your desktop.
  • Double click the installer to start the installation. Follow the prompts and let the program install.
  • Now, open up ERUNT by clicking the shortcut on your desktop by the same name. Follow the prompts to complete the backup, and you're finished.

Next, download the following default registry configurations for your services:

 

Audio Endpoint Builder

Computer Browser

Plug and Play

Power

Server

Windows Audio

 

Save them to your desktop, and merge them into your registry one at a time.

 

Now, let's scan the files used for these services with VirusTotal to ensure they aren't infected.

 

VirusTotal

I need you to scan some files with VirusTotal.

  • Visit VirusTotal, and click Choose File. Navigate to the following files and choose them, one at a time:
    C:\WINDOWS\system32\audiosrv.dll

    C:\WINDOWS\system32\browser.dll

    C:\WINDOWS\system32\srvsvc.dll

    C:\WINDOWS\system32\umpnpmgr.dll

    C:\WINDOWS\system32\umpo.dll

  • Click Scan it! after choosing your file. If you receive a message telling you the file has already been scanned, please scan it again anyway.
  • Once VirusTotal is done scanning the file, copy and paste each of the URLs of the scan results into your reply.

Please let me know how your PC's running.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#10 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 16 June 2014 - 07:08 AM

Hi Gunto,

I'm afraid that's the full log that came out of FRST - those are the only lines in Fixlog.txt. But I ran the fix once more and ended up with a more complete log (posted below).

I re-enabled all services disabled in msconfig, but I have to mention that some of them (unused Win services like Fax etc.) I also stopped and set to manual startup through services.msc. I was ages ago and I don't remember exactly which, but none of them should be essential - at least I hope so.
It would be great if you could help me disable everything unnecessary. Non-Microsoft Services that should stay running are:

ASDLR Service
ATKGFNEX Service
NVIDIA Display Driver Service
TabletServiceWacom


And for startup apps I would like to keep:
ATK Hotkey
COMODO Internet Security
Dropbox
Virtual Clone Drive


I made a registry backup with ERUNT, downloaded the reg files and ran them. After that I was about to upload the service files to VirusTotal, but I didn't see any of the dll files in the upload dialog. I can browse to them if I open a normal explorer window, but they don't show up in the VirusTotal upload selection. Perhaps because they're system protected files? What I did was to copy the DLLs to my desktop and upload them from there. This works. All of them are clean, 0 hits. Below the links

https://www.virustotal.com/en/file/fce7b156ed663471cf9a736915f00302e93b50fc647563d235313a37fce8f0f6/analysis/1402915918/
https://www.virustotal.com/en/file/40011138869f5496a3e78d38c9900b466b6f3877526ac22952dcd528173f4645/analysis/1402916239/
https://www.virustotal.com/en/file/8757599d0ae5302c4ce50861beba3a8dd14d7b0dbd916fd5404133688cdfcc40/analysis/1402916326/
https://www.virustotal.com/en/file/57d9764ae6bce33b242c399cdfc10dd405975bd6411ca8c75fbcd06eeb8442a9/analysis/1402916374/
https://www.virustotal.com/en/file/66203ce70a5ede053929a940f38924c6792239ccce10dd2c1d90d5b4d6748b55/analysis/1402916428/


After this I restarted the computer a few times to see whether the sound works. It alternates between working and not.
1st restart: not working
2nd restart: sound OK
3rd restart: not working
4th restart: sound OK
5th restart: not working
6th restart: not working
7th restart: sound OK


Otherwise everything seems to run fine, I'd just like to get rid of the startup items like Steam, TM Server etc.
I don't know if you have any more leads on how to fix the sound issue, but if it's not malware, I'm fine with just letting it go. I barely ever shut the computer down anyway, so having to restart once or twice every once in a while to get the sound running is not so bad.


New Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by Administrator at 2014-06-16 12:01:34 Run:4
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {F18D4965-532F-4907-A55F-7406218BF861} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
AlternateDataStreams: C:\Users\Administrator\ntuser.dat.log:{4B65B406-E2E3-3CD4-B3BF-78E17DEF2C0F}
AlternateDataStreams: C:\Users\Administrator\AppData\Local\Temp:USFjavfxhERqEk5qIzMyXjJ9ez9
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF
AlternateDataStreams: C:\ProgramData\Microsoft:2cZNKu9njlDOk1sL0m1C8rIqc1l
AlternateDataStreams: C:\ProgramData\Microsoft:3zzpVYUlkOHP0DtFjdy
AlternateDataStreams: C:\ProgramData\Microsoft:nRx5jaZb2Viq9uwuc3c4V
AlternateDataStreams: C:\ProgramData\Microsoft:PAWv7B2KjYLKkFA05DiJS3yxo
AlternateDataStreams: C:\ProgramData\TEMP:8F9D7ABB
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F18D4965-532F-4907-A55F-7406218BF861} => Value not found.
'HKCR\CLSID\{F18D4965-532F-4907-A55F-7406218BF861}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.
"C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\ProgramData" => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF" ADS not found.
"C:\Users\All Users" => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF" ADS not found.
"C:\Users\Administrator\ntuser.dat.log" => ":{4B65B406-E2E3-3CD4-B3BF-78E17DEF2C0F}" ADS not found.
"C:\Users\Administrator\AppData\Local\Temp" => ":USFjavfxhERqEk5qIzMyXjJ9ez9" ADS not found.
"C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFL6JNX2KVG89WJNWYLJCHVD8HNPFSVF7JBCVPJGF" ADS not found.
"C:\ProgramData\Microsoft" => ":2cZNKu9njlDOk1sL0m1C8rIqc1l" ADS not found.
"C:\ProgramData\Microsoft" => ":3zzpVYUlkOHP0DtFjdy" ADS not found.
"C:\ProgramData\Microsoft" => ":nRx5jaZb2Viq9uwuc3c4V" ADS not found.
"C:\ProgramData\Microsoft" => ":PAWv7B2KjYLKkFA05DiJS3yxo" ADS not found.
"C:\ProgramData\TEMP" => ":8F9D7ABB" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====



#11 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:20 PM

Posted 20 June 2014 - 12:32 AM

Hi,

 

It's becoming increasingly more plausible that your service problems are not due to malware. Nevertheless, I am going to try my best to fix it for you. :) For the next step, I am going to have you run a scan with Farbar Service Scanner, which may pick up on some issues with the files your services use.

 

Farbar Service Scanner

I need you to run a scan with Farbar Service Scanner.

  • Download FSS from here, and save it to your desktop.
  • Double click the file to start the program. On the main interface, make sure all of the options are checked, and click Scan.
  • Once the scan is done, copy and paste the contents of the resulting log into your reply.

Next, I'd like you to run another FRST scan, this time with the Addition.txt option checked in the main interface, so that I can get a fresh look at your system. :) Once that's done, I'll start helping you with disabling your unnecessary auto start entries.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#12 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 21 June 2014 - 07:38 PM

Hi Gunto,

 

Thanks for your persistence. I'm really fine with dropping the sound services thing because it's not worth the effort, but nevertheless, please find the logs as requested - FSS below and FRST + Addition.txt in a separate reply.

 

 

FSS

---------------------------

Farbar Service Scanner Version: 10-06-2014
Ran by Administrator (administrator) on 22-06-2014 at 02:21:17
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#13 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 21 June 2014 - 07:41 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Administrator (administrator) on ASUS on 22-06-2014 02:28:44
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Opera Software) C:\Program Files\Opera x64\opera.exe
() C:\データ\Tor Browser\App\vidalia.exe
() C:\データ\Tor Browser\App\tor.exe
(Opera Software) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
(Mozilla Corporation) C:\データ\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16336416 2009-08-19] (NVIDIA Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-02] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [ContourCameraFinder] => C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe [96256 2012-02-10] ()
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3756837132-3180274925-1060369510-500\...\MountPoints2: {954852a6-5eb4-11e0-a5cf-806e6f6e6963} - D:\InstAll.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe (No File)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF659C4088C0ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {E70522B2-621A-47B2-B2B9-ACD9F37A68D8} URL = http://search.softonic.com/MOY00011/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d009a536000000000000001e6452abcb&r=948
SearchScopes: HKCU - {9577E9FD-DACA-42D4-A239-B7220E317F35} URL = http://www.google.co.jp/search?hl=ja&q={searchTerms}&lr=lang_ja
SearchScopes: HKCU - {E70522B2-621A-47B2-B2B9-ACD9F37A68D8} URL = http://search.softonic.com/MOY00011/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d009a536000000000000001e6452abcb&r=948
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22DCF506-D93F-4B8C-BF7A-28FCFFADA643}: [NameServer]192.169.190.190,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\staged [2014-06-17]
FF Extension: Live HTTP Headers - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-01-23]
FF Extension: Page Speed - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: CSS Usage - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\csscoverage@spaghetticoder.org.xpi [2014-05-10]
FF Extension: Firebug - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\firebug@software.joehewitt.com.xpi [2012-06-12]
FF Extension: FireDiff - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\firediff@johnjbarton.com.xpi [2012-08-05]
FF Extension: FirePHP - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2012-08-05]
FF Extension: Illuminations for Developers - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\sroussey@illumination-for-developers.com.xpi [2012-08-05]
FF Extension: View Cookies - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi [2013-06-29]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-01]
FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xwuwfxmy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-03-14]
FF HKLM-x32\...\Firefox\Extensions: [fe_6.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2012-02-01]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-02-01]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Facebook Disconnect) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-07-02]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-28]
CHR Extension: (Minimal) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog [2013-05-28]
CHR Extension: (Adobe Edge Inspect CC) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Facebook Message Seen Notification Remover) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\piohdenkodpbcigpkmicjapilbfjioil [2013-07-06]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S4 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-05-19] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [604192 2013-03-19] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
S4 jnprTdi_743_36355; C:\Windows\system32\Drivers\jnprTdi_743_36355.sys [108336 2013-05-23] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-03-21] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2012-11-02] (Juniper Networks, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-13] (Malwarebytes Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfoX64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 02:28 - 2014-06-22 02:30 - 00021414 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-22 02:26 - 2014-06-22 02:26 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-06-22 02:19 - 2014-06-22 02:21 - 00002769 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-21 13:00 - 2014-06-22 02:31 - 00003178 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-06-21 12:55 - 2014-06-21 12:56 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Program Files\Opera x64
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Program Files (x86)\Opera x64
2014-06-17 22:35 - 2014-06-17 22:35 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-17 22:35 - 2014-06-17 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-17 22:35 - 2014-06-17 22:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-17 16:13 - 2014-06-17 16:16 - 00000000 ____D () C:\Users\Administrator\Desktop\20140617
2014-06-17 02:47 - 2014-06-17 02:47 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-06-16 13:13 - 2014-06-16 13:47 - 00000000 _____ () C:\Windows\system32\peerblock.dmp
2014-06-16 12:17 - 2014-06-16 12:17 - 00000905 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk
2014-06-16 12:17 - 2014-06-16 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 12:17 - 2014-06-16 12:17 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-15 01:58 - 2014-06-19 02:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-06-15 00:07 - 2014-06-15 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-14 14:52 - 2014-06-22 02:26 - 02083328 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-06-14 12:06 - 2014-06-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-13 19:36 - 2014-06-13 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 12:57 - 2014-06-12 21:36 - 00000000 ____D () C:\Program Files (x86)\CDCheck
2014-06-12 11:30 - 2014-06-22 02:29 - 00000000 ____D () C:\FRST
2014-06-11 16:21 - 2014-06-11 16:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-08 02:58 - 2014-06-08 02:58 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-06-02 20:16 - 2014-06-02 20:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-02 11:00 - 2014-06-21 11:50 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2014-06-01 02:20 - 2014-06-01 02:20 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-05-28 11:54 - 2014-05-28 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 11:09 - 2014-05-28 11:23 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-05-28 10:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-28 10:17 - 2014-06-13 10:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 10:16 - 2014-05-28 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 10:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 10:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 09:44 - 2014-05-28 12:54 - 00000000 ____D () C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2014-06-22 02:31 - 2014-06-21 13:00 - 00003178 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-06-22 02:31 - 2011-04-06 01:19 - 00000704 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 02:30 - 2014-06-22 02:28 - 00021414 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-22 02:29 - 2014-06-12 11:30 - 00000000 ____D () C:\FRST
2014-06-22 02:29 - 2011-04-06 01:56 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-06-22 02:26 - 2014-06-22 02:26 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-06-22 02:26 - 2014-06-14 14:52 - 02083328 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-06-22 02:25 - 2011-04-04 21:20 - 01477947 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 02:23 - 2011-04-07 08:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2014-06-22 02:21 - 2014-06-22 02:19 - 00002769 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-22 02:15 - 2011-05-29 17:58 - 00000000 ____D () C:\Program Files (x86)\Minilyrics
2014-06-22 02:07 - 2011-04-05 22:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-22 02:06 - 2011-04-05 22:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-22 02:05 - 2012-07-25 04:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-21 23:31 - 2011-04-06 01:19 - 00000700 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 22:43 - 2013-11-14 15:14 - 00000000 ____D () C:\Lyrics
2014-06-21 12:56 - 2014-06-21 12:55 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-21 12:53 - 2011-04-04 21:20 - 00000000 ____D () C:\Users\Administrator
2014-06-21 12:51 - 2011-06-02 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2014-06-21 11:50 - 2014-06-02 11:00 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2014-06-21 11:35 - 2011-04-04 21:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-06-20 16:01 - 2011-12-12 20:54 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-20 09:49 - 2011-04-07 08:35 - 00000000 ___RD () C:\Dropbox
2014-06-19 23:26 - 2011-04-06 01:19 - 00003700 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 23:26 - 2011-04-06 01:19 - 00003448 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 18:55 - 2012-04-03 18:55 - 00001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-06-19 02:02 - 2014-06-15 01:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-06-18 12:04 - 2009-07-14 06:45 - 00028832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 12:04 - 2009-07-14 06:45 - 00028832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 12:02 - 2013-04-01 00:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-06-18 12:00 - 2014-05-02 23:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DropboxMaster
2014-06-18 12:00 - 2011-09-17 13:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-18 11:59 - 2014-05-22 09:39 - 00010561 _____ () C:\Windows\setupact.log
2014-06-18 11:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 00:25 - 2011-04-06 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-18 00:25 - 2011-04-06 17:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Program Files\Opera x64
2014-06-17 22:55 - 2014-06-17 22:55 - 00000000 ____D () C:\Program Files (x86)\Opera x64
2014-06-17 22:35 - 2014-06-17 22:35 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-17 22:35 - 2014-06-17 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-17 22:35 - 2014-06-17 22:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-17 22:07 - 2011-04-04 21:21 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-17 20:54 - 2009-07-14 07:13 - 00865644 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 16:16 - 2014-06-17 16:13 - 00000000 ____D () C:\Users\Administrator\Desktop\20140617
2014-06-17 02:47 - 2014-06-17 02:47 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-06-17 02:29 - 2011-04-05 22:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-16 13:47 - 2014-06-16 13:13 - 00000000 _____ () C:\Windows\system32\peerblock.dmp
2014-06-16 12:17 - 2014-06-16 12:17 - 00000905 _____ () C:\Users\Administrator\Desktop\ERUNT.lnk
2014-06-16 12:17 - 2014-06-16 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 12:17 - 2014-06-16 12:17 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-16 12:06 - 2012-07-25 04:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-16 12:06 - 2012-04-05 12:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 12:06 - 2011-06-09 22:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-15 00:07 - 2014-06-15 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-14 14:56 - 2012-11-13 14:14 - 00306314 _____ () C:\Windows\PFRO.log
2014-06-14 14:46 - 2011-12-24 16:19 - 00000000 ____D () C:\Windows\pss
2014-06-14 13:51 - 2011-04-25 22:12 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-06-14 13:48 - 2011-04-04 21:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-14 13:31 - 2013-10-23 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 13:31 - 2011-07-18 13:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 13:28 - 2014-05-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-14 13:16 - 2011-11-23 12:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-06-14 12:06 - 2014-06-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-14 01:05 - 2014-04-16 13:19 - 00000600 _____ () C:\Users\Administrator\AppData\Roaming\winscp.rnd
2014-06-13 19:36 - 2014-06-13 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 19:36 - 2012-05-02 12:52 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-13 10:11 - 2014-05-28 10:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 00:42 - 2009-07-14 09:46 - 00000000 ____D () C:\Windows\ShellNew
2014-06-12 21:36 - 2014-06-12 12:57 - 00000000 ____D () C:\Program Files (x86)\CDCheck
2014-06-11 16:21 - 2014-06-11 16:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-08 03:00 - 2012-11-05 20:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity
2014-06-08 02:58 - 2014-06-08 02:58 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-06-04 00:56 - 2014-02-24 00:28 - 122222021 _____ () C:\Users\Administrator\Desktop\Bad.Influence.se1ep1.mp4
2014-06-02 20:19 - 2014-06-02 20:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-01 21:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-01 02:20 - 2014-06-01 02:20 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-05-29 13:46 - 2012-04-03 13:01 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-29 01:01 - 2011-04-06 00:18 - 00000000 ___RD () C:\Users\Administrator\Desktop\Work
2014-05-28 12:54 - 2014-05-28 09:44 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 11:54 - 2014-05-28 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 11:43 - 2013-09-04 10:53 - 00000000 ____D () C:\Windows\WindowsMobile
2014-05-28 11:23 - 2014-05-28 11:09 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-05-28 10:16 - 2014-05-28 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:15 - 2011-12-03 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 11:53 - 2011-04-07 08:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 00:03 - 2011-04-05 23:27 - 00000000 ___RD () C:\Users\Administrator\Desktop\大学

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1h37s7.dll
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 13:11

==================== End Of Log ============================

 

 

 

 

 

 

 

----------------------------------

Addition.txt

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Administrator at 2014-06-22 02:31:43
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.1.369 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.0.1.123 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.0.1.123 - ArcSoft) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.22 - ASUS)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0051 - ASUS)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avid Codecs LE (HKLM-x32\...\{A876EBF9-9046-4953-888D-8A60B8777027}) (Version: 2.3.7 - 会社名)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete Stand-Alone) (Version: 3.1.1.0 - Nik Software, Inc.)
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.3.50343.1263 - COMODO Group Inc.)
Contour Storyteller (HKLM-x32\...\Contour Storyteller 3.3.2) (Version: 3.3.2 - Contour)
DCP Builder Basic Edition 0.3 (HKLM\...\DcpBuilderBasicEdition_is1) (Version: 0.3 - Digital Signal Processing Laboratory, University of Perugia)
Dfine 2.0 (HKLM-x32\...\Dfine 2.0 Stand-Alone) (Version: 2.1.0.7 - Nik Software, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
eMule (HKLM-x32\...\eMule) (Version:  - )
Engraver 2.22. (HKLM-x32\...\EngraverII plug-in for Adobe Photoshop and compa~9CA97D3D_is1) (Version:  - )
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
EZTitles Plug-in Demo 4.1.21 for Adobeョ Premiereョ (HKLM-x32\...\EZTitles Plug-in IV for Adobeョ Premiereョ_is1) (Version:  - EZTitles Development Studio Ltd.)
ffdshow v1.3.4515 [2013-06-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4515.0 - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
Fontlab TypeTool 3 (HKLM-x32\...\TypeTool 3.1_is1) (Version: 3.1 - FontLab)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LINE (HKLM-x32\...\LINE) (Version: 3.6.0.32 - LINE Corporation)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.64 (HKLM\...\MediaInfo) (Version: 0.7.64 - MediaArea.net)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.41 - Crintsoft) <==== ATTENTION
MKVToolNix 6.1.0 (HKLM-x32\...\MKVtoolnix) (Version: 6.1.0 - Moritz Bunkus)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.86.0 - Nokia)
Nokia Suite (x32 Version: 3.3.86.0 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
OpenDCP (HKLM-x32\...\OpenDCP-0.0.26) (Version: 0.0.26 - OpenDCP)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
proDAD Mercalli 2.0 (64bit) (HKLM\...\proDAD-Mercalli-2.0) (Version: 2.0.65 - proDAD GmbH)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.1.0.1824 - GetData Pty Ltd)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0 Stand-Alone) (Version: 3.0.0.5 - Nik Software, Inc.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Subtitle Edit 3.3.3 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.3.1745 - Nikse)
SurCode for Dolby Digital (HKLM-x32\...\SurCode for Dolby Digital) (Version:  - )
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{8844595D-7554-49D2-90C4-3771532B7B1A}) (Version: 11.0 - Red Giant Software)
Trapcode Suite 64-bit (Version: 11.0 - Red Giant Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.6-7 - Wacom Technology Corp.)
WAV to AC3 Encoder 5.0 (HKLM-x32\...\WAV to AC3 Encoder_is1) (Version:  - Wieslaw Soltes)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4100 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.6 - Christoph Grether)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
XDCAMBrowser (HKLM-x32\...\{2D076E90-866E-4C2B-B9EF-F74F0F08E365}) (Version: 2.1.0.303 - Sony Corporation)

==================== Restore Points  =========================

13-06-2014 15:48:40 Configured Microsoft Office Professional Plus 2010
14-06-2014 10:08:43 Revo Uninstaller's restore point - Adobe Acrobat X Pro - English, Fran軋is, Deutsch
14-06-2014 10:11:07 Removed Adobe Acrobat X Pro - English, Fran軋is, Deutsch.
14-06-2014 11:02:04 Revo Uninstaller's restore point - Adobe Reader X (10.1.10) - Japanese
14-06-2014 11:13:57 Revo Uninstaller's restore point - µTorrent
14-06-2014 11:17:12 Revo Uninstaller's restore point - Java 7 Update 45
14-06-2014 11:17:40 Removed Java 7 Update 45
14-06-2014 11:26:43 Revo Uninstaller's restore point - Java™ 6 Update 29
14-06-2014 11:27:13 Removed Java™ 6 Update 29
14-06-2014 11:31:53 Revo Uninstaller's restore point - KvK Sign & Validate Acrobat Reader PLUG-IN
14-06-2014 11:32:40 Geconfigureerd KvK Sign & Validate Acrobat Reader PLUG-IN
14-06-2014 11:51:06 Revo Uninstaller's restore point - Ovi Maps 3D browser plugin 5.2.7.0
17-06-2014 22:18:36 Configured Microsoft Office Professional Plus 2010
17-06-2014 22:21:25 Configured Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

2012-12-24 13:51 - 2014-06-16 12:01 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {060DADA5-C67D-4B38-A97A-CD991B90A784} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] ()
Task: {08C4888B-A752-431D-B82A-4D1A47ACD9AC} - System32\Tasks\AdobeAAMUpdater-1.0-ASUS-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {2A0F82CF-8581-4A2F-922B-A4E857FFC6DF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Task: {2C528CBE-403D-4AEA-BB89-4BC05C63FE5F} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: {32B5D5A4-DA0B-4C0F-913A-059CC7AEE55F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-08-28] (ATK)
Task: {3C8D92F1-FFF4-4D7C-AC33-EE31F885BCD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {87F2A5A3-1E70-4FEC-A059-3F1BC0B6A257} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06] (Google Inc.)
Task: {8AE9B9E5-E99C-4FEA-92E7-5CEB1A9D2F4E} - System32\Tasks\Hibernate => shutdown
Task: {927E165E-F47A-41AD-8F12-73293BADD584} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: {9416D489-6BBC-40B6-B32D-83EA33F8A30B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {AC5265AE-A428-4A4D-9B5F-90759EB682DA} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2012-10-01] ()
Task: {B7FA4812-14AF-47EB-92B6-782C6823B918} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {BBE563C1-956E-464E-9A3B-9A42836CA6FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06] (Google Inc.)
Task: {D7DF6B8C-5C92-48C1-81DF-32EBD8D90DD9} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2012-10-01] ()
Task: {E3E988FA-0777-472F-A472-8EA58898DADE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {E45E0FB7-D12F-4DB1-A4B5-EF6931A8B608} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16] (Adobe Systems Incorporated)
Task: {EA5315C1-2469-4CF6-A279-2E9DB0197A3E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {EE79CEC5-B0FB-418B-B25C-F1978E123B74} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-04 21:25 - 2007-08-08 00:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-04-06 02:09 - 2010-11-15 11:08 - 01182576 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2008-08-13 20:59 - 2008-08-13 20:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2009-07-24 10:32 - 2009-07-24 10:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-08-28 15:00 - 2009-08-28 15:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-28 11:43 - 2009-08-28 11:43 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2011-04-04 21:25 - 2007-03-09 18:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2011-11-10 16:25 - 2013-04-15 19:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-06-17 22:55 - 2014-06-17 22:55 - 01022464 _____ () C:\Program Files\Opera x64\gstreamer\gstreamer.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00108544 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstaudioconvert.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00106496 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstaudioresample.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00062464 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstautodetect.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00108032 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstcoreplugins.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00073216 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstdecodebin2.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00074752 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstdirectsound.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00201216 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstffmpegcolorspace.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00340480 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstoggdec.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00045056 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwaveform.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00077312 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwavparse.dll
2014-06-17 22:55 - 2014-06-17 22:55 - 00115712 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwebmdec.dll
2013-01-07 17:32 - 2013-01-07 17:32 - 06239727 _____ () C:\データ\Tor Browser\App\vidalia.exe
2013-01-07 17:32 - 2013-01-07 17:32 - 02886442 _____ () C:\データ\Tor Browser\App\tor.exe
2014-05-20 12:48 - 2014-05-20 12:48 - 22488240 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll
2014-06-18 12:00 - 2014-06-18 12:00 - 00043008 _____ () C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1h37s7.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-07 17:32 - 2013-01-07 17:32 - 00043008 _____ () C:\データ\Tor Browser\App\libgcc_s_dw2-1.dll
2013-01-07 17:32 - 2013-01-07 17:32 - 00047972 _____ () C:\データ\Tor Browser\App\mingwm10.dll
2013-01-07 17:32 - 2013-01-07 17:32 - 00031758 _____ () C:\データ\Tor Browser\App\libssp-0.dll
2013-01-07 17:32 - 2013-01-07 17:32 - 01900032 _____ () C:\データ\Tor Browser\FirefoxPortable\App\Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18769208.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18769208.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: CVPND => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: JuniperAccessService => 3
MSCONFIG\Services: mi-raysat_3dsmax2010_64 => 2
MSCONFIG\Services: RapiMgr => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: WcesComm => 2
MSCONFIG\Services: WPCSvc => 3

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 00:02:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: msieftp.dll, version: 6.1.7601.18300, time stamp: 0x5270700a
Exception code: 0xc0000005
Fault offset: 0x0000000000018c00
Faulting process id: 0xbcc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (06/18/2014 11:23:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 35.0.1916.153, time stamp: 0x538fb354
Faulting module name: chrome.dll, version: 35.0.1916.153, time stamp: 0x538fb051
Exception code: 0x80000003
Fault offset: 0x00485166
Faulting process id: 0x135c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (06/17/2014 09:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc072
Faulting module name: imetip.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7b852
Exception code: 0xc0000005
Fault offset: 0x74933f46
Faulting process id: 0x133c
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3

Error: (06/16/2014 02:06:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program opera.exe version 12.17.1863.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f08

Start Time: 01cf88f18ae6edfb

Termination Time: 229

Application Path: C:\Program Files\Opera x64\opera.exe

Report Id: af678eed-f4e9-11e3-8d98-485b3966ed32

Error: (06/16/2014 01:04:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera_plugin_wrapper.exe, version: 12.17.1863.0, time stamp: 0x534cfe97
Faulting module name: NPSWF64_13_0_0_214.dll_unloaded, version: 0.0.0.0, time stamp: 0x5359d0cb
Exception code: 0xc0000005
Fault offset: 0x00000000530687ca
Faulting process id: 0x1ad0
Faulting application start time: 0xopera_plugin_wrapper.exe0
Faulting application path: opera_plugin_wrapper.exe1
Faulting module path: opera_plugin_wrapper.exe2
Report Id: opera_plugin_wrapper.exe3

Error: (06/16/2014 01:04:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 12.17.1863.0, time stamp: 0x534cefc5
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1344
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3

Error: (06/15/2014 00:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera_plugin_wrapper.exe, version: 12.17.1863.0, time stamp: 0x534cfe97
Faulting module name: NPSWF64_13_0_0_214.dll, version: 13.0.0.214, time stamp: 0x5359d0cb
Exception code: 0xc000041d
Fault offset: 0x000000000028bfa6
Faulting process id: 0x144c
Faulting application start time: 0xopera_plugin_wrapper.exe0
Faulting application path: opera_plugin_wrapper.exe1
Faulting module path: opera_plugin_wrapper.exe2
Report Id: opera_plugin_wrapper.exe3

Error: (06/15/2014 00:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera_plugin_wrapper.exe, version: 12.17.1863.0, time stamp: 0x534cfe97
Faulting module name: NPSWF64_13_0_0_214.dll, version: 13.0.0.214, time stamp: 0x5359d0cb
Exception code: 0xc0000005
Fault offset: 0x000000000028bfa6
Faulting process id: 0x144c
Faulting application start time: 0xopera_plugin_wrapper.exe0
Faulting application path: opera_plugin_wrapper.exe1
Faulting module path: opera_plugin_wrapper.exe2
Report Id: opera_plugin_wrapper.exe3

Error: (06/14/2014 10:09:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 12.17.1863.0, time stamp: 0x534cefc5
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x890
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3

Error: (06/14/2014 10:06:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opera.exe, version: 12.17.1863.0, time stamp: 0x534cefc5
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xe98
Faulting application start time: 0xopera.exe0
Faulting application path: opera.exe1
Faulting module path: opera.exe2
Report Id: opera.exe3


System errors:
=============
Error: (06/18/2014 00:33:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/18/2014 11:59:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Process Activation Service service terminated with the following error:
%%3

Error: (06/18/2014 11:59:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error:
%%3

Error: (06/18/2014 11:59:27 AM) (Source: WAS) (EventID: 5005) (User: )
Description: Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.

Error: (06/18/2014 11:59:27 AM) (Source: WAS) (EventID: 5188) (User: )
Description: The directory specified for the temporary application pool config files is either missing or is not accessible by the Windows Process Activation Service. Please specify an existing directory and/or ensure that it has proper access flags. The data field contains the error number.

Error: (06/18/2014 11:59:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Display Driver Service service to connect.

Error: (06/18/2014 11:57:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%1062

Error: (06/18/2014 11:57:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Computer Browser service terminated with service-specific error %%2184.

Error: (06/18/2014 11:57:26 AM) (Source: BROWSER) (EventID: 8017) (User: )
Description: The browser has failed to start because the dependent service LanmanServer had invalid service status 3.
Status             Meaning
  1              Service Stopped

  2              Start Pending

  3              Stop Pending

  4              Running

  5              Continue Pending

  6              Pause Pending

  7              Paused

Error: (06/18/2014 11:57:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%13


Microsoft Office Sessions:
=========================
Error: (06/18/2014 00:02:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4msieftp.dll6.1.7601.183005270700ac00000050000000000018c00bcc01cf8adc0174c5eaC:\Windows\Explorer.EXEC:\Windows\system32\msieftp.dll98dc5dd2-f6cf-11e3-8433-485b3966ed32

Error: (06/18/2014 11:23:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe35.0.1916.153538fb354chrome.dll35.0.1916.153538fb0518000000300485166135c01cf8a70da0adcdeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\chrome.dll4344fd8d-f6ca-11e3-8192-485b3966ed32

Error: (06/17/2014 09:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regedit.exe6.1.7600.163854a5bc072imetip.dll_unloaded0.0.0.04ce7b852c000000574933f46133c01cf8a60ca0be0f0C:\Windows\SysWOW64\regedit.exeimetip.dll1a7eaa59-f654-11e3-9cd7-485b3966ed32

Error: (06/16/2014 02:06:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe12.17.1863.01f0801cf88f18ae6edfb229C:\Program Files\Opera x64\opera.exeaf678eed-f4e9-11e3-8d98-485b3966ed32

Error: (06/16/2014 01:04:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera_plugin_wrapper.exe12.17.1863.0534cfe97NPSWF64_13_0_0_214.dll_unloaded0.0.0.05359d0cbc000000500000000530687ca1ad001cf882f917e9fe9C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exeNPSWF64_13_0_0_214.dll6c54f9f0-f4e1-11e3-8d98-485b3966ed32

Error: (06/16/2014 01:04:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe12.17.1863.0534cefc5ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102134401cf88ee240a2b4aC:\Program Files\Opera x64\opera.exeC:\Windows\SYSTEM32\ntdll.dll6521c303-f4e1-11e3-8d98-485b3966ed32

Error: (06/15/2014 00:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera_plugin_wrapper.exe12.17.1863.0534cfe97NPSWF64_13_0_0_214.dll13.0.0.2145359d0cbc000041d000000000028bfa6144c01cf881f95c0425cC:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exeC:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dllb6ec2018-f413-11e3-8d98-485b3966ed32

Error: (06/15/2014 00:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera_plugin_wrapper.exe12.17.1863.0534cfe97NPSWF64_13_0_0_214.dll13.0.0.2145359d0cbc0000005000000000028bfa6144c01cf881f95c0425cC:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exeC:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dllb414b282-f413-11e3-8d98-485b3966ed32

Error: (06/14/2014 10:09:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe12.17.1863.0534cefc5ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410289001cf880c86110062C:\Program Files\Opera x64\opera.exeC:\Windows\SYSTEM32\ntdll.dllc50ab93c-f3ff-11e3-8d98-485b3966ed32

Error: (06/14/2014 10:06:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opera.exe12.17.1863.0534cefc5ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102e9801cf880c2df6c373C:\Program Files\Opera x64\opera.exeC:\Windows\SYSTEM32\ntdll.dll6c9eb19a-f3ff-11e3-8d98-485b3966ed32


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 4061.02 MB
Available physical RAM: 1533.19 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 4844.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:183.83 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 000E4F72)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:20 PM

Posted 23 June 2014 - 03:53 AM

Hi,

 

First, I noticed you didn't install OpenOffice at all, nor even mention it after I did. Was there something wrong in that area?

 

Also, it looks like you missed a few services in MSConfig:

MSCONFIG\Services: CVPND => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: JuniperAccessService => 3
MSCONFIG\Services: mi-raysat_3dsmax2010_64 => 2
MSCONFIG\Services: RapiMgr => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: WcesComm => 2
MSCONFIG\Services: WPCSvc => 3

 

Please re-enable them as you would normally. You can disable them again later in this post's steps. :)

 

Next, I see several orphans in your new FRST log, so here's a script to get rid of them.

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
  • Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

Now then, time to disable the unnecessary start-up entries and services.

 

Autoruns

 

I need you to disable some entries in Autoruns.

  • Download Autoruns from here, and save it to your desktop.
  • Unzip the contents to your desktop, then run autoruns.exe. Accept the license agreement, and the program will open.
  • Once it opens, it may take a few seconds to load all the entries. Once it does, simply uncheck any entries you know that you don't need to disable them. In the event that you want them back, simply open Autoruns again and place a check next to the entry.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 1Ct

1Ct
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 23 June 2014 - 08:00 PM

Hi Gunto,

 

-You're right, I had the "Hide all Microsoft services" box checked. I enabled everything back.

-I ran FRST but it produced an empty text file. This happens sometime if I don't run it as administrator, which I forgot. I ran it a second time (log below), but obviously some of the items had already been removed, as it says in the log.

-Sorry, I forgot about Office. I uninstalled it and replaced it with OpenOffice.

-And I disabled all third-party startup items that I don't need with Autoruns.

 

Below the fixlog.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Administrator at 2014-06-23 13:18:27 Run:6
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Error deleting key. The key could be protected.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk => Moved successfully.
'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin'=> Key not found.
C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll not found.
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users