Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Issues - Slowness, Virus Detections, Paranoia


  • This topic is locked This topic is locked
9 replies to this topic

#1 Agent Shark

Agent Shark

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 07 June 2014 - 05:49 PM

Hey everyone,

 

I need some help. Here are the logs including the attached.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by David at 18:45:27 on 2014-06-07
Microsoft Windows 8 Enterprise  6.2.9200.0.1252.1.1033.18.3767.1618 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\KMSServerService\KMS Server Service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\David\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe
C:\Users\David\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\David\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\David\AppData\Roaming\Dashlane\ie\Dashlanei.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\David\AppData\Roaming\Dashlane\ie\KWIEBar.dll
uRun: [uTorrent] "C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Spotify] "C:\Users\David\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [f.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Dashlane] "C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0EB4B965-738E-48DD-89CE-92A8D609041C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0EB4B965-738E-48DD-89CE-92A8D609041C}\44166796462E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{0EB4B965-738E-48DD-89CE-92A8D609041C}\84F4D454D214545423 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Hotspot Shield Toolbar: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\krahvcxs.default\
FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-12-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-12-15 208416]
R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2014-5-31 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2013-12-15 1039096]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2013-12-15 423240]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\Drivers\hssdrv6.sys [2014-4-13 44744]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-4-23 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-12-15 79184]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-26 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-23 50344]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-5-21 402192]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-5-21 123152]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-5-21 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-5-21 774928]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2014-3-24 977704]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2014-3-24 555304]
R2 KMSServerService;Windows Service that emulates a Key Management Service (KMS) Server;C:\Windows\KMSServerService\KMS Server Service.exe [2013-11-23 250880]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-12 860472]
R2 TBSrv;Toolbar Service;C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [2014-4-13 350528]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-26 904248]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-8-27 14401104]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\Drivers\HECIx64.sys [2009-9-17 56344]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-20 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-4-12 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-4-12 64216]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2014-3-24 42184]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2014-06-07 21:24:24    --------    d-----w-    C:\Program Files (x86)\Dashlane
2014-06-07 21:21:26    --------    d-----w-    C:\Users\David\AppData\Roaming\Dashlane
2014-06-06 19:33:24    --------    d-----w-    C:\Users\David\AppData\Local\Macromedia
2014-06-06 18:17:06    --------    d-----w-    C:\Users\David\AppData\Local\Apps
2014-06-06 18:17:05    --------    d-----w-    C:\Users\David\AppData\Local\Deployment
2014-05-31 23:07:23    --------    d-----w-    C:\ProgramData\BlueStacks
2014-05-31 23:07:23    --------    d-----w-    C:\Program Files (x86)\BlueStacks
2014-05-31 23:06:27    --------    d-----w-    C:\ProgramData\BlueStacksSetup
2014-05-31 23:06:12    --------    d-----w-    C:\Users\David\AppData\Local\Bluestacks
2014-05-31 23:01:36    --------    d-----w-    C:\Users\David\AppData\Local\VMware
2014-05-31 22:54:05    73296    ----a-w-    C:\Windows\System32\drivers\vsock.sys
2014-05-31 22:54:05    67664    ----a-w-    C:\Windows\System32\vsocklib.dll
2014-05-31 22:54:05    63568    ----a-w-    C:\Windows\SysWow64\vsocklib.dll
2014-05-31 22:53:38    64080    ----a-w-    C:\Windows\System32\drivers\vmx86.sys
2014-05-31 22:53:08    358480    ----a-w-    C:\Windows\SysWow64\vmnetdhcp.exe
2014-05-31 22:53:04    437328    ----a-w-    C:\Windows\SysWow64\vmnat.exe
2014-05-31 22:53:04    30800    ----a-w-    C:\Windows\System32\drivers\vmnetuserif.sys
2014-05-31 22:52:58    930384    ----a-w-    C:\Windows\System32\vnetlib64.dll
2014-05-31 22:51:25    53816    ----a-w-    C:\Windows\System32\drivers\hcmon.sys
2014-05-31 22:50:44    --------    d-----w-    C:\Program Files\Common Files\VMware
2014-05-31 22:49:13    --------    d-----w-    C:\Program Files (x86)\VMware
2014-05-31 22:49:13    --------    d-----w-    C:\Program Files (x86)\Common Files\VMware
2014-05-31 22:42:41    258224    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-31 22:02:25    --------    d-----w-    C:\Users\David\AppData\Roaming\GetPrivate
2014-05-31 22:02:17    --------    d-----w-    C:\Users\David\AppData\Roaming\wi_upd
2014-05-26 17:20:56    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-26 17:20:55    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-26 16:33:38    --------    d-----w-    C:\Users\David\AppData\Local\Origin
2014-05-26 16:32:08    --------    d-----w-    C:\ProgramData\Electronic Arts
2014-05-26 16:31:58    --------    d-----w-    C:\Program Files (x86)\Origin
2014-05-26 16:15:07    --------    d-----w-    C:\Users\David\AppData\Roaming\Kalypso Media
2014-05-26 16:10:52    --------    d-----w-    C:\Users\David\AppData\Roaming\tropico 4
2014-05-26 15:29:30    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2014-05-24 23:17:34    --------    d-----w-    C:\Program Files (x86)\Password Corral v4.0
2014-05-24 18:51:08    --------    d-----w-    C:\Users\David\AppData\Roaming\Gyazo
2014-05-24 18:50:44    --------    d-----w-    C:\Program Files (x86)\Gyazo
2014-05-24 01:20:30    693760    ----a-w-    C:\Windows\System32\WSShared.dll
2014-05-24 01:20:30    628024    ----a-w-    C:\Windows\System32\NotificationUI.exe
2014-05-24 01:20:29    566784    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-05-24 01:20:28    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-24 01:20:28    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-24 01:18:59    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-24 01:17:11    1287168    ----a-w-    C:\Windows\System32\schedsvc.dll
2014-05-24 01:17:06    621568    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-05-24 01:17:05    370688    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2014-05-24 01:17:05    215040    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2014-05-24 01:17:05    1120768    ----a-w-    C:\Windows\System32\gpedit.dll
2014-05-24 01:17:03    247808    ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2014-05-24 01:17:03    1075200    ----a-w-    C:\Windows\SysWow64\gpedit.dll
2014-05-24 01:17:01    78336    ----a-w-    C:\Windows\System32\drivers\IPMIDrv.sys
2014-05-19 21:06:37    --------    d-----w-    C:\Users\David\AppData\Local\Wondershare
2014-05-19 21:06:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Wondershare
.
==================== Find3M  ====================
.
2014-06-07 22:23:30    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-19 17:05:04    85328    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-05-19 17:05:04    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-12 11:26:14    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-12 11:26:00    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-06 03:37:50    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-04-23 22:14:26    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-04-23 22:14:25    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-04-23 22:14:25    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-23 22:14:25    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-04-23 22:14:25    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-04-23 22:14:23    43152    ----a-w-    C:\Windows\avastSS.scr
2014-04-12 09:27:03    172888    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 09:10:31    578048    ----a-w-    C:\Windows\System32\winlogon.exe
2014-04-12 09:09:43    208896    ----a-w-    C:\Windows\System32\wdigest.dll
2014-04-12 09:09:39    1043968    ----a-w-    C:\Windows\System32\usercpl.dll
2014-04-12 09:09:34    94720    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-04-12 09:09:19    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-04-12 09:08:37    318464    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-04-12 09:08:17    439808    ----a-w-    C:\Windows\System32\lsm.dll
2014-04-12 09:08:17    1281536    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 09:08:10    827904    ----a-w-    C:\Windows\System32\kerberos.dll
2014-04-12 09:07:36    20480    ----a-w-    C:\Windows\System32\credssp.dll
2014-04-12 07:23:59    178688    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-04-12 07:23:52    961536    ----a-w-    C:\Windows\SysWow64\usercpl.dll
2014-04-12 07:23:49    76800    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-04-12 07:23:14    273920    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58    666624    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-04-12 07:22:33    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-04-12 06:58:06    14848    ----a-w-    C:\Windows\System32\workerdd.dll
2014-04-09 13:13:00    489064    ----a-w-    C:\SecurityScanner.dll
2014-03-28 19:19:38    35856    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2014-03-24 20:12:02    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
2014-03-24 20:09:40    44744    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2014-03-23 22:11:52    269592    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2014-03-11 03:32:43    6987096    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-03-11 03:25:51    100184    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-03-11 00:41:55    323072    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-03-11 00:41:51    559104    ----a-w-    C:\Windows\SysWow64\objsel.dll
2014-03-11 00:41:24    38400    ----a-w-    C:\Windows\SysWow64\dimsroam.dll
2014-03-11 00:39:12    35840    ----a-w-    C:\Windows\System32\lsass.exe
2014-03-11 00:38:58    27648    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-03-11 00:38:58    164864    ----a-w-    C:\Windows\System32\sspicli.dll
2014-03-11 00:38:53    419328    ----a-w-    C:\Windows\System32\schannel.dll
2014-03-11 00:38:47    684032    ----a-w-    C:\Windows\System32\objsel.dll
2014-03-11 00:38:31    982016    ----a-w-    C:\Windows\System32\KernelBase.dll
2014-03-11 00:38:23    45056    ----a-w-    C:\Windows\System32\dimsroam.dll
2014-03-11 00:38:23    179712    ----a-w-    C:\Windows\System32\dpapisrv.dll
2014-03-10 03:05:14    668160    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2014-03-10 01:27:03    99840    ----a-w-    C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:46:47.55 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 12/15/2013 12:33:35 AM
System Uptime: 6/7/2014 6:19:22 PM (0 hours ago)
.
Motherboard: Acer |  | ZR7
Processor: Intel® Core™ i3 CPU       M 370  @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 562 GiB total, 438.068 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP18: 5/17/2014 11:43:13 PM - Scheduled Checkpoint
RP19: 5/23/2014 9:21:56 PM - Windows Update
RP20: 5/26/2014 12:11:02 PM - Installed DirectX
RP21: 6/6/2014 1:51:30 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 13 Plugin
Adobe Help Manager
avast! Free Antivirus
BlueStacks App Player
BlueStacks Notification Center
Dashlane
Dropbox
f.lux
Google Chrome Canary
Gyazo 2.1
Hotspot Shield 3.37
Hotspot Shield Toolbar for IE
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
Origin
Password Corral v4.0
Skype™ 6.16
Spotify
Syncplay
Team Fortress 2
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Tropico 4
VMware Workstation
WinRAR 5.10 beta 4 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/7/2014 6:19:27 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
6/7/2014 5:59:49 PM, Error: Service Control Manager [7000]  - The Group Policy Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/7/2014 5:59:36 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/7/2014 5:58:13 PM, Error: Service Control Manager [7000]  - The Device Setup Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/7/2014 5:57:11 PM, Error: Service Control Manager [7000]  - The Computer Browser service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/7/2014 5:35:52 PM, Error: Service Control Manager [7000]  - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/7/2014 5:35:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service wercplsupport with arguments "Unavailable" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
6/7/2014 3:31:20 PM, Error: Service Control Manager [7046]  - The following service has repeatedly stopped responding to service control requests: Task Scheduler Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
6/7/2014 3:30:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
6/7/2014 3:30:20 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/7/2014 3:29:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
6/7/2014 3:29:20 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
6/7/2014 3:28:20 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
6/7/2014 3:27:50 PM, Error: Service Control Manager [7000]  - The Windows Update service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/7/2014 3:26:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
6/1/2014 4:42:32 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{0EB4B965-738E-48DD-89CE-92A8D609041C} because another computer on the network has the same name.  The server could not start.
.
==== End Of File ===========================
 

Regards,

Agent Shark



BC AdBot (Login to Remove)

 


#2 Agent Shark

Agent Shark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 09 June 2014 - 10:24 AM

I am going to bump this as nothing has occured yet. Thanks.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 10 June 2014 - 09:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 Agent Shark

Agent Shark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 10 June 2014 - 02:32 PM

Hi,

 

Adware cleaner log:

# AdwCleaner v3.212 - Report created 10/06/2014 at 14:52:09
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8 Enterprise  (64 bits)
# Username : David - NIGELQUARTER
# Running from : C:\Users\David\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
Service Deleted : TBSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Users\David\AppData\Local\Tbccint
Folder Deleted : C:\Users\David\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\David\AppData\Local\Temp\Hotspot_Shield
Folder Deleted : C:\Users\David\AppData\LocalLow\Hotspot_Shield
Folder Deleted : C:\Users\David\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\David\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\David\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\David\AppData\Roaming\hotspot shield
File Deleted : C:\END
File Deleted : C:\Users\David\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Windows\System32\Tasks\GPUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\krahvcxs.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3715 octets] - [10/06/2014 14:50:28]
AdwCleaner[S0].txt - [3514 octets] - [10/06/2014 14:52:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3574 octets] ##########
 

FarBar:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by David (administrator) on NIGELQUARTER on 10-06-2014 15:29:19
Running from C:\Users\David\Desktop
Platform: Windows 8 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(My Digital Life Forums) C:\Windows\KMSServerService\KMS Server Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\David\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\David\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-08-27] (VMware, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-17] (BitTorrent Inc.)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [Spotify] => C:\Users\David\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-19] (Spotify Ltd)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2993376 2014-05-08] (Nota Inc.)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-05-26] (Electronic Arts)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-06] (Google Inc.)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [Dashlane] => C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-05-27] ()
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-19] (Spotify Ltd)
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\MountPoints2: {b4c0366e-685d-11e3-be69-60eb694b3c6e} - "G:\LaunchU3.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {F69151D7-3CA6-40E1-BCD4-E98D743AE284} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN13517435483164120&UM=4
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Hotspot Shield Toolbar - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
Toolbar: HKLM-x32 - No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\David\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\krahvcxs.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\David\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\David\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\krahvcxs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-08]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-15]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 KMSServerService; C:\Windows\KMSServerService\KMS Server Service.exe [250880 2013-07-09] (My Digital Life Forums) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-03-24] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 15:29 - 2014-06-10 15:29 - 02080768 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-06-10 15:29 - 2014-06-10 15:29 - 00011981 _____ () C:\Users\David\Desktop\FRST.txt
2014-06-10 15:29 - 2014-06-10 15:29 - 00000000 ____D () C:\FRST
2014-06-10 14:56 - 2014-06-10 14:56 - 00003658 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2014-06-10 14:51 - 2014-06-10 14:51 - 00003715 _____ () C:\Users\David\Desktop\AdwCleaner[R0].txt
2014-06-10 14:50 - 2014-06-10 14:52 - 00000000 ____D () C:\AdwCleaner
2014-06-10 14:44 - 2014-06-10 14:44 - 01333465 _____ () C:\Users\David\Desktop\adwcleaner_3.212.exe
2014-06-07 18:46 - 2014-06-07 18:46 - 00018608 _____ () C:\Users\David\Desktop\dds.txt
2014-06-07 18:46 - 2014-06-07 18:46 - 00005712 _____ () C:\Users\David\Desktop\attach.txt
2014-06-07 18:44 - 2014-06-07 18:44 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com
2014-06-07 17:59 - 2014-06-07 17:59 - 00000000 ____D () C:\Users\David\Desktop\AP Computer Science
2014-06-07 17:24 - 2014-06-07 17:24 - 00000000 ____D () C:\Program Files (x86)\Dashlane
2014-06-07 17:22 - 2014-06-07 17:22 - 00001981 _____ () C:\Users\David\Desktop\Dashlane.lnk
2014-06-07 17:22 - 2014-06-07 17:22 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2014-06-07 17:21 - 2014-06-07 17:24 - 00000000 ____D () C:\Users\David\AppData\Roaming\Dashlane
2014-06-07 17:20 - 2014-06-07 17:20 - 00924000 _____ (Dashlane inc.) C:\Users\David\Downloads\Dashlane_Launcher-1401376146.exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Macromedia
2014-06-06 14:45 - 2014-06-06 14:44 - 00000030 _____ () C:\AVScanner.ini
2014-06-06 14:44 - 2014-06-10 01:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 14:44 - 2014-06-06 14:44 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-06 14:44 - 2014-06-06 14:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-06 14:40 - 2014-06-06 14:41 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2014-06-06 14:40 - 2014-06-06 14:41 - 00000000 ____D () C:\Users\David\AppData\Local\Mozilla
2014-06-06 14:40 - 2014-06-06 14:40 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-06 14:40 - 2014-06-06 14:40 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-06 14:40 - 2014-06-06 14:40 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-06 14:40 - 2014-06-06 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-06 14:40 - 2014-06-06 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-06 14:39 - 2014-06-06 14:39 - 00282928 _____ (Mozilla) C:\Users\David\Downloads\Firefox Setup Stub 29.0.1.exe
2014-06-06 14:18 - 2014-06-10 15:24 - 00002396 _____ () C:\Users\David\Desktop\Google Chrome Canary.lnk
2014-06-06 14:18 - 2014-06-06 14:18 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2014-06-06 14:17 - 2014-06-10 15:24 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA.job
2014-06-06 14:17 - 2014-06-09 14:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core.job
2014-06-06 14:17 - 2014-06-06 14:17 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA
2014-06-06 14:17 - 2014-06-06 14:17 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core
2014-06-06 14:17 - 2014-06-06 14:17 - 00000000 ____D () C:\Users\David\AppData\Local\Deployment
2014-06-06 14:17 - 2014-06-06 14:17 - 00000000 ____D () C:\Users\David\AppData\Local\Apps\2.0
2014-05-31 19:54 - 2014-05-31 19:54 - 07059064 _____ () C:\Users\David\Downloads\join.me.exe
2014-05-31 19:47 - 2014-05-31 19:57 - 00000000 ____D () C:\Users\David\Documents\Virtual Machines
2014-05-31 19:21 - 2012-05-23 22:33 - 00000000 ____D () C:\Users\David\Desktop\OS X Mavericks 10.9 Retail VMware Image
2014-05-31 19:10 - 2014-05-31 19:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-31 19:08 - 2014-05-31 19:08 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-31 19:08 - 2014-05-31 19:08 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-31 19:07 - 2014-05-31 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-31 19:07 - 2014-05-31 19:07 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-31 19:07 - 2014-05-31 19:07 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-31 19:06 - 2014-05-31 19:13 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-31 19:06 - 2014-05-31 19:06 - 00000000 ____D () C:\Users\David\AppData\Local\Bluestacks
2014-05-31 19:05 - 2014-05-31 19:05 - 12814576 _____ (BlueStack Systems Inc.) C:\Users\David\Downloads\BlueStacks-SplitInstaller_native.exe
2014-05-31 19:01 - 2014-05-31 20:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\VMware
2014-05-31 19:01 - 2014-05-31 19:59 - 00000000 ____D () C:\Users\David\AppData\Local\VMware
2014-05-31 18:58 - 2014-05-31 19:21 - 874047225 ____R () C:\Users\David\Desktop\OS X Mavericks 10.9 Retail VMware Image.7z
2014-05-31 18:58 - 2014-05-31 19:21 - 00000000 ____D () C:\Users\David\Downloads\OS X Mavericks 10.9 Retail VMware Image
2014-05-31 18:54 - 2013-08-15 18:25 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-05-31 18:54 - 2013-08-15 18:25 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-05-31 18:54 - 2013-08-15 18:25 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-05-31 18:53 - 2013-08-27 12:42 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-05-31 18:53 - 2013-08-27 12:42 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-05-31 18:53 - 2013-08-27 12:42 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-05-31 18:53 - 2013-08-27 12:42 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-05-31 18:52 - 2013-08-27 12:42 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-05-31 18:51 - 2013-08-26 23:33 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-05-31 18:50 - 2014-05-31 18:50 - 00866452 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-31 18:50 - 2014-05-31 18:50 - 00002131 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2014-05-31 18:50 - 2014-05-31 18:50 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-05-31 18:50 - 2014-05-31 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-05-31 18:50 - 2014-05-31 18:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-05-31 18:49 - 2014-06-10 14:53 - 00000000 ____D () C:\ProgramData\VMware
2014-05-31 18:49 - 2014-05-31 18:49 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-05-31 18:49 - 2014-05-31 18:49 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-05-31 18:44 - 2014-05-31 18:35 - 487418686 _____ () C:\Users\David\Desktop\VMware Workstation v10.0.0.1 full+serials.rar
2014-05-31 18:06 - 2014-05-31 18:39 - 1354450868 ____R () C:\Users\David\Desktop\OS X Mavericks Install DVD.dmg
2014-05-31 18:02 - 2014-06-10 14:48 - 00003484 _____ () C:\Windows\System32\Tasks\GPUpdateCheck
2014-05-31 18:02 - 2014-05-31 18:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\wi_upd
2014-05-31 18:00 - 2014-05-31 18:00 - 02271768 _____ () C:\Users\David\Downloads\Mac OS X 10.9 Mavericks Install DVD Retail.exe
2014-05-26 13:20 - 2014-05-01 16:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 13:20 - 2014-05-01 16:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-26 13:03 - 2014-05-26 13:03 - 00675988 _____ () C:\Users\David\Downloads\Minecraft.exe
2014-05-26 12:33 - 2014-05-26 12:33 - 00000000 ____D () C:\Users\David\AppData\Local\Origin
2014-05-26 12:32 - 2014-05-26 12:32 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-26 12:32 - 2014-05-26 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-05-26 12:32 - 2014-05-26 12:32 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-26 12:31 - 2014-06-10 14:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-26 12:15 - 2014-05-26 12:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Kalypso Media
2014-05-26 12:10 - 2014-05-26 12:29 - 00000000 ____D () C:\Users\David\AppData\Roaming\tropico 4
2014-05-26 11:28 - 2014-05-26 11:29 - 01141680 _____ () C:\Users\David\Downloads\SteamSetup.exe
2014-05-24 19:17 - 2014-05-24 19:18 - 00000000 ____D () C:\Program Files (x86)\Password Corral v4.0
2014-05-24 19:17 - 2014-05-24 19:17 - 00763952 _____ (Cygnus Productions ) C:\Users\David\Downloads\pc.exe
2014-05-24 19:17 - 2014-05-24 19:17 - 00000000 ____D () C:\Users\David\Documents\Password Corral Data
2014-05-24 19:17 - 2014-05-24 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Password Corral v4.0
2014-05-24 15:55 - 2014-05-24 15:55 - 00000000 ____D () C:\Users\David\Desktop\awards
2014-05-24 14:55 - 2014-05-24 14:55 - 03170031 _____ () C:\Users\David\Desktop\Modio-setup-5.27.zip
2014-05-24 14:51 - 2014-05-24 14:51 - 00000000 ____D () C:\Users\David\AppData\Roaming\Gyazo
2014-05-24 14:50 - 2014-05-24 16:50 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-05-24 14:50 - 2014-05-24 14:50 - 11698864 _____ (Nota Inc. ) C:\Users\David\Downloads\GyazoSetup.exe
2014-05-24 14:50 - 2014-05-24 14:50 - 00003754 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-05-24 14:50 - 2014-05-24 14:50 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-05-24 14:50 - 2014-05-24 14:50 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-05-24 14:50 - 2014-05-24 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-05-23 21:20 - 2014-04-19 05:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-23 21:20 - 2014-04-19 04:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-23 21:20 - 2014-04-19 04:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 21:20 - 2014-04-19 02:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-23 21:20 - 2014-04-19 02:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 21:20 - 2014-03-28 04:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-23 21:20 - 2014-03-28 02:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-23 21:19 - 2014-05-06 01:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-23 21:19 - 2014-05-06 01:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-23 21:19 - 2014-05-05 23:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-23 21:19 - 2014-05-05 23:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-23 21:19 - 2014-03-28 15:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-23 21:19 - 2014-03-23 18:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-23 21:18 - 2014-05-05 23:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-23 21:18 - 2014-05-05 23:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-23 21:18 - 2014-04-12 05:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-23 21:18 - 2014-04-12 05:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-23 21:18 - 2014-04-12 05:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-23 21:18 - 2014-04-12 05:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-23 21:18 - 2014-04-12 05:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-23 21:18 - 2014-04-12 05:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-23 21:18 - 2014-04-12 05:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-23 21:18 - 2014-04-12 05:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-23 21:18 - 2014-04-12 05:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-23 21:18 - 2014-04-12 05:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-23 21:18 - 2014-04-12 05:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-23 21:18 - 2014-04-12 03:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-23 21:18 - 2014-04-12 03:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-23 21:18 - 2014-04-12 03:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-23 21:18 - 2014-04-12 03:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-23 21:18 - 2014-04-12 03:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-23 21:18 - 2014-04-12 03:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-23 21:18 - 2014-04-12 03:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-23 21:18 - 2014-04-12 02:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-23 21:18 - 2014-03-10 23:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-23 21:18 - 2014-03-10 23:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-23 21:18 - 2014-03-10 20:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-23 21:18 - 2014-03-10 20:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-23 21:18 - 2014-03-10 20:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-23 21:18 - 2014-03-10 20:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-23 21:18 - 2014-03-10 20:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-23 21:18 - 2014-03-10 20:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-23 21:18 - 2014-03-10 20:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-23 21:18 - 2014-03-10 20:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-23 21:18 - 2014-03-10 20:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-23 21:18 - 2014-03-10 20:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-23 21:18 - 2014-03-10 20:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-23 21:18 - 2014-03-09 23:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-23 21:18 - 2014-03-09 21:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-23 21:18 - 2014-03-03 19:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-23 21:17 - 2014-03-28 04:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-23 21:17 - 2014-03-01 05:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-23 21:17 - 2014-03-01 05:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-23 21:17 - 2014-03-01 04:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-23 21:17 - 2014-03-01 02:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-23 21:17 - 2014-02-26 19:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-23 21:17 - 2014-02-26 19:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-23 21:17 - 2014-02-26 19:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-23 21:17 - 2014-02-26 19:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-23 21:17 - 2014-02-15 00:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-19 17:06 - 2014-05-19 17:06 - 00000000 ____D () C:\Users\David\Documents\Wondershare PDF Password Remover
2014-05-19 17:06 - 2014-05-19 17:06 - 00000000 ____D () C:\Users\David\AppData\Local\Wondershare
2014-05-19 17:05 - 2014-05-19 17:05 - 11933448 _____ (Wondershare Software ) C:\Users\David\Downloads\pdf-password-remover_full526.exe
2014-05-19 17:03 - 2014-05-19 17:03 - 00000000 ____D () C:\Users\David\AppData\Roaming\WinRAR
2014-05-19 17:01 - 2014-05-19 17:01 - 01742616 _____ () C:\Users\David\Downloads\wrar51b4.exe
2014-05-19 17:01 - 2014-05-19 17:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-19 17:01 - 2014-05-19 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-19 17:01 - 2014-05-19 17:01 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-05-19 16:59 - 2014-05-19 16:59 - 97041663 _____ () C:\Users\David\Desktop\eBooks.rar

==================== One Month Modified Files and Folders =======

2014-06-10 15:29 - 2014-06-10 15:29 - 02080768 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-06-10 15:29 - 2014-06-10 15:29 - 00011981 _____ () C:\Users\David\Desktop\FRST.txt
2014-06-10 15:29 - 2014-06-10 15:29 - 00000000 ____D () C:\FRST
2014-06-10 15:29 - 2013-12-15 01:58 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2014-06-10 15:29 - 2013-12-15 01:31 - 00000000 ____D () C:\Users\David\AppData\Local\Temp
2014-06-10 15:24 - 2014-06-06 14:18 - 00002396 _____ () C:\Users\David\Desktop\Google Chrome Canary.lnk
2014-06-10 15:24 - 2014-06-06 14:17 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA.job
2014-06-10 15:04 - 2013-12-15 01:58 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1932868561-2868773066-873805882-1001
2014-06-10 15:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-10 14:56 - 2014-06-10 14:56 - 00003658 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2014-06-10 14:56 - 2012-07-26 03:28 - 00852442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 14:55 - 2014-02-05 22:18 - 00000000 ____D () C:\Users\David\AppData\Roaming\Spotify
2014-06-10 14:54 - 2014-04-12 16:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 14:53 - 2014-05-31 18:49 - 00000000 ____D () C:\ProgramData\VMware
2014-06-10 14:53 - 2014-05-26 12:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-10 14:53 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 14:52 - 2014-06-10 14:50 - 00000000 ____D () C:\AdwCleaner
2014-06-10 14:52 - 2013-12-15 04:08 - 00013036 _____ () C:\Windows\PFRO.log
2014-06-10 14:52 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-10 14:51 - 2014-06-10 14:51 - 00003715 _____ () C:\Users\David\Desktop\AdwCleaner[R0].txt
2014-06-10 14:48 - 2014-05-31 18:02 - 00003484 _____ () C:\Windows\System32\Tasks\GPUpdateCheck
2014-06-10 14:44 - 2014-06-10 14:44 - 01333465 _____ () C:\Users\David\Desktop\adwcleaner_3.212.exe
2014-06-10 14:42 - 2014-03-25 16:51 - 00000000 ____D () C:\ProgramData\Origin
2014-06-10 14:42 - 2014-02-05 22:18 - 00000000 ____D () C:\Users\David\AppData\Local\Spotify
2014-06-10 14:42 - 2013-12-26 21:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-06-10 01:47 - 2014-06-06 14:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 14:22 - 2014-06-06 14:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core.job
2014-06-07 18:46 - 2014-06-07 18:46 - 00018608 _____ () C:\Users\David\Desktop\dds.txt
2014-06-07 18:46 - 2014-06-07 18:46 - 00005712 _____ () C:\Users\David\Desktop\attach.txt
2014-06-07 18:44 - 2014-06-07 18:44 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com
2014-06-07 18:18 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Resources
2014-06-07 17:59 - 2014-06-07 17:59 - 00000000 ____D () C:\Users\David\Desktop\AP Computer Science
2014-06-07 17:24 - 2014-06-07 17:24 - 00000000 ____D () C:\Program Files (x86)\Dashlane
2014-06-07 17:24 - 2014-06-07 17:21 - 00000000 ____D () C:\Users\David\AppData\Roaming\Dashlane
2014-06-07 17:22 - 2014-06-07 17:22 - 00001981 _____ () C:\Users\David\Desktop\Dashlane.lnk
2014-06-07 17:22 - 2014-06-07 17:22 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2014-06-07 17:20 - 2014-06-07 17:20 - 00924000 _____ (Dashlane inc.) C:\Users\David\Downloads\Dashlane_Launcher-1401376146.exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00000000 ____D () C:\Users\David\AppData\Local\Macromedia
2014-06-06 14:45 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-06-06 14:44 - 2014-06-06 14:45 - 00000030 _____ () C:\AVScanner.ini
2014-06-06 14:44 - 2014-06-06 14:44 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-06 14:44 - 2014-06-06 14:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-06 14:41 - 2014-06-06 14:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2014-06-06 14:41 - 2014-06-06 14:40 - 00000000 ____D () C:\Users\David\AppData\Local\Mozilla
2014-06-06 14:40 - 2014-06-06 14:40 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-06 14:40 - 2014-06-06 14:40 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-06 14:40 - 2014-06-06 14:40 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-06 14:40 - 2014-06-06 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-06 14:40 - 2014-06-06 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-06 14:39 - 2014-06-06 14:39 - 00282928 _____ (Mozilla) C:\Users\David\Downloads\Firefox Setup Stub 29.0.1.exe
2014-06-06 14:18 - 2014-06-06 14:18 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2014-06-06 14:17 - 2014-06-06 14:17 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA
2014-06-06 14:17 - 2014-06-06 14:17 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core
2014-06-06 14:17 - 2014-06-06 14:17 - 00000000 ____D () C:\Users\David\AppData\Local\Deployment
2014-06-06 14:17 - 2014-06-06 14:17 - 00000000 ____D () C:\Users\David\AppData\Local\Apps\2.0
2014-06-06 14:17 - 2013-12-15 01:52 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-06-06 14:16 - 2013-12-15 01:40 - 00000000 ____D () C:\Users\David\AppData\Local\Packages
2014-06-06 13:52 - 2013-12-15 01:31 - 01700949 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 13:44 - 2013-12-15 01:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-06 13:37 - 2014-04-12 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 13:37 - 2014-04-12 16:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 13:37 - 2013-12-20 17:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 13:42 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-05-31 20:01 - 2014-05-31 19:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\VMware
2014-05-31 19:59 - 2014-05-31 19:01 - 00000000 ____D () C:\Users\David\AppData\Local\VMware
2014-05-31 19:57 - 2014-05-31 19:47 - 00000000 ____D () C:\Users\David\Documents\Virtual Machines
2014-05-31 19:54 - 2014-05-31 19:54 - 07059064 _____ () C:\Users\David\Downloads\join.me.exe
2014-05-31 19:21 - 2014-05-31 18:58 - 874047225 ____R () C:\Users\David\Desktop\OS X Mavericks 10.9 Retail VMware Image.7z
2014-05-31 19:21 - 2014-05-31 18:58 - 00000000 ____D () C:\Users\David\Downloads\OS X Mavericks 10.9 Retail VMware Image
2014-05-31 19:19 - 2013-12-15 01:40 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-05-31 19:13 - 2014-05-31 19:06 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-31 19:10 - 2014-05-31 19:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-31 19:10 - 2012-07-26 03:21 - 00014988 _____ () C:\Windows\setupact.log
2014-05-31 19:08 - 2014-05-31 19:08 - 00001824 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-31 19:08 - 2014-05-31 19:08 - 00001811 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-31 19:08 - 2012-07-26 04:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-31 19:07 - 2014-05-31 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-31 19:07 - 2014-05-31 19:07 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-31 19:07 - 2014-05-31 19:07 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-31 19:06 - 2014-05-31 19:06 - 00000000 ____D () C:\Users\David\AppData\Local\Bluestacks
2014-05-31 19:05 - 2014-05-31 19:05 - 12814576 _____ (BlueStack Systems Inc.) C:\Users\David\Downloads\BlueStacks-SplitInstaller_native.exe
2014-05-31 18:50 - 2014-05-31 18:50 - 00866452 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-31 18:50 - 2014-05-31 18:50 - 00002131 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2014-05-31 18:50 - 2014-05-31 18:50 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-05-31 18:50 - 2014-05-31 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-05-31 18:50 - 2014-05-31 18:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-05-31 18:49 - 2014-05-31 18:49 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-05-31 18:49 - 2014-05-31 18:49 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-05-31 18:39 - 2014-05-31 18:06 - 1354450868 ____R () C:\Users\David\Desktop\OS X Mavericks Install DVD.dmg
2014-05-31 18:35 - 2014-05-31 18:44 - 487418686 _____ () C:\Users\David\Desktop\VMware Workstation v10.0.0.1 full+serials.rar
2014-05-31 18:34 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-31 18:02 - 2014-05-31 18:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\wi_upd
2014-05-31 18:00 - 2014-05-31 18:00 - 02271768 _____ () C:\Users\David\Downloads\Mac OS X 10.9 Mavericks Install DVD Retail.exe
2014-05-26 13:23 - 2013-12-26 21:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 13:23 - 2013-12-26 21:32 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 13:22 - 2013-12-15 01:42 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 13:22 - 2013-12-15 01:42 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-26 13:17 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-26 13:03 - 2014-05-26 13:03 - 00675988 _____ () C:\Users\David\Downloads\Minecraft.exe
2014-05-26 12:33 - 2014-05-26 12:33 - 00000000 ____D () C:\Users\David\AppData\Local\Origin
2014-05-26 12:33 - 2014-03-25 16:54 - 00000000 ____D () C:\Users\David\AppData\Roaming\Origin
2014-05-26 12:32 - 2014-05-26 12:32 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-26 12:32 - 2014-05-26 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-05-26 12:32 - 2014-05-26 12:32 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-26 12:29 - 2014-05-26 12:10 - 00000000 ____D () C:\Users\David\AppData\Roaming\tropico 4
2014-05-26 12:15 - 2014-05-26 12:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Kalypso Media
2014-05-26 12:14 - 2014-03-25 18:01 - 00028444 _____ () C:\Windows\DirectX.log
2014-05-26 11:29 - 2014-05-26 11:28 - 01141680 _____ () C:\Users\David\Downloads\SteamSetup.exe
2014-05-24 19:18 - 2014-05-24 19:17 - 00000000 ____D () C:\Program Files (x86)\Password Corral v4.0
2014-05-24 19:17 - 2014-05-24 19:17 - 00763952 _____ (Cygnus Productions ) C:\Users\David\Downloads\pc.exe
2014-05-24 19:17 - 2014-05-24 19:17 - 00000000 ____D () C:\Users\David\Documents\Password Corral Data
2014-05-24 19:17 - 2014-05-24 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Password Corral v4.0
2014-05-24 16:50 - 2014-05-24 14:50 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-05-24 15:55 - 2014-05-24 15:55 - 00000000 ____D () C:\Users\David\Desktop\awards
2014-05-24 14:55 - 2014-05-24 14:55 - 03170031 _____ () C:\Users\David\Desktop\Modio-setup-5.27.zip
2014-05-24 14:51 - 2014-05-24 14:51 - 00000000 ____D () C:\Users\David\AppData\Roaming\Gyazo
2014-05-24 14:50 - 2014-05-24 14:50 - 11698864 _____ (Nota Inc. ) C:\Users\David\Downloads\GyazoSetup.exe
2014-05-24 14:50 - 2014-05-24 14:50 - 00003754 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-05-24 14:50 - 2014-05-24 14:50 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-05-24 14:50 - 2014-05-24 14:50 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-05-24 14:50 - 2014-05-24 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-05-23 21:31 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-23 21:29 - 2013-12-15 16:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-23 21:27 - 2013-12-15 16:49 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-23 21:27 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-23 20:52 - 2014-04-20 16:06 - 00000000 ____D () C:\Program Files (x86)\MonsterSocial
2014-05-19 17:06 - 2014-05-19 17:06 - 00000000 ____D () C:\Users\David\Documents\Wondershare PDF Password Remover
2014-05-19 17:06 - 2014-05-19 17:06 - 00000000 ____D () C:\Users\David\AppData\Local\Wondershare
2014-05-19 17:05 - 2014-05-19 17:05 - 11933448 _____ (Wondershare Software ) C:\Users\David\Downloads\pdf-password-remover_full526.exe
2014-05-19 17:03 - 2014-05-19 17:03 - 00000000 ____D () C:\Users\David\AppData\Roaming\WinRAR
2014-05-19 17:01 - 2014-05-19 17:01 - 01742616 _____ () C:\Users\David\Downloads\wrar51b4.exe
2014-05-19 17:01 - 2014-05-19 17:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-19 17:01 - 2014-05-19 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-19 17:01 - 2014-05-19 17:01 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-05-19 16:59 - 2014-05-19 16:59 - 97041663 _____ () C:\Users\David\Desktop\eBooks.rar
2014-05-19 13:05 - 2013-12-26 19:14 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-19 13:05 - 2013-12-15 02:03 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-19 13:05 - 2013-12-15 02:03 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-12 07:26 - 2014-04-12 16:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-04-12 16:02 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-12-20 17:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\David\AppData\Roaming\syncplay.ini


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\conduitinstaller.exe
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpxw7n.dll
C:\Users\David\AppData\Local\Temp\GPUpd.exe
C:\Users\David\AppData\Local\Temp\GPUpd539753770.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-07 15:31

==================== End Of Log ============================

 

Additions:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by David at 2014-06-10 15:30:10
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Dashlane (HKCU\...\Dashlane) (Version: 2.4.1.63897 - Dashlane SAS)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
f.lux (HKCU\...\Flux) (Version:  - )
Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 37.0.2042.0 - Google Inc.)
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Password Corral v4.0 (HKLM-x32\...\Password Corral v4.0_is1) (Version:  - Cygnus Productions)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Syncplay (HKLM-x32\...\Syncplay) (Version: 1.2.7 - Syncplay)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
tools-freebsd (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.0 - VMware, Inc)
VMware Workstation (Version: 10.0.0 - VMware, Inc.) Hidden
WinRAR 5.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Restore Points  =========================

24-05-2014 01:21:56 Windows Update
26-05-2014 16:11:02 Installed DirectX
06-06-2014 17:51:30 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1395A5DE-53F5-4F14-8A46-E71169643682} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-05-08] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {267692DE-341D-472C-83A8-62583C26773A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: {334FF056-6388-49F0-9893-DE674091EE85} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {5773E983-E549-4E1F-848D-83A2289E4EB5} - \GPUpdate No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B93E3E32-1ADE-46C5-9AB8-9A152B4DBCBB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3D11663-C36E-4E13-AA54-4EDF47BA0C51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06] (Adobe Systems Incorporated)
Task: {D53D7DFC-259E-442E-A634-413E37732BEC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8DC1DBF-3B9B-4878-8B9C-CAF0422722EF} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-15 02:40 - 2012-09-15 02:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-27 12:09 - 2013-08-27 12:09 - 14401104 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2013-12-15 02:08 - 2013-12-15 02:08 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-06-07 17:22 - 2014-05-27 10:40 - 00219832 _____ () C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe
2014-06-10 14:48 - 2014-06-10 14:48 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061001\algo.dll
2013-08-27 12:42 - 2013-08-27 12:42 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00255160 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00363704 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00423608 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 28239544 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00263352 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 04805304 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:37 - 04319416 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.1.63897.dll
2013-12-15 02:03 - 2013-12-15 02:03 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-19 17:06 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-06-06 14:40 - 2014-05-06 22:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 02:53:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:49:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/10/2014 02:48:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:44:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f10

Start Time: 01cf82a7047ed0c8

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 31cde7b6-f0cf-11e3-be82-60eb694b3c6e

Faulting package full name:

Faulting package-relative application ID:

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/10/2014 02:53:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (06/10/2014 02:52:50 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/10/2014 02:48:43 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:43 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:43 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (06/10/2014 02:47:15 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/10/2014 02:46:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/10/2014 02:53:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:49:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/10/2014 02:48:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:44:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16628f1001cf82a7047ed0c80C:\Windows\Explorer.EXE31cde7b6-f0cf-11e3-be82-60eb694b3c6e

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3766.76 MB
Available physical RAM: 2134.13 MB
Total Pagefile: 4406.76 MB
Available Pagefile: 2665.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:561.82 GB) (Free:438.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 474A010D)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=562 GB) - (Type=07 NTFS)

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by David at 2014-06-10 15:30:10
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Dashlane (HKCU\...\Dashlane) (Version: 2.4.1.63897 - Dashlane SAS)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
f.lux (HKCU\...\Flux) (Version:  - )
Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 37.0.2042.0 - Google Inc.)
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Password Corral v4.0 (HKLM-x32\...\Password Corral v4.0_is1) (Version:  - Cygnus Productions)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Syncplay (HKLM-x32\...\Syncplay) (Version: 1.2.7 - Syncplay)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
tools-freebsd (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.0 - VMware, Inc)
VMware Workstation (Version: 10.0.0 - VMware, Inc.) Hidden
WinRAR 5.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Restore Points  =========================

24-05-2014 01:21:56 Windows Update
26-05-2014 16:11:02 Installed DirectX
06-06-2014 17:51:30 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1395A5DE-53F5-4F14-8A46-E71169643682} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-05-08] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {267692DE-341D-472C-83A8-62583C26773A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: {334FF056-6388-49F0-9893-DE674091EE85} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {5773E983-E549-4E1F-848D-83A2289E4EB5} - \GPUpdate No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B93E3E32-1ADE-46C5-9AB8-9A152B4DBCBB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3D11663-C36E-4E13-AA54-4EDF47BA0C51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06] (Adobe Systems Incorporated)
Task: {D53D7DFC-259E-442E-A634-413E37732BEC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8DC1DBF-3B9B-4878-8B9C-CAF0422722EF} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1932868561-2868773066-873805882-1001UA.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-15 02:40 - 2012-09-15 02:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-27 12:09 - 2013-08-27 12:09 - 14401104 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2013-12-15 02:08 - 2013-12-15 02:08 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-06-07 17:22 - 2014-05-27 10:40 - 00219832 _____ () C:\Users\David\AppData\Roaming\Dashlane\Dashlane.exe
2014-06-10 14:48 - 2014-06-10 14:48 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061001\algo.dll
2013-08-27 12:42 - 2013-08-27 12:42 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-05-26 12:32 - 2014-05-26 12:32 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00255160 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00363704 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00423608 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 28239544 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 00263352 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:38 - 04805304 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.1.63897.dll
2014-06-07 17:22 - 2014-05-27 10:37 - 04319416 _____ () C:\Users\David\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.1.63897.dll
2013-12-15 02:03 - 2013-12-15 02:03 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-19 17:06 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-06-06 14:40 - 2014-05-06 22:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 02:53:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:49:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/10/2014 02:48:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:44:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f10

Start Time: 01cf82a7047ed0c8

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 31cde7b6-f0cf-11e3-be82-60eb694b3c6e

Faulting package full name:

Faulting package-relative application ID:

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/10/2014 02:53:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (06/10/2014 02:52:50 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/10/2014 02:48:43 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:43 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:43 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NIGELQUARTER)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NigelQuarterDavidS-1-5-21-1932868561-2868773066-873805882-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/10/2014 02:48:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (06/10/2014 02:47:15 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/10/2014 02:46:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/10/2014 02:53:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:49:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/10/2014 02:48:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/10/2014 02:44:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16628f1001cf82a7047ed0c80C:\Windows\Explorer.EXE31cde7b6-f0cf-11e3-be82-60eb694b3c6e

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/10/2014 05:34:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGELQUARTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3766.76 MB
Available physical RAM: 2134.13 MB
Total Pagefile: 4406.76 MB
Available Pagefile: 2665.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:561.82 GB) (Free:438.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 474A010D)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=562 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 11 June 2014 - 07:45 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(BitTorrent Inc.) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-17] (BitTorrent Inc.)
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
SearchScopes: HKCU - {F69151D7-3CA6-40E1-BCD4-E98D743AE284} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN13517435483164120&UM=4
BHO-x32: No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Hotspot Shield Toolbar - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
Toolbar: HKLM-x32 - No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
C:\Users\David\AppData\Local\Temp\conduitinstaller.exe
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpxw7n.dll
C:\Users\David\AppData\Local\Temp\GPUpd.exe
C:\Users\David\AppData\Local\Temp\GPUpd539753770.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
Task: {5773E983-E549-4E1F-848D-83A2289E4EB5} - \GPUpdate No Task File

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#6 Agent Shark

Agent Shark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 11 June 2014 - 12:07 PM

Hi,

 

I'd like to say thanks once again for all your help. I appreciate it greatly. My other computer may have some stuff too. Should I make a new thread after this or should we stick to this? Anyways, here is my logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014 01
Ran by David at 2014-06-11 12:54:21 Run:1
Running from C:\Users\David\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(BitTorrent Inc.) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\...\Run: [uTorrent] => C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-17] (BitTorrent Inc.)
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
SearchScopes: HKCU - {F69151D7-3CA6-40E1-BCD4-E98D743AE284} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN13517435483164120&UM=4
BHO-x32: No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Hotspot Shield Toolbar - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Users\David\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
Toolbar: HKLM-x32 - No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
C:\Users\David\AppData\Local\Temp\conduitinstaller.exe
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpxw7n.dll
C:\Users\David\AppData\Local\Temp\GPUpd.exe
C:\Users\David\AppData\Local\Temp\GPUpd539753770.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
Task: {5773E983-E549-4E1F-848D-83A2289E4EB5} - \GPUpdate No Task File

End
*****************

[2256] C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe => Process closed successfully.
HKU\S-1-5-21-1932868561-2868773066-873805882-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully.
'HKCR\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F69151D7-3CA6-40E1-BCD4-E98D743AE284}' => Key deleted successfully.
'HKCR\CLSID\{F69151D7-3CA6-40E1-BCD4-E98D743AE284}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value deleted successfully.
'HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}'=> Key not found.
'HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect' => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect' => Key deleted successfully.
C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll not found.
C:\Users\David\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpxw7n.dll => Moved successfully.
C:\Users\David\AppData\Local\Temp\GPUpd.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\GPUpd539753770.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5773E983-E549-4E1F-848D-83A2289E4EB5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5773E983-E549-4E1F-848D-83A2289E4EB5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUpdate' => Key deleted successfully.

==== End of Fixlog ====

 

 Results of screen317's Security Check version 0.99.84  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     13.0.0.214  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 11 June 2014 - 01:17 PM

You are looking good.

For the other computer start a new topic.
Post The same logs I requested for this computer.

When done post the LINK/URL and I will expedite the matter.

 

Mod Edit:  2d system topic, http://www.bleepingcomputer.com/forums/t/537384/computer-issues-slowness-to-the-extreme/ - Hamluis.


Edited by hamluis, 11 June 2014 - 03:42 PM.


#8 Agent Shark

Agent Shark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 11 June 2014 - 03:46 PM

Hey nasdaq,

 

So should I just delete the files on my other computer. Also, it seems a mod has posted the thread. Thanks for your help and look forward to helping with the other computer.

 

Mod Edit:  Dont worry about the extra topics, i will take care of those.  The topic I linked to above will be your new topic - Hamluis.

 

 

It seemed I accidentally posted a ton of threads due to the posts not refreshing. Sorry :mellow:


Edited by hamluis, 11 June 2014 - 03:49 PM.


#9 Agent Shark

Agent Shark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 11 June 2014 - 08:12 PM

Here is the new log also: http://www.bleepingcomputer.com/forums/t/537405/computer-slowness-issues/



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 17 June 2014 - 07:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users