Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zekos Malware


  • This topic is locked This topic is locked
9 replies to this topic

#1 JPinMD

JPinMD

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 03 September 2014 - 06:35 PM

My PC is randomly rebooting with a DCom error and AVG a few times a day, AVG is reporting that it found and secured a JS/FakeCodec as well as some other errors.  In addition, my C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder is over 90gig, looking at this folder, a good number of these are from the last few days and are .dat files.  

 

I reported this in the am I infected thread, http://www.bleepingcomputer.com/forums/t/546668/win7-64bit-pc-reboots-daily-with-dcom-error/ and was told that I had the Zekos Malware.  Any assistance I can get to clean this up and prevent this from reoccurring is appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by Jonathan at 19:16:09 on 2014-09-03
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.24540.20647 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
svchost.exe
svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Jonathan\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 9f185b7e255b47d3ba0b4597c69e4392-7b445b66ad90849bfbe7c91b222b06bbedde7fde --CMPID 0913a
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {339C123F-5AF1-4EC4-8869-B579DD14D24F} - hxxps://mysentinel.mymicros.net/VxLauncher.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A070281F-AA73-443E-8A53-2BA96D5E8662} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\3ekqr65d.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Jonathan\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
FF - ExtSQL: !HIDDEN! 2013-12-07 08:55; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-7-22 22680]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-7-22 27792]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 bgdspdrv;bgdspdrv;C:\Windows\System32\drivers\bgdspdrv.sys [2012-5-21 37200]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-7-22 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-7-22 88832]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-22 565352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-7-22 2206352]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-7-22 30528]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-22 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-19 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-22 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-23 1255736]
.
=============== Created Last 30 ================
.
2014-09-03 02:43:40    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-01 01:42:14    --------    d-----w-    C:\Users\Jonathan\AppData\Roaming\library_dir
2014-09-01 01:42:01    --------    d-----w-    C:\Users\Jonathan\AppData\Roaming\Raptr
2014-09-01 01:42:01    --------    d-----w-    C:\Program Files (x86)\Raptr
2014-09-01 01:41:59    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-08-29 20:54:08    --------    d-----w-    C:\AdwCleaner
2014-08-29 01:14:43    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 01:18:43    0    ----a-w-    C:\Windows\System32\olepro32.dll
2014-08-23 01:18:43    0    ----a-w-    C:\Windows\System32\atiuxpag.dll
2014-08-23 01:18:43    0    ----a-w-    C:\Windows\System32\atiumdva.dll
2014-08-23 01:18:43    0    ----a-w-    C:\Windows\System32\atiumdag.dll
2014-08-23 01:18:43    0    ----a-w-    C:\Windows\System32\atiu9pag.dll
2014-08-23 01:18:43    0    ----a-w-    C:\Windows\System32\atidxx32.dll
2014-08-23 01:18:43    0    ----a-w-    C:\Windows\System32\aticfx32.dll
2014-08-23 01:15:31    175528    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-08-22 21:45:52    --------    d-sh--w-    C:\Users\Jonathan\AppData\Local\EmieUserList
2014-08-22 21:45:52    --------    d-sh--w-    C:\Users\Jonathan\AppData\Local\EmieSiteList
2014-08-20 02:33:56    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-20 02:33:56    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-20 02:33:56    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-20 02:33:56    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-20 02:33:55    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-20 02:33:55    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-20 02:33:51    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-20 02:33:51    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-17 21:55:05    --------    d-----w-    C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-09 06:46:58    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-06 14:50:04    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
.
==================== Find3M  ====================
.
2014-09-03 02:43:13    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-03 02:32:22    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-25 20:26:36    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-25 20:26:36    699568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-07 02:06:41    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-07-22 01:03:12    244504    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-07-04 00:12:42    30528    ----a-w-    C:\Windows\GVTDrv64.sys
2014-07-04 00:12:34    25640    ----a-w-    C:\Windows\gdrv.sys
2014-06-30 16:43:02    152344    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-17 20:21:34    235800    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 20:07:12    328984    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-06-17 20:06:58    269080    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 20:06:24    190744    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 20:06:06    31512    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 19:21:24.53 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 03 September 2014 - 06:48 PM

Hi there,

please run the following scans:


Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


Step 2
  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 JPinMD

JPinMD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 03 September 2014 - 06:59 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Jonathan (administrator) on JONATHAN-PC1 on 03-09-2014 19:56:55
Running from C:\Users\Jonathan\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Jonathan\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 9f185b7e255b47d3ba0b4597c69e4392-7b445b66ad90849bfbe7c91b222b06bbedde7fde --CMPID 0913a
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-29] (Electronic Arts)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\MountPoints2: {8888f968-f34f-11e2-939a-806e6f6e6963} - rundll32.exe url,FileProtocolHandler index.html
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCCDE31080CC0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {AC613702-640D-4761-B3A4-7008A74C1FB5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {339C123F-5AF1-4EC4-8869-B579DD14D24F} https://mysentinel.mymicros.net/VxLauncher.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\3ekqr65d.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Jonathan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2010-11-20] (Microsoft Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [921600 2010-11-24] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bgdspdrv; C:\Windows\System32\DRIVERS\bgdspdrv.sys [37200 2012-05-21] (Bomgar Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-03] ()
S3 cpuz136; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 19:56 - 2014-09-03 19:57 - 00018787 _____ () C:\Users\Jonathan\Desktop\FRST.txt
2014-09-03 19:56 - 2014-09-03 19:56 - 02104832 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2014-09-03 19:56 - 2014-09-03 19:56 - 00000000 ____D () C:\FRST
2014-09-03 19:34 - 2014-09-03 19:34 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Adobe
2014-09-03 19:21 - 2014-09-03 19:21 - 00021238 _____ () C:\Users\Jonathan\Desktop\dds.txt
2014-09-03 19:21 - 2014-09-03 19:21 - 00009607 _____ () C:\Users\Jonathan\Desktop\attach.txt
2014-09-03 19:15 - 2014-09-03 19:14 - 00688992 ____R (Swearware) C:\Users\Jonathan\Desktop\dds.com
2014-09-02 22:43 - 2014-09-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 19:04 - 2014-09-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-31 21:42 - 2014-09-03 19:12 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Raptr
2014-08-31 21:42 - 2014-09-02 21:23 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\library_dir
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\ProgramData\ATI
2014-08-31 21:41 - 2014-08-31 21:41 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201408312141508669.log
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-30 19:58 - 2014-08-30 19:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-08-30 19:58 - 2014-08-30 19:57 - 00199471 _____ () C:\Users\Jonathan\Documents\EVEMon_Settings_4357.xml.bak
2014-08-29 16:54 - 2014-08-29 16:56 - 00000000 ____D () C:\AdwCleaner
2014-08-28 21:14 - 2014-08-28 21:14 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-28 21:14 - 2014-08-28 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-28 21:14 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-28 21:14 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-28 21:14 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-28 21:14 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-28 21:12 - 2014-08-28 21:12 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Oracle
2014-08-22 21:34 - 2014-08-22 21:34 - 00348622 _____ () C:\Users\Jonathan\AppData\Local\census.cache
2014-08-22 21:34 - 2014-08-22 21:34 - 00187815 _____ () C:\Users\Jonathan\AppData\Local\ars.cache
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-08-22 21:15 - 2014-08-22 21:15 - 00000036 _____ () C:\Users\Jonathan\AppData\Local\housecall.guid.cache
2014-08-22 21:15 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieUserList
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieSiteList
2014-08-19 22:43 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-08-19 22:41 - 2014-08-19 22:41 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 22:38 - 2014-08-19 22:43 - 00007660 _____ () C:\Windows\IE11_main.log
2014-08-19 22:33 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-19 22:33 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-19 22:33 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-19 22:33 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-19 22:33 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-19 22:33 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-19 22:33 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-19 22:33 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-19 19:18 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-19 19:18 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-19 19:18 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-19 19:18 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-19 19:18 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-19 19:18 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-19 19:18 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-19 19:18 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-19 19:18 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-19 19:18 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-19 19:18 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-19 19:18 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-19 19:18 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-19 19:18 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-19 19:18 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-19 19:18 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 17:55 - 2014-08-17 17:55 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-06 10:50 - 2014-08-06 10:50 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-08-05 20:24 - 2014-08-05 20:24 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server
2014-08-05 20:24 - 2014-08-05 20:24 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 19:57 - 2014-09-03 19:56 - 00018787 _____ () C:\Users\Jonathan\Desktop\FRST.txt
2014-09-03 19:56 - 2014-09-03 19:56 - 02104832 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2014-09-03 19:56 - 2014-09-03 19:56 - 00000000 ____D () C:\FRST
2014-09-03 19:34 - 2014-09-03 19:34 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Adobe
2014-09-03 19:21 - 2014-09-03 19:21 - 00021238 _____ () C:\Users\Jonathan\Desktop\dds.txt
2014-09-03 19:21 - 2014-09-03 19:21 - 00009607 _____ () C:\Users\Jonathan\Desktop\attach.txt
2014-09-03 19:19 - 2009-07-14 00:45 - 00020784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 19:19 - 2009-07-14 00:45 - 00020784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 19:17 - 2009-07-14 01:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 19:15 - 2013-07-22 21:25 - 01619374 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 19:14 - 2014-09-03 19:15 - 00688992 ____R (Swearware) C:\Users\Jonathan\Desktop\dds.com
2014-09-03 19:12 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Raptr
2014-09-03 19:12 - 2014-01-11 23:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-03 19:12 - 2013-07-27 21:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-03 19:12 - 2013-07-26 17:57 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Skype
2014-09-03 19:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 19:12 - 2009-07-14 00:51 - 00324051 _____ () C:\Windows\setupact.log
2014-09-03 19:11 - 2013-10-07 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 19:10 - 2013-07-22 23:39 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\TS3Client
2014-09-03 18:31 - 2013-07-22 23:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-02 22:49 - 2014-09-02 22:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 22:43 - 2014-06-15 12:34 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 22:32 - 2014-06-15 12:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 21:23 - 2014-08-31 21:42 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-02 21:23 - 2014-01-11 23:35 - 00000000 ____D () C:\ProgramData\Origin
2014-09-02 19:04 - 2014-09-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 09:47 - 2014-07-27 13:54 - 00000975 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 09:47 - 2014-06-17 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-01 22:44 - 2013-07-27 14:25 - 00364212 _____ () C:\Windows\PFRO.log
2014-09-01 12:10 - 2013-07-26 14:20 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Azureus
2014-09-01 09:55 - 2013-07-26 14:20 - 00001804 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-01 09:55 - 2013-07-26 14:20 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-01 09:55 - 2013-07-26 14:20 - 00000000 ____D () C:\Program Files\Vuze
2014-08-31 21:54 - 2014-06-08 20:30 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\SniperV2
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\library_dir
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\ProgramData\ATI
2014-08-31 21:41 - 2014-08-31 21:41 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201408312141508669.log
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-31 21:41 - 2013-07-22 21:39 - 00000000 ____D () C:\ProgramData\AMD
2014-08-31 21:41 - 2013-07-22 21:39 - 00000000 ____D () C:\Program Files\AMD
2014-08-31 21:41 - 2013-07-22 21:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-31 21:41 - 2013-07-22 21:33 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-08-31 21:34 - 2013-08-13 19:32 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-08-31 12:45 - 2013-07-27 22:20 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 19:58 - 2014-08-30 19:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-08-30 19:58 - 2013-08-20 20:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\EVEMon
2014-08-30 19:58 - 2013-08-20 20:58 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-08-30 19:57 - 2014-08-30 19:58 - 00199471 _____ () C:\Users\Jonathan\Documents\EVEMon_Settings_4357.xml.bak
2014-08-29 18:25 - 2013-07-23 00:08 - 00000969 _____ () C:\Users\Jonathan\Desktop\EVE.lnk
2014-08-29 16:56 - 2014-08-29 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-29 16:56 - 2013-07-22 21:26 - 00000000 ____D () C:\Users\Jonathan
2014-08-28 21:56 - 2014-01-11 23:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-28 21:56 - 2014-01-11 23:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-28 21:56 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 21:15 - 2014-01-19 21:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-28 21:14 - 2014-08-28 21:14 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-28 21:14 - 2014-08-28 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-28 21:14 - 2013-07-22 23:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-28 21:12 - 2014-08-28 21:12 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Oracle
2014-08-27 22:17 - 2013-09-23 00:28 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\.purple
2014-08-25 16:26 - 2013-08-19 21:51 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 16:26 - 2013-08-19 21:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-22 21:34 - 2014-08-22 21:34 - 00348622 _____ () C:\Users\Jonathan\AppData\Local\census.cache
2014-08-22 21:34 - 2014-08-22 21:34 - 00187815 _____ () C:\Users\Jonathan\AppData\Local\ars.cache
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-08-22 21:15 - 2014-08-22 21:15 - 00000036 _____ () C:\Users\Jonathan\AppData\Local\housecall.guid.cache
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieUserList
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieSiteList
2014-08-20 17:30 - 2013-07-22 21:26 - 00001413 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-20 08:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 06:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-19 22:43 - 2014-08-19 22:38 - 00007660 _____ () C:\Windows\IE11_main.log
2014-08-19 22:41 - 2014-08-19 22:41 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 22:36 - 2013-07-23 06:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-19 22:35 - 2013-07-22 23:02 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-19 22:33 - 2014-07-03 19:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-18 09:53 - 2013-07-23 08:03 - 00000000 ___HD () C:\$AVG
2014-08-17 17:55 - 2014-08-17 17:55 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-17 17:55 - 2013-07-22 23:39 - 00001172 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-17 17:40 - 2013-07-22 23:39 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-08-09 10:16 - 2014-07-05 12:32 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Battle.net
2014-08-08 20:23 - 2014-07-05 12:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-06 22:06 - 2014-08-19 19:18 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-19 19:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 17:57 - 2014-07-05 12:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-06 10:50 - 2014-08-06 10:50 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-08-05 20:24 - 2014-08-05 20:24 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server
2014-08-05 20:24 - 2014-08-05 20:24 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack
2014-08-05 20:24 - 2013-08-20 19:29 - 00002063 _____ () C:\Users\Jonathan\Desktop\TVersity.lnk
2014-08-05 20:24 - 2013-08-20 19:29 - 00000000 ____D () C:\Program Files (x86)\TVersity Codec Pack

Some content of TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\Jonathan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jonathan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jonathan\AppData\Local\Temp\lowproc.exe
C:\Users\Jonathan\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Jonathan\AppData\Local\Temp\npp.6.6.7.Installer.exe
C:\Users\Jonathan\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonathan\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jonathan\AppData\Local\Temp\raptr_stub.exe
C:\Users\Jonathan\AppData\Local\Temp\stubhelper.dll
C:\Users\Jonathan\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2013-07-27 14:36] - [2010-11-20 09:27] - 0524288 ____A (Microsoft Corporation) 3B9EF0DD4B658EB19D5EC454BC19BC79

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 02:56

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Jonathan at 2014-09-03 19:57:24
Running from C:\Users\Jonathan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bomgar Display Driver (HKLM-x32\...\{E166EA80-47A4-4DFE-B1D5-0EFA517DDDD3}) (Version: 2.0.518 - Bomgar Corporation)
Bomgar Representative Console 12.2.4 [customersupport.micros.com] (HKLM\...\Bomgar Representative Console [customersupport.micros.com]) (Version: 12.2.4 - Bomgar)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DbVisualizer 5.1.1 (HKLM-x32\...\DbVisualizer 5.1.1) (Version:  - Minq Software)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Easy Tune 6 B13.0125.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0125.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
EVE Isk per Hour (HKLM-x32\...\{61A1A5A8-2835-46CD-9429-A8F4CFEE6657}) (Version: 2.2 - EVE IPH)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EveHQ (HKLM-x32\...\EveHQ) (Version:  - )
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.9.0 - battleclinic.com)
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Far Cry (HKLM-x32\...\Steam App 13520) (Version:  - Crytek Studios)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HIS iTurbo (HKLM-x32\...\HIS iTurbo) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iSkysoft Data Recovery(Build 1.2.0.6) (HKLM-x32\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 1.2.0.6 - iSkysoft Software Co.,Ltd.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NetSupport Manager (HKLM-x32\...\{97417C14-BDF8-4297-90C2-1F19554A91C8}) (Version: 11.30.0002 - NetSupport Ltd)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ShareX 8.5.0 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 8.5.0 - ShareX Developers)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SopCast 3.8.2 (HKLM-x32\...\SopCast) (Version: 3.8.2 - www.sopcast.com)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TVersity Codec Pack 1.4 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.4 - TVersity Inc.)
TVersity Media Server 1.9.3 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.3 - TVersity)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2358386379-3818525880-187080861-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

23-06-2013 12:15:09 Windows Update
23-06-2013 12:57:19 Windows Update
01-07-2013 02:24:19 Scheduled Checkpoint
01-07-2013 09:34:19 Windows Update
06-07-2013 09:34:00 Windows Update
12-07-2013 09:34:26 Windows Update
21-07-2013 04:00:04 Scheduled Checkpoint
21-07-2013 07:08:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10AB6535-499C-4640-9D86-469EACF0EE96} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2358386379-3818525880-187080861-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {41BE4AFF-1A65-4868-B5DF-E775ED40197A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2358386379-3818525880-187080861-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {AD04F0ED-3AD4-4052-A513-2FE4DBB5D41C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2358386379-3818525880-187080861-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EB3E0A80-5270-4805-8881-A1875A43CF55} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2358386379-3818525880-187080861-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

==================== Loaded Modules (whitelisted) =============

2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2010-11-24 16:33 - 2010-11-24 16:33 - 00921600 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe
2013-07-22 21:29 - 2012-08-09 06:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-07-22 21:29 - 2012-08-09 06:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00346112 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00731136 _____ () C:\ProgramData\TVersity\Media Server\X11.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00165888 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00329728 _____ () C:\ProgramData\TVersity\Media Server\libcurl.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00714752 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 04532240 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00081936 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00311808 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00793616 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00201232 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll
2010-11-24 16:36 - 2010-11-24 16:36 - 00507888 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll
2006-09-16 01:03 - 2006-09-16 01:03 - 00007680 _____ () C:\ProgramData\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_GRAY_.dll
2014-08-29 16:39 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 16:39 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 16:39 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-07-01 08:20 - 2014-08-20 18:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 23:50 - 2014-08-28 07:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 16:39 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 16:39 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 17:56 - 2014-08-28 07:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-01-29 20:01 - 2014-08-29 16:39 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 20:00 - 2014-08-29 16:39 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 20:00 - 2014-08-29 16:39 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 20:00 - 2014-08-29 16:39 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 20:00 - 2014-08-29 16:39 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 20:00 - 2014-08-29 16:39 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 20:00 - 2014-08-29 16:39 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 20:00 - 2014-08-29 16:39 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2013-07-09 13:45 - 2014-08-20 18:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-09-02 19:04 - 2014-09-02 19:04 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Slick Savings => "C:\Users\Jonathan\AppData\Roaming\Slick Savings\CouponsHelper.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 07:48:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e58

Start Time: 01cfc7cc7e0cf732

Termination Time: 23

Application Path: C:\Windows\Explorer.EXE

Report Id: d12de96f-33c4-11e4-bc90-94de807aaa61

Error: (09/03/2014 07:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: notepad++.exe, version: 6.6.8.0, time stamp: 0x53d579ca
Faulting module name: notepad++.exe, version: 6.6.8.0, time stamp: 0x53d579ca
Exception code: 0xc0000005
Fault offset: 0x0000e395
Faulting process id: 0x13dc
Faulting application start time: 0xnotepad++.exe0
Faulting application path: notepad++.exe1
Faulting module path: notepad++.exe2
Report Id: notepad++.exe3

Error: (09/03/2014 06:02:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (1496) SUS20ClientDataStore: An attempt to create the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 112 (0x00000070): "There is not enough space on the disk. ".  The create file operation will fail with error -1808 (0xfffff8f0).

Error: (09/03/2014 06:02:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (1496) SUS20ClientDataStore: An attempt to create the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 112 (0x00000070): "There is not enough space on the disk. ".  The create file operation will fail with error -1808 (0xfffff8f0).

Error: (09/03/2014 06:02:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (1496) SUS20ClientDataStore: An attempt to create the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 112 (0x00000070): "There is not enough space on the disk. ".  The create file operation will fail with error -1808 (0xfffff8f0).

Error: (09/03/2014 03:26:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: raptr.exe, version: 4.1.0.0, time stamp: 0x4bbd3163
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x1270
Faulting application start time: 0xraptr.exe0
Faulting application path: raptr.exe1
Faulting module path: raptr.exe2
Report Id: raptr.exe3

Error: (09/03/2014 03:12:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x99c0
Faulting application start time: 0xavgidsagent.exe0
Faulting application path: avgidsagent.exe1
Faulting module path: avgidsagent.exe2
Report Id: avgidsagent.exe3

Error: (09/03/2014 02:42:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00037090
Faulting process id: 0x87c
Faulting application start time: 0xavgidsagent.exe0
Faulting application path: avgidsagent.exe1
Faulting module path: avgidsagent.exe2
Report Id: avgidsagent.exe3

Error: (09/03/2014 02:42:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3
Faulting module name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3
Exception code: 0xc0000005
Fault offset: 0x000cba03
Faulting process id: 0x87c
Faulting application start time: 0xavgidsagent.exe0
Faulting application path: avgidsagent.exe1
Faulting module path: avgidsagent.exe2
Report Id: avgidsagent.exe3

Error: (09/02/2014 06:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d78

Start Time: 01cfc6f81a271c0a

Termination Time: 20

Application Path: C:\Windows\Explorer.EXE

Report Id: fea97212-32ee-11e4-98cc-94de807aaa61


System errors:
=============
Error: (09/03/2014 07:12:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/03/2014 07:12:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error:
%%2

Error: (09/03/2014 03:12:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVGIDSAgent service terminated unexpectedly.  It has done this 2 time(s).

Error: (09/03/2014 02:42:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVGIDSAgent service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/03/2014 00:49:31 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/02/2014 10:49:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TVersity Media Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/02/2014 09:22:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/02/2014 09:22:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error:
%%2

Error: (09/02/2014 09:22:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:12:47 PM on ‎9/‎2/‎2014 was unexpected.

Error: (09/02/2014 05:51:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203


Microsoft Office Sessions:
=========================
Error: (09/03/2014 07:48:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567e5801cfc7cc7e0cf73223C:\Windows\Explorer.EXEd12de96f-33c4-11e4-bc90-94de807aaa61

Error: (09/03/2014 07:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: notepad++.exe6.6.8.053d579canotepad++.exe6.6.8.053d579cac00000050000e39513dc01cfc71edd612e38C:\Program Files (x86)\Notepad++\notepad++.exeC:\Program Files (x86)\Notepad++\notepad++.exe7b079ea4-33bf-11e4-80bf-94de807aaa61

Error: (09/03/2014 06:02:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll1496SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (09/03/2014 06:02:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll1496SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (09/03/2014 06:02:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll1496SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (09/03/2014 03:26:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: raptr.exe4.1.0.04bbd3163KERNELBASE.dll6.1.7601.1840953159a86e06d73630000c42d127001cfc7158e633bfeC:\PROGRA~2\Raptr\raptr.exeC:\Windows\syswow64\KERNELBASE.dll3415e31d-33a0-11e4-80bf-94de807aaa61

Error: (09/03/2014 03:12:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgidsagent.exe14.0.0.476553fb04f3ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be99c001cfc7a6d9e62077C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Windows\SysWOW64\ntdll.dll48f0fcd6-339e-11e4-80bf-94de807aaa61

Error: (09/03/2014 02:42:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgidsagent.exe14.0.0.476553fb04f3ntdll.dll6.1.7601.18247521ea8e7c00000050003709087c01cfc7158a400f1fC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Windows\SysWOW64\ntdll.dll155c4ab5-339a-11e4-80bf-94de807aaa61

Error: (09/03/2014 02:42:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgidsagent.exe14.0.0.476553fb04f3avgidsagent.exe14.0.0.476553fb04f3c0000005000cba0387c01cfc7158a400f1fC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe147d5921-339a-11e4-80bf-94de807aaa61

Error: (09/02/2014 06:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567d7801cfc6f81a271c0a20C:\Windows\Explorer.EXEfea97212-32ee-11e4-98cc-94de807aaa61


CodeIntegrity Errors:
===================================
  Date: 2013-08-07 22:00:32.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 22:00:32.190
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-04 12:07:14.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-04 12:07:14.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 24539.54 MB
Available physical RAM: 17542.61 MB
Total Pagefile: 49077.27 MB
Available Pagefile: 44997.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:238.25 GB) (Free:23.9 GB) NTFS
Drive d: (Onkyo_29500019A) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive e: () (Fixed) (Total:1863.01 GB) (Free:1178.59 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:327.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:223.44 GB) (Free:183.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 69205244)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 15500A35)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 95B08E29)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Jonathan at 2014-09-03 19:58:23
Running from C:\Users\Jonathan\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2013-07-27 14:36][2010-11-20 09:27] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 20:00][2009-07-13 21:41] 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is signed]

C:\Windows\System32\rpcss.dll
[2013-07-27 14:36][2010-11-20 09:27] 0524288 ____A (Microsoft Corporation) 3B9EF0DD4B658EB19D5EC454BC19BC79

====== End Of Search ======



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 04 September 2014 - 04:59 AM

Ok. Let's replace the patched file with a clean copy.
How is your computer running after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   175bytes   9 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 AM

Posted 04 September 2014 - 10:42 AM


Removed by nasdaq

Sorry.

Edited by nasdaq, 04 September 2014 - 12:16 PM.


#6 JPinMD

JPinMD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 05 September 2014 - 04:09 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Jonathan at 2014-09-04 18:12:32 Run:2
Running from C:\Users\Jonathan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
EmptyTemp:
*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
EmptyTemp: => Removed 93.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2b0110389247b34d94086f1264b29e2e
# engine=20007
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-05 03:30:15
# local_time=2014-09-04 11:30:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 96078599 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 34053888 161431265 0 0
# scanned=259866
# found=16
# cleaned=0
# scan_time=5772
sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=5D1864B92D785457E4F5DD6FEC06B7AE9EF654B9 ft=1 fh=914619d1d034692a vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze Remote toolbar\FF\components\vuzeToolbarFF.dll.vir"
sh=EBF01B3EC4607AEB707184674F723440272D4EF5 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip.vir"
sh=748E90CBB284A00D9E9396B9EE387AC5905FF8D1 ft=1 fh=ab95f3a7820679d6 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=A703E83DC6447E84E8582B80A3DBF6C03B77D04A ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=ACCD946F7E8F0DE34AA535DC7ABC3D2E1AB107E4 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Program Files\Vuze\spg.zip"
sh=96AC3B6AB8DE73CE01EF2EA630CD9C84BBE524D9 ft=1 fh=340fa819d48167f3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7C81.tmp"
sh=96AC3B6AB8DE73CE01EF2EA630CD9C84BBE524D9 ft=1 fh=340fa819d48167f3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7C81.tmp"
sh=77122BF8473EC0B86A939A6251A4A74CD1C397D7 ft=1 fh=6fb2e2a35e8198a0 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Download\siw-setup.exe"
sh=CBD6A286A5221D36A8F6438615599E897A1A5EA5 ft=1 fh=eb0a39552fd7064a vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="E:\Download\TVersitySetup_1_5_0_0.exe"
sh=F1DAA8FD7A64B1E36EB25DAF1FCE5AE1E49AE867 ft=1 fh=f01866555881a4dd vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="E:\Download\TVersitySetup_1_9_3.exe"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="E:\Downloads\rcsetup151.exe"
sh=A365624232876EFC03F0E59887B0427889BB2796 ft=1 fh=55d5882b5986b999 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="E:\Downloads\SopCast_v383zip.exe"
sh=9290D58584996E3F0DA0E4D2FA2A5D51C93D498A ft=1 fh=33c3f2f83e3e41f9 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Downloads\windows.7.codec.pack.v4.0.9.setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2b0110389247b34d94086f1264b29e2e
# engine=20010
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-05 06:31:39
# local_time=2014-09-05 02:31:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 96089483 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 34064772 161442149 0 0
# scanned=623720
# found=21
# cleaned=0
# scan_time=10834
sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=5D1864B92D785457E4F5DD6FEC06B7AE9EF654B9 ft=1 fh=914619d1d034692a vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze Remote toolbar\FF\components\vuzeToolbarFF.dll.vir"
sh=EBF01B3EC4607AEB707184674F723440272D4EF5 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip.vir"
sh=748E90CBB284A00D9E9396B9EE387AC5905FF8D1 ft=1 fh=ab95f3a7820679d6 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=A703E83DC6447E84E8582B80A3DBF6C03B77D04A ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jonathan\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=ACCD946F7E8F0DE34AA535DC7ABC3D2E1AB107E4 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Program Files\Vuze\spg.zip"
sh=96AC3B6AB8DE73CE01EF2EA630CD9C84BBE524D9 ft=1 fh=340fa819d48167f3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7C81.tmp"
sh=96AC3B6AB8DE73CE01EF2EA630CD9C84BBE524D9 ft=1 fh=340fa819d48167f3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7C81.tmp"
sh=77122BF8473EC0B86A939A6251A4A74CD1C397D7 ft=1 fh=6fb2e2a35e8198a0 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Download\siw-setup.exe"
sh=CBD6A286A5221D36A8F6438615599E897A1A5EA5 ft=1 fh=eb0a39552fd7064a vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="E:\Download\TVersitySetup_1_5_0_0.exe"
sh=F1DAA8FD7A64B1E36EB25DAF1FCE5AE1E49AE867 ft=1 fh=f01866555881a4dd vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="E:\Download\TVersitySetup_1_9_3.exe"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="E:\Downloads\rcsetup151.exe"
sh=A365624232876EFC03F0E59887B0427889BB2796 ft=1 fh=55d5882b5986b999 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="E:\Downloads\SopCast_v383zip.exe"
sh=9290D58584996E3F0DA0E4D2FA2A5D51C93D498A ft=1 fh=33c3f2f83e3e41f9 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Downloads\windows.7.codec.pack.v4.0.9.setup.exe"
sh=1658A2A3C75D44161B2D1A185447A88D7F656E37 ft=1 fh=67c324132214aaee vn="MSIL/DomaIQ.A potentially unwanted application" ac=I fn="F:\Program Files\Uninstaller\Uninstall.exe"
sh=49E77B0C3A5FB42EF9840D58C2882FEB74FA6BE8 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Systweak potentially unwanted application" ac=I fn="F:\Users\Jonathan\AppData\Local\Temp\winzip170-64ml.msi"
sh=F6C4EB237EEA8F469669D0278D9A867F6FC1A951 ft=1 fh=564e30ec454c8f0e vn="a variant of Win32/Amonetize.H potentially unwanted application" ac=I fn="F:\Users\Jonathan\AppData\Local\Temp\DIQM\winrar_157\setup__120.exe"
sh=B8B0B37AE9DF94D043DE14E9BF7508FB6FACE5D5 ft=1 fh=71bb6e3313f2df07 vn="a variant of Win32/DomaIQ.AI potentially unwanted application" ac=I fn="F:\Users\Jonathan\AppData\Local\Temp\DIQM\winrar_157\winrar.exe"
sh=49E77B0C3A5FB42EF9840D58C2882FEB74FA6BE8 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Systweak potentially unwanted application" ac=I fn="F:\Windows\Installer\2c41d68d.msi"
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Jonathan (administrator) on JONATHAN-PC1 on 05-09-2014 05:05:07
Running from C:\Users\Jonathan\Desktop
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
() C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Jonathan\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 9f185b7e255b47d3ba0b4597c69e4392-7b445b66ad90849bfbe7c91b222b06bbedde7fde --CMPID 0913a
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-29] (Electronic Arts)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
HKU\S-1-5-21-2358386379-3818525880-187080861-1000\...\MountPoints2: {8888f968-f34f-11e2-939a-806e6f6e6963} - rundll32.exe url,FileProtocolHandler index.html
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xACD7D160D8C7CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {AC613702-640D-4761-B3A4-7008A74C1FB5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {339C123F-5AF1-4EC4-8869-B579DD14D24F} https://mysentinel.mymicros.net/VxLauncher.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\3ekqr65d.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Jonathan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [921600 2010-11-24] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bgdspdrv; C:\Windows\System32\DRIVERS\bgdspdrv.sys [37200 2012-05-21] (Bomgar Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-03] ()
S3 cpuz136; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 18:25 - 2014-09-04 18:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 18:04 - 2014-09-04 18:04 - 02347384 _____ (ESET) C:\Users\Jonathan\Desktop\esetsmartinstaller_enu.exe
2014-09-03 19:58 - 2014-09-03 19:59 - 00000896 _____ () C:\Users\Jonathan\Desktop\Search.txt
2014-09-03 19:57 - 2014-09-03 19:57 - 00045062 _____ () C:\Users\Jonathan\Desktop\Addition.txt
2014-09-03 19:56 - 2014-09-05 05:05 - 00018902 _____ () C:\Users\Jonathan\Desktop\FRST.txt
2014-09-03 19:56 - 2014-09-05 05:05 - 00000000 ____D () C:\FRST
2014-09-03 19:56 - 2014-09-03 19:56 - 02104832 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2014-09-03 19:34 - 2014-09-03 19:34 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Adobe
2014-09-03 19:21 - 2014-09-03 19:21 - 00021238 _____ () C:\Users\Jonathan\Desktop\dds.txt
2014-09-03 19:21 - 2014-09-03 19:21 - 00009607 _____ () C:\Users\Jonathan\Desktop\attach.txt
2014-09-03 19:15 - 2014-09-03 19:14 - 00688992 ____R (Swearware) C:\Users\Jonathan\Desktop\dds.com
2014-09-02 22:43 - 2014-09-02 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 19:04 - 2014-09-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-31 21:42 - 2014-09-05 01:46 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Raptr
2014-08-31 21:42 - 2014-09-04 21:46 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\library_dir
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\ProgramData\ATI
2014-08-31 21:41 - 2014-08-31 21:41 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201408312141508669.log
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-30 19:58 - 2014-08-30 19:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-08-30 19:58 - 2014-08-30 19:57 - 00199471 _____ () C:\Users\Jonathan\Documents\EVEMon_Settings_4357.xml.bak
2014-08-29 16:54 - 2014-08-29 16:56 - 00000000 ____D () C:\AdwCleaner
2014-08-28 21:14 - 2014-08-28 21:14 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-28 21:14 - 2014-08-28 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-28 21:14 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-28 21:14 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-28 21:14 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-28 21:14 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-28 21:12 - 2014-08-28 21:12 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Oracle
2014-08-22 21:34 - 2014-08-22 21:34 - 00348622 _____ () C:\Users\Jonathan\AppData\Local\census.cache
2014-08-22 21:34 - 2014-08-22 21:34 - 00187815 _____ () C:\Users\Jonathan\AppData\Local\ars.cache
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-08-22 21:15 - 2014-08-22 21:15 - 00000036 _____ () C:\Users\Jonathan\AppData\Local\housecall.guid.cache
2014-08-22 21:15 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieUserList
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieSiteList
2014-08-19 22:43 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-08-19 22:41 - 2014-08-19 22:41 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 22:38 - 2014-08-19 22:43 - 00007660 _____ () C:\Windows\IE11_main.log
2014-08-19 22:33 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-19 22:33 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-19 22:33 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-19 22:33 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-19 22:33 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-19 22:33 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-19 22:33 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-19 22:33 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-19 19:18 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-19 19:18 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-19 19:18 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-19 19:18 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-19 19:18 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-19 19:18 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-19 19:18 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-19 19:18 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-19 19:18 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-19 19:18 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-19 19:18 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-19 19:18 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-19 19:18 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-19 19:18 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-19 19:18 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-19 19:18 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 17:55 - 2014-08-17 17:55 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-06 10:50 - 2014-08-06 10:50 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 05:05 - 2014-09-03 19:56 - 00018902 _____ () C:\Users\Jonathan\Desktop\FRST.txt
2014-09-05 05:05 - 2014-09-03 19:56 - 00000000 ____D () C:\FRST
2014-09-05 05:03 - 2009-07-14 00:51 - 00325731 _____ () C:\Windows\setupact.log
2014-09-05 01:46 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Raptr
2014-09-04 23:31 - 2013-07-22 23:39 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\TS3Client
2014-09-04 21:53 - 2009-07-14 00:45 - 00020784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 21:53 - 2009-07-14 00:45 - 00020784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 21:52 - 2009-07-14 01:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 21:49 - 2013-07-22 21:25 - 01694129 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 21:46 - 2014-08-31 21:42 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-04 21:46 - 2014-01-11 23:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-04 21:46 - 2013-07-27 21:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-04 21:46 - 2013-07-27 14:25 - 00554150 _____ () C:\Windows\PFRO.log
2014-09-04 21:46 - 2013-07-26 17:57 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Skype
2014-09-04 21:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 18:25 - 2014-09-04 18:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 18:23 - 2014-01-11 23:35 - 00000000 ____D () C:\ProgramData\Origin
2014-09-04 18:04 - 2014-09-04 18:04 - 02347384 _____ (ESET) C:\Users\Jonathan\Desktop\esetsmartinstaller_enu.exe
2014-09-04 17:12 - 2013-07-22 23:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-03 19:59 - 2014-09-03 19:58 - 00000896 _____ () C:\Users\Jonathan\Desktop\Search.txt
2014-09-03 19:57 - 2014-09-03 19:57 - 00045062 _____ () C:\Users\Jonathan\Desktop\Addition.txt
2014-09-03 19:56 - 2014-09-03 19:56 - 02104832 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2014-09-03 19:34 - 2014-09-03 19:34 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Adobe
2014-09-03 19:21 - 2014-09-03 19:21 - 00021238 _____ () C:\Users\Jonathan\Desktop\dds.txt
2014-09-03 19:21 - 2014-09-03 19:21 - 00009607 _____ () C:\Users\Jonathan\Desktop\attach.txt
2014-09-03 19:14 - 2014-09-03 19:15 - 00688992 ____R (Swearware) C:\Users\Jonathan\Desktop\dds.com
2014-09-03 19:11 - 2013-10-07 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 22:49 - 2014-09-02 22:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 22:43 - 2014-06-15 12:34 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 22:32 - 2014-06-15 12:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 19:04 - 2014-09-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 09:47 - 2014-07-27 13:54 - 00000975 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 09:47 - 2014-06-17 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-01 12:10 - 2013-07-26 14:20 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Azureus
2014-09-01 09:55 - 2013-07-26 14:20 - 00001804 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-01 09:55 - 2013-07-26 14:20 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-01 09:55 - 2013-07-26 14:20 - 00000000 ____D () C:\Program Files\Vuze
2014-08-31 21:54 - 2014-06-08 20:30 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\SniperV2
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\library_dir
2014-08-31 21:42 - 2014-08-31 21:42 - 00000000 ____D () C:\ProgramData\ATI
2014-08-31 21:41 - 2014-08-31 21:41 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201408312141508669.log
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-31 21:41 - 2014-08-31 21:41 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-31 21:41 - 2013-07-22 21:39 - 00000000 ____D () C:\ProgramData\AMD
2014-08-31 21:41 - 2013-07-22 21:39 - 00000000 ____D () C:\Program Files\AMD
2014-08-31 21:41 - 2013-07-22 21:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-31 21:41 - 2013-07-22 21:33 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-08-31 21:34 - 2013-08-13 19:32 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-08-31 12:45 - 2013-07-27 22:20 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 19:58 - 2014-08-30 19:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-08-30 19:58 - 2013-08-20 20:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\EVEMon
2014-08-30 19:58 - 2013-08-20 20:58 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-08-30 19:57 - 2014-08-30 19:58 - 00199471 _____ () C:\Users\Jonathan\Documents\EVEMon_Settings_4357.xml.bak
2014-08-29 18:25 - 2013-07-23 00:08 - 00000969 _____ () C:\Users\Jonathan\Desktop\EVE.lnk
2014-08-29 16:56 - 2014-08-29 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-29 16:56 - 2013-07-22 21:26 - 00000000 ____D () C:\Users\Jonathan
2014-08-28 21:56 - 2014-01-11 23:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-28 21:56 - 2014-01-11 23:35 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-28 21:56 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 21:15 - 2014-01-19 21:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-28 21:14 - 2014-08-28 21:14 - 00004549 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-28 21:14 - 2014-08-28 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-28 21:14 - 2013-07-22 23:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-28 21:12 - 2014-08-28 21:12 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Oracle
2014-08-27 22:17 - 2013-09-23 00:28 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\.purple
2014-08-25 16:26 - 2013-08-19 21:51 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 16:26 - 2013-08-19 21:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-22 21:34 - 2014-08-22 21:34 - 00348622 _____ () C:\Users\Jonathan\AppData\Local\census.cache
2014-08-22 21:34 - 2014-08-22 21:34 - 00187815 _____ () C:\Users\Jonathan\AppData\Local\ars.cache
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdva.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiumdag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-08-22 21:18 - 2014-08-22 21:18 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-08-22 21:15 - 2014-08-22 21:15 - 00000036 _____ () C:\Users\Jonathan\AppData\Local\housecall.guid.cache
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieUserList
2014-08-22 17:45 - 2014-08-22 17:45 - 00000000 __SHD () C:\Users\Jonathan\AppData\Local\EmieSiteList
2014-08-20 17:30 - 2013-07-22 21:26 - 00001413 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-20 08:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 06:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-19 22:43 - 2014-08-19 22:38 - 00007660 _____ () C:\Windows\IE11_main.log
2014-08-19 22:41 - 2014-08-19 22:41 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 22:41 - 2014-08-19 22:41 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 22:41 - 2014-08-19 22:41 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-19 22:41 - 2014-08-19 22:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-19 22:41 - 2014-08-19 22:41 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-19 22:41 - 2014-08-19 22:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-19 22:41 - 2014-08-19 22:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 22:36 - 2013-07-23 06:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-19 22:35 - 2013-07-22 23:02 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-19 22:33 - 2014-07-03 19:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-18 09:53 - 2013-07-23 08:03 - 00000000 ___HD () C:\$AVG
2014-08-17 17:55 - 2014-08-17 17:55 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-17 17:55 - 2013-07-22 23:39 - 00001172 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-17 17:40 - 2013-07-22 23:39 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-08-09 10:16 - 2014-07-05 12:32 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Battle.net
2014-08-08 20:23 - 2014-07-05 12:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-06 22:06 - 2014-08-19 19:18 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-19 19:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 17:57 - 2014-07-05 12:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-06 10:50 - 2014-08-06 10:50 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 02:56

==================== End Of Log ============================



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 05 September 2014 - 05:32 AM

Very good. The replacement worked and ESET hasn't found anything that we need to worry about.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader XI (11.0.03)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#8 JPinMD

JPinMD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 06 September 2014 - 08:58 AM

All steps complete. So far so good.  Thank you all for the support and helping me fix my system.



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 06 September 2014 - 09:03 AM

You're welcome.
Take care.

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 06 September 2014 - 09:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users