Jump to content

I think my computer is infected - please advise


kaeb

Recommended Posts

Hi, I've recently had a lot of pop ups in my computer and ads that are all over the place when browsing the internet. I've completed a full scan using Malwarebytes and it says it has removed all detected viruses but still these ads and popups happen.

 

Could you please help?
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Shane Saing at 17:18:41 on 2013-09-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8102.5135 [GMT 10:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
C:\windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [HP Officejet 6500 E710a-f (NET)] "C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe" -deviceID "CN0BT2271J05JZ:NW" -scfn "HP Officejet 6500 E710a-f (NET)" -AutoStart 1
uRun: [blackBerryLink.exe] "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [iFXSPMGT] "C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRunOnce: [1] C:\Users\Shane Saing\Desktop\New folder\mbam-chameleon.exe /r /p
StartupFolder: C:\Users\SHANES~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{180A84F1-F1A6-4844-8AD5-2E941DB0EC3B} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{361450D2-FDD6-4BF6-AD05-2D87E5607616} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{361450D2-FDD6-4BF6-AD05-2D87E5607616}\24967605F6E646441373436444 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{361450D2-FDD6-4BF6-AD05-2D87E5607616}\36F6F6075627 : DHCPNameServer = 192.168.2.1 192.168.1.254
TCP: Interfaces\{361450D2-FDD6-4BF6-AD05-2D87E5607616}\E4F602E456470264F6270295F657 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4D5D8D2A-4E1B-47CC-BB26-0645A5FCE9FB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{79CDD63C-CB63-4BA0-A00F-75040F323FAC} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8CA0FA24-D553-44D7-9052-532DF9338C78} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E6E8B4A3-FECF-4EFB-BF92-7ABE979EEF2F} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter EpePcNp64 scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shane Saing\AppData\Roaming\Mozilla\Firefox\Profiles\kmw7fp2d.default-1358497465624\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Shane Saing\AppData\Local\Citrix\Plugins\92\npappdetector.dll
FF - plugin: C:\Users\Shane Saing\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-29 23:27; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-09-11 17:22; {66e2f9b0-1793-4097-b066-b683979829fc}; C:\Program Files (x86)\Lyrics_Fan\133.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-2-8 100808]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-2-8 158920]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-5-12 55856]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2012-6-1 44576]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-1-20 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-22 32808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-9 135952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-3-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-29 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-8-26 322048]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-3-14 365440]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-2-28 31000]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-6 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2012-3-12 190120]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-30 210896]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-2-8 1323008]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-12 1128952]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe [2013-4-26 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe [2013-4-26 1235456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-6 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-8-23 3175728]
R2 Vodafone Mobile Broadband QuickStart;Vodafone Mobile Broadband QuickStart Service;C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe [2011-12-21 229216]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe [2013-2-6 585728]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2012-3-6 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-3-6 39464]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-1-20 317440]
R3 rimvndis;BlackBerry Virtual Private Network;C:\windows\System32\drivers\rimvndis6_AMD64.sys [2013-4-26 17920]
R3 rzdaendpt;Razer DeathAdder end point;C:\windows\System32\drivers\rzdaendpt.sys [2013-8-20 33464]
R3 rzudd;Razer Mouse Driver;C:\windows\System32\drivers\rzudd.sys [2013-8-21 141496]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\windows\System32\drivers\rzvkeyboard.sys [2013-8-20 30904]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-8 63336]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-11-9 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-14 19456]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-14 57856]
S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2013-3-30 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-6-1 117552]
.
=============== Created Last 30 ================
.
2013-09-13 08:54:06 -------- d-----w- C:\Users\Shane Saing\AppData\Local\ElevatedDiagnostics
2013-09-12 10:33:46 -------- d-----w- C:\Users\Shane Saing\AppData\Roaming\Malwarebytes
2013-09-12 10:33:39 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-12 10:33:38 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-12 10:33:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-12 09:25:13 150 ----a-w- C:\Delme.bat
2013-09-11 09:03:23 -------- d-----w- C:\9be40971adaa2e3311cc2120
2013-09-11 07:22:35 -------- d-----w- C:\Program Files (x86)\Lyrics_Fan
2013-09-11 01:26:57 3155456 ----a-w- C:\windows\System32\win32k.sys
2013-09-04 15:43:42 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-08-29 04:29:54 796672 ----a-w- C:\windows\SysWow64\rzdevicedll.dll
2013-08-21 07:34:32 141496 ----a-w- C:\windows\System32\drivers\rzudd.sys
2013-08-20 08:41:58 33464 ----a-w- C:\windows\System32\drivers\rzdaendpt.sys
2013-08-20 08:41:56 30904 ----a-w- C:\windows\System32\drivers\rzvkeyboard.sys
2013-08-20 08:35:02 57344 ----a-w- C:\windows\SysWow64\rzdevinfo.dll
2013-08-20 08:35:02 154112 ----a-w- C:\windows\SysWow64\rztouchdll.dll
2013-08-20 08:34:58 117248 ----a-w- C:\windows\SysWow64\rzdisplaydll.dll
2013-08-20 08:34:56 296448 ----a-w- C:\windows\SysWow64\rzaudiodll.dll
.
==================== Find3M  ====================
.
2013-09-14 03:35:39 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 03:35:39 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 15:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-07-19 15:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-07-19 15:50:56 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-07-19 15:50:50 206648 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-13 13:23:41 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-13 13:23:40 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-07-13 13:23:40 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-30 15:45:28 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-06-26 09:21:50 23208 ----a-w- C:\windows\System32\drivers\Sftvollh.sys
2013-06-26 09:21:48 28840 ----a-w- C:\windows\System32\drivers\Sftredirlh.sys
2013-06-26 09:21:46 273576 ----a-w- C:\windows\System32\drivers\Sftplaylh.sys
2013-06-26 09:21:46 1777320 ----a-w- C:\windows\System32\sftldr.dll
2013-06-26 09:21:46 1130664 ----a-w- C:\windows\SysWow64\sftldr_wow64.dll
2013-06-26 09:21:44 767144 ----a-w- C:\windows\System32\drivers\Sftfslh.sys
.
============= FINISH: 17:18:50.44 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/04/2012 9:32:51 PM
System Uptime: 14/09/2013 4:24:53 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1618
Processor: Intel® Core i5-2540M CPU @ 2.60GHz | CPU 1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 276 GiB total, 90.212 GiB free.
E: is FIXED (NTFS) - 17 GiB total, 2.556 GiB free.
F: is FIXED (FAT32) - 5 GiB total, 0.004 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&41F964&0&38ECE452164B_C00000000
Manufacturer: 
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&41F964&0&38ECE452164B_C00000000
Service: 
.
Class GUID: 
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&22F00FA2&0&01E2
Manufacturer: 
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&22F00FA2&0&01E2
Service: 
.
==== System Restore Points ===================
.
RP223: 8/09/2013 7:00:08 PM - Windows Backup
RP224: 11/09/2013 7:01:19 PM - Windows Update
RP225: 11/09/2013 11:41:30 PM - Windows Update
RP226: 12/09/2013 7:01:25 PM - Restore Operation
RP227: 12/09/2013 7:22:00 PM - Removed Alcor Micro Smart Card Reader Driver
RP228: 12/09/2013 7:22:42 PM - Removed ArcSoft Webcam Sharing Manager.
RP229: 12/09/2013 7:23:56 PM - Removed e-tax 2013
RP230: 12/09/2013 7:24:27 PM - Removed Facebook Video Calling 1.2.0.287
RP231: 12/09/2013 7:24:41 PM - Removed Google AdWords Editor
RP232: 12/09/2013 7:25:30 PM - Removed I.R.I.S. OCR
RP233: 12/09/2013 7:26:12 PM - Removed LightScribe System Software.
RP234: 12/09/2013 8:35:56 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
AVG 2013
BlackBerry Link
Broadcom 2070 Bluetooth 3.0
CCleaner
Counter-Strike
Counter-Strike: Global Offensive
D3DX10
Day of Defeat
Device Access Manager for HP ProtectTools
DirectX 9 Runtime
Dota 2
Drive Encryption For HP ProtectTools
Embedded Security for HP ProtectTools
Energy Star Digital Logo
Face Recognition for HP ProtectTools
File Sanitizer For HP ProtectTools
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP 3D DriveGuard
HP Auto
HP Client Automation Agent Preload 
HP Connection Manager
HP Customer Experience Enhancements
HP DayStarter
HP Documentation
HP ESU for Microsoft Windows 7
HP Hotkey Support
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
HP Officejet 6500 E710a-f Product Improvement Study
HP Photo Creations
HP Power Assistant
HP ProtectTools Security Manager
HP QuickWeb
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP System Default Settings
HP Update
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
HPDiagnosticAlert
I.R.I.S. OCR
IDT Audio
Intel® Control Center
Intel® Identity Protection Technology 1.0.71.0
Intel® Management Engine Components
Intel® Network Connections 17.1.55.0
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 9.1.0 (64-bit)
K-Lite Mega Codec Pack 9.1.0
League of Legends
LightScribe System Software
LSI HDA Modem
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup 
Nexon Game Manager
Pando Media Booster
PDF Complete Special Edition
Photo Common
Photo Gallery
Privacy Manager for HP ProtectTools
Razer Synapse 2.0
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 6.6
Steam
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Theft Recovery for HP ProtectTools
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Validity Fingerprint Sensor Driver
VIP Access SDK x64(1.0.0.50) 
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Vodafone QuickStart Uninstaller
Windows Driver Package - ZTE Corporation (ZTEusbmdm6k) Modem  (01/22/2010 1.2059.0.10)
Windows Driver Package - ZTE Corporation (ZTEusbnet) Net  (12/28/2009 2.1040.0.6)
Windows Driver Package - ZTE Corporation (ZTEusbnmea) Ports  (01/22/2010 1.2059.0.10)
Windows Driver Package - ZTE Corporation (ZTEusbser6k) Ports  (01/22/2010 1.2059.0.10)
Windows Driver Package - ZTE Incorporated (massfilter) USB  (04/28/2008 1.0.0.2)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (64-bit)
WinZip 16.0
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
14/09/2013 2:06:04 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
14/09/2013 1:26:48 PM, Error: Schannel [36887]  - The following fatal alert was received: 45.
13/09/2013 6:19:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
13/09/2013 6:19:22 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
13/09/2013 6:19:22 PM, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
13/09/2013 6:09:06 PM, Error: TPM [15]  - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
13/09/2013 6:09:06 PM, Error: Microsoft-Windows-TBS [516]  - An error occurred while communicating with the TPM.  The driver returned 0x8007045d.
13/09/2013 6:09:06 PM, Error: Microsoft-Windows-TBS [16392]  - An error occurred while starting the TBS.  The error code was 0x8007045d.
13/09/2013 6:07:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000006b (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 091313-68000-01.
13/09/2013 5:43:40 PM, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  %%-2147467243
12/09/2013 8:41:29 PM, Error: Service Control Manager [7023]  - The Workstation service terminated with the following error:  Not enough storage is available to complete this operation.
11/09/2013 9:31:02 PM, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
10/09/2013 7:06:48 PM, Error: Microsoft-Windows-Bits-Client [16398]  - A new BITS job could not be created. The current job count for the user ShaneSaing-HP\Shane Saing (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Run the following:

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post logs in next reply, also post recent log from Malwarebytes..

 

Kevin

Link to post
Share on other sites

Adwcleaner

 

# AdwCleaner v3.003 - Report created 14/09/2013 at 22:07:50

# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Shane Saing - SHANESAING-HP
# Running from : C:\Users\Shane Saing\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : BackupStack
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Lyrics_Fan
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup 
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Shane Saing\AppData\Local\Conduit
Folder Deleted : C:\Users\Shane Saing\AppData\Local\cre
Folder Deleted : C:\Users\Shane Saing\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Shane Saing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 
Folder Deleted : C:\Users\Shane Saing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Users\Shane Saing\AppData\Roaming\Mozilla\Firefox\Profiles\kmw7fp2d.default-1358497465624\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Shane Saing\AppData\Roaming\Mozilla\Firefox\Profiles\kmw7fp2d.default-1358497465624\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Shane Saing\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5041 octets] - [14/09/2013 22:06:30]
AdwCleaner[s0].txt - [4727 octets] - [14/09/2013 22:07:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4787 octets] ##########
 
 
 
 
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04

Ran by Shane Saing (administrator) on SHANESAING-HP on 14-09-2013 22:17:14

Running from C:\Users\Shane Saing\Downloads

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe

(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe

(Intel Corporation) C:\windows\system32\IProsetMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

() C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe

(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel Corporation) C:\windows\system32\igfxext.exe

(Intel Corporation) C:\windows\system32\igfxsrvc.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()

HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-29] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-07-22] (IDT, Inc.)

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [HP Officejet 6500 E710a-f (NET)] - C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKCU\...\Run: [blackBerryLink.exe] - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [3786768 2013-05-06] (Research In Motion)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-29] (Valve Corporation)

MountPoints2: D - D:\AutoRun.exe

MountPoints2: {0bc1a21b-9525-11e2-ba67-100ba97b0f94} - D:\setup.exe

MountPoints2: {1af7290e-e926-11e1-9d7e-001e101f36d9} - D:\AutoRun.exe

MountPoints2: {1af72911-e926-11e1-9d7e-001e101f36d9} - D:\AutoRun.exe

MountPoints2: {22137ed1-8bb1-11e1-93e7-402cf4c44020} - "D:\WD SmartWare.exe" autoplay=true

MountPoints2: {4ee056a1-e781-11e1-93a4-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {4ee056b2-e781-11e1-93a4-ec9a74fbe712} - H:\AutoRun.exe

MountPoints2: {64967a06-a8e0-11e2-8d93-100ba97b0f94} - D:\setup_QuickStart.exe

MountPoints2: {792be350-817b-11e2-aa45-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {792be352-817b-11e2-aa45-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {96ccacbb-a7f8-11e2-9b59-001e101f21c1} - D:\setup_vmc_lite.exe /checkApplicationPresence

MountPoints2: {a3cd4776-8eaa-11e2-b59e-100ba97b0f94} - D:\setup.exe

MountPoints2: {acc45484-9e34-11e2-946e-806e6f6e6963} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe

MountPoints2: {b7e35f7c-09be-11e2-ab1d-100ba97b0f94} - D:\AutoRun.exe

MountPoints2: {b7e35f84-09be-11e2-ab1d-100ba97b0f94} - D:\AutoRun.exe

MountPoints2: {b80f6842-817e-11e2-a9fe-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {b80f6844-817e-11e2-a9fe-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {c3c5961d-e83e-11e1-9762-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {c3c5962f-e83e-11e1-9762-ec9a74fbe712} - H:\AutoRun.exe

MountPoints2: {c3c5965e-e83e-11e1-9762-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {c3c5966e-e83e-11e1-9762-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {f8538b1d-78e6-11e2-bcde-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {f8538b23-78e6-11e2-bcde-402cf4c44020} - D:\AutoRun.exe

HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-04] (Intel Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-27] (Intel Corporation)

HKLM-x32\...\Run: [File Sanitizer] - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)

HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)

HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2012-06-01] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [iFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1126264 2012-06-01] (Infineon Technologies AG)

HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4265472 2013-04-26] (Research In Motion Limited)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)

Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli

Startup: C:\Users\Shane Saing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710a-f (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710a-f (Network).lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\HPStatusBL.dll (Hewlett-Packard Co.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com.au/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKCU - {9B0F2E5B-2CA8-4D56-9D16-97150BF19C9A} URL = http://au.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms}

SearchScopes: HKCU - {E63C0A38-8290-4D17-A03C-BA6853769DA2} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYAU&apn_uid=617607ec-49b8-4006-9bde-7539043dae0b&apn_sauid=B5CA5ED9-2159-4AB9-9CA8-6D1AB20F922F

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU -  No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Shane Saing\AppData\Roaming\Mozilla\Firefox\Profiles\kmw7fp2d.default

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Shane Saing\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\

FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\

FF HKCU\...\Firefox\Extensions: [{66e2f9b0-1793-4097-b066-b683979829fc}] - C:\Program Files (x86)\Lyrics_Fan\133.xpi

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (ShipRush FedEx) - C:\Users\Shane Saing\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll (Z-Firm LLC)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Shane Saing\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (Google Drive) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Skype Click to Call) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Lexity Live) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomdglhpapfpbfooeapcficgfhoncc\1.1_0

CHR Extension: (Gmail) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [okkbcpjgdooahcefofhjdpacngfecaaa] - C:\Program Files (x86)\Lyrics_Fan\133.crx

 

==================== Services (Whitelisted) =================

 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)

R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)

S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)

R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-29] (Hewlett-Packard Company)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)

R2 HPSLPSVC; C:\Users\SHANES~1\AppData\Local\Temp\7zS56D6\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.)

R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1126264 2012-06-01] (Infineon Technologies AG)

R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980856 2012-06-01] (Infineon Technologies AG)

R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] ()

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)

R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203640 2012-06-01] (Infineon Technologies AG)

R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-04-26] (Apple Inc.)

R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1235456 2013-04-26] (Research In Motion Limited)

R2 Vodafone Mobile Broadband QuickStart; C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe [229216 2011-12-21] ()

 

==================== Drivers (Whitelisted) ====================

 

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-08] (Hewlett-Packard Company)

R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)

R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)

R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2012-06-01] (Infineon Technologies AG)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-08-20] (Razer Inc)

R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-08-20] (Razer Inc)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [x]

S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]

S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

S3 JMCR; system32\DRIVERS\jmcr.sys [x]

S3 johci; system32\DRIVERS\johci.sys [x]

S3 massfilter; system32\drivers\massfilter.sys [x]

S3 massfilter_lte; \??\C:\windows\system32\drivers\massfilter_lte.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-14 22:17 - 2013-09-14 22:17 - 00000000 ____D C:\FRST

2013-09-14 22:16 - 2013-09-14 22:16 - 01950312 _____ (Farbar) C:\Users\Shane Saing\Downloads\FRST64.exe

2013-09-14 22:06 - 2013-09-14 22:08 - 00000000 ____D C:\AdwCleaner

2013-09-14 22:05 - 2013-09-14 22:06 - 01037278 _____ C:\Users\Shane Saing\Downloads\AdwCleaner.exe

2013-09-14 17:18 - 2013-09-14 17:18 - 00031332 _____ C:\Users\Shane Saing\Desktop\dds.txt

2013-09-14 17:18 - 2013-09-14 17:18 - 00011745 _____ C:\Users\Shane Saing\Desktop\attach.txt

2013-09-14 17:08 - 2013-09-14 17:08 - 01440846 _____ C:\Users\Shane Saing\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-09-14 17:02 - 2013-09-14 17:02 - 00688992 ____R (Swearware) C:\Users\Shane Saing\Downloads\dds.com

2013-09-13 18:36 - 2013-09-14 22:09 - 00000894 _____ C:\windows\PFRO.log

2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 _____ C:\windows\SysWOW64\CN0BT2271J05JZ

2013-09-13 18:06 - 2013-09-14 22:09 - 00000392 _____ C:\windows\setupact.log

2013-09-13 18:06 - 2013-09-13 18:07 - 00272792 _____ C:\windows\Minidump\091313-68000-01.dmp

2013-09-13 18:06 - 2013-09-13 18:06 - 00293904 _____ C:\windows\system32\FNTCACHE.DAT

2013-09-13 18:06 - 2013-09-13 18:06 - 00000000 _____ C:\windows\setuperr.log

2013-09-13 18:05 - 2013-09-13 18:05 - 388598166 _____ C:\windows\MEMORY.DMP

2013-09-12 20:43 - 2013-09-12 20:43 - 00058856 _____ C:\Users\Shane Saing\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-12 20:33 - 2013-09-14 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-12 20:33 - 2013-09-14 11:59 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-12 20:33 - 2013-09-12 20:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Shane Saing\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-12 20:33 - 2013-09-12 20:33 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-12 20:33 - 2013-09-12 20:33 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Malwarebytes

2013-09-12 20:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2013-09-12 19:25 - 2013-09-12 19:25 - 00000150 _____ C:\Delme.bat

2013-09-11 23:42 - 2013-08-10 15:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-09-11 23:42 - 2013-08-10 15:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-09-11 23:42 - 2013-08-10 15:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-09-11 23:42 - 2013-08-10 15:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-09-11 23:42 - 2013-08-10 15:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-09-11 23:42 - 2013-08-10 15:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-09-11 23:42 - 2013-08-10 13:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-09-11 23:42 - 2013-08-10 13:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-09-11 23:42 - 2013-08-10 13:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-09-11 23:42 - 2013-08-10 13:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-09-11 23:42 - 2013-08-10 12:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-09-11 23:42 - 2013-08-10 12:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-11 19:03 - 2013-09-14 12:03 - 00000000 ____D C:\9be40971adaa2e3311cc2120

2013-09-11 17:22 - 2013-09-14 22:09 - 00000394 _____ C:\windows\Tasks\Lyrics-Fan Update.job

2013-09-11 17:22 - 2013-09-11 17:22 - 00003054 _____ C:\windows\System32\Tasks\Lyrics-Fan Update

2013-09-11 16:25 - 2013-09-14 12:03 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Strawberry.Shortcake.Movie.Skys.The.Limit.2009.DVDRip.XviD-DOCUMENT [NO-RAR] - [ www.torrentday.com ]

2013-09-11 15:54 - 2013-09-11 17:48 - 00000000 ____D C:\Users\Shane Saing\Downloads\BRATZ-THE.MOVIE.2007.DVDrip.Swesub.XviD.AC3-Mr_KeFF

2013-09-11 15:46 - 2013-09-14 12:03 - 00000000 ____D C:\Users\Shane Saing\Downloads\The Big Wedding[2013]BRRip XviD-ETRG

2013-09-11 11:27 - 2013-08-05 12:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys

2013-09-11 11:27 - 2013-08-02 12:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2013-09-11 11:27 - 2013-08-02 12:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2013-09-11 11:27 - 2013-08-02 12:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2013-09-11 11:27 - 2013-08-02 12:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2013-09-11 11:27 - 2013-08-02 12:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2013-09-11 11:27 - 2013-08-02 12:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2013-09-11 11:27 - 2013-08-02 12:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2013-09-11 11:27 - 2013-08-02 12:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2013-09-11 11:27 - 2013-08-02 12:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2013-09-11 11:27 - 2013-08-02 11:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2013-09-11 11:27 - 2013-08-02 11:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2013-09-11 11:27 - 2013-08-02 11:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2013-09-11 11:27 - 2013-08-02 11:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2013-09-11 11:27 - 2013-08-02 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2013-09-11 11:27 - 2013-08-02 10:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2013-09-11 11:27 - 2013-08-02 10:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2013-09-11 11:27 - 2013-08-02 10:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2013-09-11 11:27 - 2013-08-02 10:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2013-09-11 11:27 - 2013-08-02 10:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2013-09-11 11:27 - 2013-08-02 10:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 10:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 10:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 10:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-11 11:26 - 2013-08-08 11:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2013-09-11 11:26 - 2013-07-26 12:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2013-09-11 11:26 - 2013-07-26 12:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll

2013-09-11 11:26 - 2013-07-26 11:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2013-09-11 11:26 - 2013-07-26 11:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll

2013-09-05 18:24 - 2013-09-05 18:24 - 00000000 ____D C:\Users\Shane Saing\Downloads\World War Z[2013]UNRATED CUT BRRip XviD-ETRG

2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys

2013-09-02 13:52 - 2013-09-02 13:55 - 00000000 ____D C:\Users\Shane Saing\Downloads\Kick-Ass.2.2013.R6.HDRip.XviD-S4A

2013-08-29 14:29 - 2013-08-29 14:29 - 00796672 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll

2013-08-21 17:34 - 2013-08-21 17:34 - 00141496 _____ (Razer Inc) C:\windows\system32\Drivers\rzudd.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00033464 _____ (Razer Inc) C:\windows\system32\Drivers\rzdaendpt.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00030904 _____ (Razer Inc) C:\windows\system32\Drivers\rzvkeyboard.sys

2013-08-20 18:35 - 2013-08-20 18:35 - 00154112 _____ (Razer Inc) C:\windows\SysWOW64\rztouchdll.dll

2013-08-20 18:35 - 2013-08-20 18:35 - 00057344 _____ (Razer Inc) C:\windows\SysWOW64\rzdevinfo.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00296448 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00117248 _____ (Razer Inc) C:\windows\SysWOW64\rzdisplaydll.dll

2013-08-15 17:24 - 2013-08-15 17:25 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Smurfs.2.2013.CAM.READ.NFO.XViD-VAiN

2013-08-15 15:50 - 2013-07-09 15:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll

2013-08-15 15:50 - 2013-07-09 15:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2013-08-15 15:50 - 2013-07-09 15:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll

2013-08-15 15:50 - 2013-07-09 15:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll

2013-08-15 15:50 - 2013-07-09 14:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll

2013-08-15 15:50 - 2013-07-09 14:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll

2013-08-15 15:50 - 2013-07-09 14:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll

2013-08-15 15:50 - 2013-07-09 14:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll

2013-08-15 15:45 - 2013-07-25 19:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL

2013-08-15 15:45 - 2013-07-25 18:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL

2013-08-15 15:45 - 2013-07-19 11:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2013-08-15 15:45 - 2013-07-19 11:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2013-08-15 15:45 - 2013-07-09 15:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll

2013-08-15 15:45 - 2013-07-09 14:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll

2013-08-15 15:44 - 2013-07-06 16:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2013-08-15 15:44 - 2013-06-15 14:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

 

==================== One Month Modified Files and Folders =======

 

2013-09-14 22:17 - 2013-09-14 22:17 - 00000000 ____D C:\FRST

2013-09-14 22:16 - 2013-09-14 22:16 - 01950312 _____ (Farbar) C:\Users\Shane Saing\Downloads\FRST64.exe

2013-09-14 22:14 - 2012-03-06 15:47 - 01502362 _____ C:\windows\WindowsUpdate.log

2013-09-14 22:11 - 2012-04-08 18:56 - 00000000 ____D C:\Program Files (x86)\Steam

2013-09-14 22:10 - 2012-12-26 19:02 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-14 22:10 - 2011-05-12 04:11 - 00000000 ____D C:\ProgramData\PDFC

2013-09-14 22:10 - 2009-07-14 13:20 - 00000000 ____D C:\windows\tracing

2013-09-14 22:09 - 2013-09-13 18:36 - 00000894 _____ C:\windows\PFRO.log

2013-09-14 22:09 - 2013-09-13 18:06 - 00000392 _____ C:\windows\setupact.log

2013-09-14 22:09 - 2013-09-11 17:22 - 00000394 _____ C:\windows\Tasks\Lyrics-Fan Update.job

2013-09-14 22:09 - 2013-04-19 21:19 - 00065536 _____ C:\windows\system32\Ikeext.etl

2013-09-14 22:09 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-09-14 22:08 - 2013-09-14 22:06 - 00000000 ____D C:\AdwCleaner

2013-09-14 22:07 - 2009-07-14 14:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-14 22:07 - 2009-07-14 14:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-14 22:06 - 2013-09-14 22:05 - 01037278 _____ C:\Users\Shane Saing\Downloads\AdwCleaner.exe

2013-09-14 18:37 - 2012-06-04 22:56 - 00000000 ____D C:\ProgramData\MFAData

2013-09-14 18:35 - 2012-04-06 08:31 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2013-09-14 18:30 - 2012-12-26 19:02 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-14 18:15 - 2012-06-24 21:23 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\PMB Files

2013-09-14 18:15 - 2012-06-24 21:23 - 00000000 ____D C:\ProgramData\PMB Files

2013-09-14 17:18 - 2013-09-14 17:18 - 00031332 _____ C:\Users\Shane Saing\Desktop\dds.txt

2013-09-14 17:18 - 2013-09-14 17:18 - 00011745 _____ C:\Users\Shane Saing\Desktop\attach.txt

2013-09-14 17:08 - 2013-09-14 17:08 - 01440846 _____ C:\Users\Shane Saing\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-09-14 17:02 - 2013-09-14 17:02 - 00688992 ____R (Swearware) C:\Users\Shane Saing\Downloads\dds.com

2013-09-14 13:35 - 2012-04-06 08:31 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-09-14 13:35 - 2012-04-06 08:31 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-14 13:35 - 2012-04-06 08:31 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-09-14 13:31 - 2012-11-09 17:55 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\Windows Live

2013-09-14 12:03 - 2013-09-12 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-14 12:03 - 2013-09-11 19:03 - 00000000 ____D C:\9be40971adaa2e3311cc2120

2013-09-14 12:03 - 2013-09-11 16:25 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Strawberry.Shortcake.Movie.Skys.The.Limit.2009.DVDRip.XviD-DOCUMENT [NO-RAR] - [ www.torrentday.com ]

2013-09-14 12:03 - 2013-09-11 15:46 - 00000000 ____D C:\Users\Shane Saing\Downloads\The Big Wedding[2013]BRRip XviD-ETRG

2013-09-14 12:03 - 2013-08-09 18:11 - 00000000 ____D C:\Program Files\Greyhound Predictor v2

2013-09-14 12:03 - 2013-04-19 21:06 - 00000000 ____D C:\ProgramData\MobileBroadbandQuickStartService

2013-09-14 12:03 - 2013-02-06 04:48 - 00000000 ____D C:\Program Files (x86)\Citrix

2013-09-14 12:03 - 2012-09-10 08:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-14 12:03 - 2012-08-31 19:30 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2013-09-14 12:03 - 2012-05-21 17:32 - 00000000 ____D C:\ProgramData\Intel

2013-09-14 12:03 - 2012-04-06 08:31 - 00000000 ____D C:\windows\system32\Macromed

2013-09-14 12:03 - 2012-04-04 20:42 - 00000000 ___RD C:\Users\Shane Saing\Virtual Machines

2013-09-14 12:03 - 2012-04-04 20:42 - 00000000 ___RD C:\Users\Shane Saing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-14 12:03 - 2012-04-04 20:42 - 00000000 ___RD C:\Users\Shane Saing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-14 12:03 - 2011-05-12 04:27 - 00000000 ____D C:\ProgramData\Roxio

2013-09-14 12:03 - 2011-05-12 04:11 - 00000000 ____D C:\windows\SysWOW64\Macromed

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\zh-Hant

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\zh-Hans

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\ru

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\ja

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\it

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\fr

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\es

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\de

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\cs

2013-09-14 12:03 - 2011-05-12 03:58 - 00000000 ____D C:\windows\SysWOW64\ko

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\windows\SysWOW64\Recovery

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\windows\servicing

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\windows\AppCompat

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-09-14 12:02 - 2012-03-06 15:53 - 00000000 ____D C:\windows\SysWOW64\SDA

2013-09-14 12:02 - 2009-07-14 13:20 - 00000000 ____D C:\windows\registration

2013-09-14 12:00 - 2013-07-13 11:53 - 00000000 ____D C:\windows\system32\MRT

2013-09-14 11:59 - 2013-09-12 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-14 11:59 - 2012-08-14 22:20 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Skype

2013-09-14 11:59 - 2012-05-26 21:16 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\Facebook

2013-09-14 11:59 - 2012-05-07 07:58 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\Google

2013-09-14 11:58 - 2012-09-10 08:22 - 00000000 __RHD C:\MSOCache

2013-09-13 19:03 - 2012-09-10 08:17 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\SoftGrid Client

2013-09-13 18:55 - 2012-07-24 22:47 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Media Player Classic

2013-09-13 18:52 - 2013-02-03 20:40 - 00000000 ____D C:\Users\Shane Saing\Documents\Debts

2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 _____ C:\windows\SysWOW64\CN0BT2271J05JZ

2013-09-13 18:14 - 2013-07-09 11:21 - 00000925 _____ C:\Users\Public\Desktop\AVG 2013.lnk

2013-09-13 18:07 - 2013-09-13 18:06 - 00272792 _____ C:\windows\Minidump\091313-68000-01.dmp

2013-09-13 18:06 - 2013-09-13 18:06 - 00293904 _____ C:\windows\system32\FNTCACHE.DAT

2013-09-13 18:06 - 2013-09-13 18:06 - 00000000 _____ C:\windows\setuperr.log

2013-09-13 18:06 - 2012-05-12 17:19 - 00000000 ____D C:\windows\Minidump

2013-09-13 18:06 - 2012-04-04 20:32 - 00000000 ____D C:\Users\Shane Saing

2013-09-13 18:05 - 2013-09-13 18:05 - 388598166 _____ C:\windows\MEMORY.DMP

2013-09-12 20:43 - 2013-09-12 20:43 - 00058856 _____ C:\Users\Shane Saing\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-12 20:33 - 2013-09-12 20:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Shane Saing\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-12 20:33 - 2013-09-12 20:33 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-12 20:33 - 2013-09-12 20:33 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Malwarebytes

2013-09-12 20:31 - 2009-07-28 01:04 - 00000000 ____D C:\windows\Panther

2013-09-12 19:39 - 2009-07-14 15:13 - 00794188 _____ C:\windows\system32\PerfStringBackup.INI

2013-09-12 19:30 - 2011-05-12 04:21 - 00000000 ____D C:\ProgramData\Uninstall

2013-09-12 19:28 - 2011-05-12 04:21 - 00000000 ____D C:\ProgramData\Sonic

2013-09-12 19:26 - 2013-02-17 00:44 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Roxio Log Files

2013-09-12 19:25 - 2013-09-12 19:25 - 00000150 _____ C:\Delme.bat

2013-09-12 19:22 - 2012-05-23 11:48 - 00000000 ____D C:\Program Files (x86)\AlcorMicro

2013-09-12 19:22 - 2011-05-12 03:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-11 23:42 - 2011-05-12 03:38 - 00803736 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2013-09-11 22:14 - 2012-05-12 21:22 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\CrashDumps

2013-09-11 19:03 - 2012-04-06 08:21 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-09-11 17:48 - 2013-09-11 15:54 - 00000000 ____D C:\Users\Shane Saing\Downloads\BRATZ-THE.MOVIE.2007.DVDrip.Swesub.XviD.AC3-Mr_KeFF

2013-09-11 17:22 - 2013-09-11 17:22 - 00003054 _____ C:\windows\System32\Tasks\Lyrics-Fan Update

2013-09-10 21:22 - 2009-07-14 15:08 - 00032646 _____ C:\windows\Tasks\SCHEDLGU.TXT

2013-09-09 16:28 - 2012-05-07 00:45 - 00000540 _____ C:\Users\Shane Saing\Desktop\New Text Document (2).txt

2013-09-05 18:24 - 2013-09-05 18:24 - 00000000 ____D C:\Users\Shane Saing\Downloads\World War Z[2013]UNRATED CUT BRRip XviD-ETRG

2013-09-05 10:44 - 2012-12-26 19:13 - 00000000 ____D C:\Program Files\CCleaner

2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys

2013-09-02 13:55 - 2013-09-02 13:52 - 00000000 ____D C:\Users\Shane Saing\Downloads\Kick-Ass.2.2013.R6.HDRip.XviD-S4A

2013-08-31 21:38 - 2013-02-17 21:08 - 00000202 _____ C:\Users\Shane Saing\Desktop\GF8 Wagon.txt

2013-08-30 18:15 - 2012-04-05 18:15 - 00003228 _____ C:\windows\System32\Tasks\HPCeeScheduleForSHANESAING-HP$

2013-08-30 18:15 - 2012-04-05 18:15 - 00000352 _____ C:\windows\Tasks\HPCeeScheduleForSHANESAING-HP$.job

2013-08-29 23:27 - 2013-07-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-29 23:27 - 2012-09-19 18:22 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-08-29 14:29 - 2013-08-29 14:29 - 00796672 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll

2013-08-22 16:13 - 2012-10-01 21:46 - 00000000 ____D C:\Users\Shane Saing\Documents\acms stuff

2013-08-22 10:52 - 2012-05-05 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-21 17:34 - 2013-08-21 17:34 - 00141496 _____ (Razer Inc) C:\windows\system32\Drivers\rzudd.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00033464 _____ (Razer Inc) C:\windows\system32\Drivers\rzdaendpt.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00030904 _____ (Razer Inc) C:\windows\system32\Drivers\rzvkeyboard.sys

2013-08-20 18:35 - 2013-08-20 18:35 - 00154112 _____ (Razer Inc) C:\windows\SysWOW64\rztouchdll.dll

2013-08-20 18:35 - 2013-08-20 18:35 - 00057344 _____ (Razer Inc) C:\windows\SysWOW64\rzdevinfo.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00296448 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00117248 _____ (Razer Inc) C:\windows\SysWOW64\rzdisplaydll.dll

2013-08-16 16:22 - 2012-04-05 18:52 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2013-08-16 12:01 - 2012-04-05 04:29 - 00000000 ____D C:\windows\rescache

2013-08-15 17:25 - 2013-08-15 17:24 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Smurfs.2.2013.CAM.READ.NFO.XViD-VAiN
Link to post
Share on other sites

Some content of TEMP:

====================

C:\Users\Shane Saing\AppData\Local\Temp\Quarantine.exe

C:\Users\Shane Saing\AppData\Local\Temp\tbuTor.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-11 16:56

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2013 04

Ran by Shane Saing at 2013-09-14 22:18:21

Running from C:\Users\Shane Saing\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)

Adobe Reader X (10.1.8) (x32 Version: 10.1.8)

AVG 2013 (Version: 13.0.3222)

AVG 2013 (Version: 13.0.3408)

AVG 2013 (Version: 2013.0.3408)

BlackBerry Link (x32 Version: 1.1.0.37)

Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)

CCleaner (Version: 4.05)

Counter-Strike (x32)

Counter-Strike: Global Offensive (x32)

D3DX10 (x32 Version: 15.4.2368.0902)

Day of Defeat (x32)

Device Access Manager for HP ProtectTools (Version: 6.1.0.1)

DirectX 9 Runtime (x32 Version: 1.00.0000)

Dota 2 (x32)

Drive Encryption For HP ProtectTools (Version: 6.0.98.29476)

Embedded Security for HP ProtectTools (Version: 6.0.300.2731)

Energy Star Digital Logo (x32 Version: 1.0.1)

Face Recognition for HP ProtectTools (Version: 6.00.4407)

File Sanitizer For HP ProtectTools (x32 Version: 6.0.0.15)

Google Chrome (x32 Version: 29.0.1547.66)

Google Update Helper (x32 Version: 1.3.21.153)

Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)

HP 3D DriveGuard (Version: 4.1.16.1)

HP Auto (Version: 1.0.12494.3472)

HP Client Automation Agent Preload  (x32 Version: 7.5)

HP Connection Manager (x32 Version: 4.1.22.1)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP DayStarter (Version: 2.0.0.12)

HP Documentation (x32 Version: 1.1.0.0)

HP ESU for Microsoft Windows 7 (x32 Version: 2.0.6.1)

HP Hotkey Support (x32 Version: 4.5.9.1)

HP Officejet 6500 E710a-f Basic Device Software (Version: 28.0.1315.0)

HP Officejet 6500 E710a-f Help (x32 Version: 140.0.2.2)

HP Officejet 6500 E710a-f Product Improvement Study (Version: 28.0.1315.0)

HP Photo Creations (x32 Version: 1.0.0.9572)

HP Power Assistant (Version: 2.5.0.16)

HP ProtectTools Security Manager (Version: 6.08.1017)

HP QuickWeb (x32 Version: 3.0.3.9925)

HP Setup (x32 Version: 8.5.4526.3645)

HP SoftPaq Download Manager (x32 Version: 3.4.4.0)

HP Software Framework (x32 Version: 4.5.10.1)

HP Software Setup (x32 Version: 8.2.1.1)

HP Support Assistant (x32 Version: 6.1.12.1)

HP System Default Settings (x32 Version: 2.4.1.2)

HP Update (x32 Version: 5.005.000.002)

HP Wallpaper (x32 Version: 2.00)

HP Web Camera (Version: 1.0.0)

HP Webcam (x32 Version: 1.0.26.3)

HP Webcam Driver (x32 Version: 5.8.50058.0)

HPDiagnosticAlert (x32 Version: 1.00.0000)

I.R.I.S. OCR (x32 Version: 12.3.4.0)

IDT Audio (x32 Version: 1.0.6325.0)

Intel® Control Center (x32 Version: 1.2.1.1007)

Intel® Identity Protection Technology 1.0.71.0 (x32 Version: 1.0.71.0)

Intel® Management Engine Components (x32 Version: 7.0.0.1144)

Intel® Network Connections 17.1.55.0 (Version: 17.1.55.0)

Intel® Processor Graphics (x32 Version: 8.15.10.2291)

Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.0.0.0074)

Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

JavaFX 2.1.1 (x32 Version: 2.1.1)

Junk Mail filter update (x32 Version: 16.4.3505.0912)

K-Lite Codec Pack 9.1.0 (64-bit) (Version: 9.1.0)

K-Lite Mega Codec Pack 9.1.0 (x32 Version: 9.1.0)

League of Legends (x32 Version: 1.3)

LightScribe System Software (x32 Version: 1.18.15.1)

LSI HDA Modem (Version: 2.2.100)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MapleStory (x32)

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)

Microsoft .NET Framework 1.1 (x32)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)

Microsoft .NET Framework 4 Extended (Version: 4.0.30320)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Movie Maker (x32 Version: 16.4.3505.0912)

Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)

Mozilla Maintenance Service (x32 Version: 22.0)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

MyPC Backup  (Version: )

Nexon Game Manager (x32)

Pando Media Booster (x32 Version: 2.6.0.7)

PDF Complete Special Edition (x32 Version: 4.0.64)

Photo Gallery (x32 Version: 16.4.3505.0912)

Privacy Manager for HP ProtectTools (Version: 6.01.842)

Razer Synapse 2.0 (x32 Version: 1.13.1)

SDK (x32 Version: 2.30.042)

Skype Click to Call (x32 Version: 6.11.13348)

Skype™ 6.6 (x32 Version: 6.6.106)

Steam (x32 Version: 1.0.0.0)

Synaptics Pointing Device Driver (Version: 16.3.9.0)

System Requirements Lab for Intel (x32 Version: 4.5.5.0)

Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Validity Fingerprint Sensor Driver (Version: 4.3.216.0)

VIP Access SDK x64(1.0.0.50)  (x32 Version: 1.0.0.50)

Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

Vodafone QuickStart Uninstaller (x32 Version: 22.10.2.5011)

Windows Driver Package - ZTE Corporation (ZTEusbmdm6k) Modem  (01/22/2010 1.2059.0.10) (Version: 01/22/2010 1.2059.0.10)

Windows Driver Package - ZTE Corporation (ZTEusbnet) Net  (12/28/2009 2.1040.0.6) (Version: 12/28/2009 2.1040.0.6)

Windows Driver Package - ZTE Corporation (ZTEusbnmea) Ports  (01/22/2010 1.2059.0.10) (Version: 01/22/2010 1.2059.0.10)

Windows Driver Package - ZTE Corporation (ZTEusbser6k) Ports  (01/22/2010 1.2059.0.10) (Version: 01/22/2010 1.2059.0.10)

Windows Driver Package - ZTE Incorporated (massfilter) USB  (04/28/2008 1.0.0.2) (Version: 04/28/2008 1.0.0.2)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live Family Safety (Version: 16.4.3505.0912)

Windows Live Family Safety (x32 Version: 16.4.3505.0912)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Mail (x32 Version: 16.4.3505.0912)

Windows Live Messenger (x32 Version: 16.4.3505.0912)

Windows Live MIME IFilter (Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

Windows Live Writer (x32 Version: 16.4.3505.0912)

Windows Live Writer Resources (x32 Version: 16.4.3505.0912)

WinRAR 4.00 (64-bit) (Version: 4.00.0)

WinZip 16.0 (x32 Version: 16.0.9715)

World of Warcraft (x32 Version: 5.3.0.17128)

 

==================== Restore Points  =========================

 

11-09-2013 09:01:19 Windows Update

11-09-2013 13:41:30 Windows Update

12-09-2013 09:01:25 Restore Operation

12-09-2013 09:22:00 Removed Alcor Micro Smart Card Reader Driver

12-09-2013 09:22:42 Removed ArcSoft Webcam Sharing Manager.

12-09-2013 09:23:56 Removed e-tax 2013

12-09-2013 09:24:27 Removed Facebook Video Calling 1.2.0.287

12-09-2013 09:24:41 Removed Google AdWords Editor

12-09-2013 09:25:30 Removed I.R.I.S. OCR

12-09-2013 09:26:12 Removed LightScribe System Software.

12-09-2013 10:35:56 Restore Operation

 

==================== Hosts content: ==========================

 

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {01A08B6D-F25A-4FE9-87C2-9C5188074EC0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)

Task: {02B3281B-B438-4A7A-A810-8D795C4B17F9} - System32\Tasks\Lyrics-Fan Update => C:\Program Files (x86)\Lyrics_Fan\lrcsfans.exe

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started

Task: {06C80080-2A8C-4323-AA82-C1AFF04CB3F0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {0BECDE00-129B-4F82-AEC4-A17442DAE684} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {2D43C42D-35AD-46AF-A3AE-A210D3317821} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)

Task: {36C231F8-6066-416A-87F1-77B2478A0D10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)

Task: {3816F030-5747-4EFB-9198-4079058BBDED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)

Task: {3821A83F-6650-4E3F-8D7A-FBDE05700D33} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-22] (Piriform Ltd)

Task: {39D9AD95-7269-4871-B261-95D1CC8AFD6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)

Task: {8F6AC700-D800-4EAA-9E70-82DD5E575444} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {A2D4585E-C952-4DE1-A0EA-F5A7547B64AC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {BF350CD9-65A8-4201-B093-8A1D0494AED2} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

Task: {C1F8818B-DC7F-4933-B764-B6D746B7F1DA} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {C701AF85-AE6C-4094-8E2D-CD0D7608F74D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14] (Adobe Systems Incorporated)

Task: {CB7D5543-6F84-4CD5-8E29-C37B4B63BCB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)

Task: {E214AF40-98E3-427A-ADD6-52C6803E72D5} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)

Task: {EB3782E9-4EAF-4B5B-AE23-98F4EA32A3B5} - System32\Tasks\HPCeeScheduleForSHANESAING-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {EF1E0624-19C8-420E-9A40-12BAC7E358DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {FA1E0181-D7DC-4DF1-ABC4-CC6B1896A30D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\HPCeeScheduleForSHANESAING-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\windows\Tasks\Lyrics-Fan Update.job => C:\Program Files (x86)\Lyrics_Fan\lrcsfans.exe

Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-01-10 06:37 - 2012-11-23 13:13 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe

2012-02-24 16:39 - 2012-02-24 16:39 - 00846160 ____R (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpoFeedb.dll

2011-11-09 13:29 - 2011-11-09 13:29 - 00338256 ____R (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpoSet.dll

2012-04-06 13:16 - 2010-11-20 23:25 - 00464384 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe

2009-07-14 09:37 - 2009-07-14 11:39 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\Dwm.exe

2011-11-10 15:02 - 2011-11-10 15:02 - 00823632 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

2012-04-05 18:29 - 2011-02-25 16:19 - 02871808 _____ (Microsoft Corporation) C:\windows\Explorer.EXE

2012-11-09 17:56 - 2012-11-09 17:56 - 00244696 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

2012-11-09 17:56 - 2012-11-09 17:56 - 00661448 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll

2012-11-09 17:56 - 2012-11-09 17:56 - 00828872 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll

2012-02-08 12:44 - 2012-02-08 12:44 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

2013-01-20 20:04 - 2011-02-07 19:02 - 00391704 _____ (Intel Corporation) C:\Windows\System32\hkcmd.exe

2013-01-20 20:04 - 2011-01-27 12:22 - 00285696 _____ (Intel Corporation) C:\windows\system32\igfxrENU.lrc

2013-01-20 20:04 - 2011-02-07 19:03 - 00418328 _____ (Intel Corporation) C:\Windows\System32\igfxpers.exe

2011-01-27 12:11 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-02-04 13:56 - 2013-01-29 21:42 - 03011824 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2011-02-04 13:56 - 2013-01-29 21:42 - 01035504 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll

2013-01-29 21:42 - 2013-01-29 21:42 - 00229616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll

2013-01-20 20:03 - 2012-07-22 02:23 - 01424896 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

2013-01-20 20:03 - 2012-07-22 02:23 - 04227072 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang64.dll

2012-07-22 02:23 - 2012-07-22 02:23 - 00655872 _____ (IDT, Inc.) C:\windows\system32\stapi64.dll

2012-10-17 03:28 - 2012-10-17 03:28 - 02965096 _____ (TODO: <Company name>) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationUI.dll

2009-07-14 09:57 - 2009-07-14 11:39 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\RunDll32.exe

2009-07-14 09:56 - 2009-07-14 11:39 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\NOTEPAD.EXE

2012-07-22 02:25 - 2012-08-28 23:32 - 00113024 _____ (Hewlett-Packard Development Company L.P.) C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll

2012-07-22 02:25 - 2012-08-28 23:32 - 00093568 _____ (Hewlett-Packard Development Company L.P.) C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll

2012-03-14 10:28 - 2012-03-14 10:28 - 00015744 _____ ( ) C:\Program Files (x86)\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll

2013-01-17 16:08 - 2013-01-17 16:08 - 00267792 _____ (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

2013-04-26 07:42 - 2013-04-26 07:42 - 04265472 _____ (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe

2013-08-15 11:09 - 2013-08-15 11:09 - 00606040 _____ (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

2012-02-24 17:06 - 2012-02-24 17:06 - 00351600 _____ (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

2013-01-29 21:42 - 2013-01-29 21:42 - 00126704 _____ (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

2009-07-14 09:41 - 2009-07-14 11:14 - 00044544 _____ (Microsoft Corporation) C:\windows\SysWOW64\RunDll32.exe

2012-06-01 04:36 - 2012-06-01 04:36 - 00330104 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe

2013-05-06 17:59 - 2013-05-06 17:59 - 00777744 _____ (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe

2013-05-06 17:59 - 2013-05-06 17:59 - 00929296 _____ (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe

2012-07-22 02:25 - 2012-07-22 02:25 - 00312704 _____ (Hewlett-Packard Company) C:\windows\assembly\GAC_MSIL\HPCommon\2.5.0.16__89762bc6acc102f8\HPCommon.dll

2012-07-22 02:25 - 2012-07-22 02:25 - 00098688 _____ (Hewlett-Packard Company) C:\windows\assembly\GAC_MSIL\HardwareAccess\2.5.0.16__89762bc6acc102f8\HardwareAccess.dll

2012-03-14 14:10 - 2012-03-14 14:10 - 00007168 _____ ( ) C:\Program Files\Hewlett-Packard\HP Power Assistant\SDKCOMServerLib.dll

2012-07-22 02:25 - 2012-07-22 02:25 - 00046464 _____ (Hewlett-Packard Company) C:\windows\assembly\GAC_MSIL\Graphs\2.5.0.16__89762bc6acc102f8\Graphs.dll

2012-02-10 14:26 - 2012-02-10 14:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll

2012-05-11 01:05 - 2012-05-24 21:15 - 00877952 _____ (Hewlett-Packard Company) C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

2011-05-23 11:53 - 2011-05-23 11:53 - 00067128 _____ ( ) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\Interop.hpCMSrv.dll

2011-04-08 09:57 - 2011-04-08 09:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll

2011-04-08 09:57 - 2011-04-08 09:57 - 00174080 _____ (http://sqlite.phxsoftware.com) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.Linq.dll

2011-05-12 04:12 - 2012-03-09 11:22 - 00070960 _____ (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

2011-05-12 04:12 - 2012-03-09 11:22 - 00277296 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

2013-01-20 20:04 - 2011-02-07 19:02 - 00239128 _____ (Intel Corporation) C:\windows\system32\igfxext.exe

2013-01-20 20:04 - 2011-02-07 19:03 - 00509976 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe

2012-04-05 18:28 - 2011-05-04 15:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe

2013-09-14 22:16 - 2013-09-14 22:16 - 01950312 _____ (Farbar) C:\Users\Shane Saing\Downloads\FRST64.exe

2011-11-10 15:02 - 2011-11-10 15:02 - 00652624 ____R (DigitalPersona, Inc.) C:\windows\system32\DPFPApi.DLL

2011-11-10 15:02 - 2011-11-10 15:02 - 00378192 ____R (DigitalPersona, Inc.) C:\windows\system32\DPCLBACK.dll

2011-11-10 15:02 - 2011-11-10 15:02 - 00328528 ____R (DigitalPersona, Inc.) C:\windows\system32\DPSCEL.dll

2012-02-24 16:39 - 2012-02-24 16:39 - 01079120 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgentOtsPlugin.dll

2011-11-09 13:29 - 2011-11-09 13:29 - 00281424 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpoSet.dll

2012-02-24 16:39 - 2012-02-24 16:39 - 01702736 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpFillin.dll

2011-11-10 15:02 - 2011-11-10 15:02 - 00204624 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCms.dll

2011-11-09 13:29 - 2011-11-09 13:29 - 00265552 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpoPS.dll

2011-08-24 15:30 - 2011-08-24 15:30 - 00868688 ____R (DigitalPersona, Inc.) C:\windows\system32\DpLic.DLL

2012-02-24 16:39 - 2012-02-24 16:39 - 00691024 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOCache.dll

2011-05-09 13:35 - 2011-05-09 13:35 - 00955216 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\Privacy Manager Sign and Chat\Bin\DpPrivSuiteCfg.dll

2012-02-24 16:39 - 2012-02-24 16:39 - 00638800 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpoFeedb.dll

2012-02-24 16:39 - 2012-02-24 16:39 - 01824592 ____R (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPOnlineIDs.dll

2011-10-20 22:00 - 2011-10-20 22:00 - 00451920 _____ (Cogent Systems, Inc.) C:\Program Files (x86)\Hewlett-Packard\Face Recognition for HP ProtectTools\BSWPTPlugin.dll

2011-10-21 12:00 - 2011-10-21 12:00 - 00762192 _____ (Cogent Systems, Inc.) C:\windows\system32\CoBluetoothSDK.dll

2011-10-21 12:00 - 2011-10-21 12:00 - 00033104 _____ (Cogent Systems, Inc.) C:\windows\system32\CoBluetoothProvider.dll

2011-10-21 12:15 - 2011-10-21 12:15 - 00806736 _____ (Cogent Systems, Inc.) C:\windows\system32\SUPSDK.dll

2010-11-25 14:21 - 2010-11-25 14:21 - 04899328 _____ (Cogent Systems Inc.) C:\windows\system32\CgtFace_Dll.dll

2010-09-06 13:18 - 2010-09-06 13:18 - 00044544 _____ (Free Software Foundation) C:\windows\system32\intl.dll

2010-09-06 13:18 - 2010-09-06 13:18 - 00916992 _____ (Free Software Foundation) C:\windows\system32\iconv.dll

2011-10-21 12:01 - 2011-10-21 12:01 - 00036176 _____ (TODO: <Company name>) C:\windows\system32\OEMComponentProvider.dll

2010-09-06 13:18 - 2010-09-06 13:18 - 02792960 _____ (Apache Software Foundation) C:\windows\system32\xerces-c_3_0.dll

2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll

2011-10-21 12:14 - 2011-10-21 12:14 - 00515208 _____ (Cogent Systems, Inc.) C:\windows\system32\BSWSDK.dll

2011-10-21 12:14 - 2011-10-21 12:14 - 00189264 _____ (Cogent Systems, Inc.) C:\windows\system32\BSWAuthImp.dll

2011-10-21 12:14 - 2011-10-21 12:14 - 00095568 _____ (Cogent Systems, Inc.) C:\windows\system32\BSWComm.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 01904504 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\SpMgtShellPlugIn.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 04976640 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\en\IfxSpURs.dll.mui

2012-06-01 04:36 - 2012-06-01 04:36 - 00042496 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\en\IfxTRs.dll.mui

2012-06-01 04:36 - 2012-06-01 04:36 - 02556280 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxSpMgt.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 01706872 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxSpArc.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 00024952 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxSpMps.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 00963448 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTSP.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 00030072 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCSps.dll

2011-08-24 14:55 - 2011-08-24 14:55 - 00765776 ____R (DigitalPersona, Inc.) C:\windows\system32\DPFPApiUI.dll

2011-11-10 18:39 - 2011-11-10 18:39 - 01115472 ____R (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\DPAdminFVE.dll

2013-08-16 11:30 - 2013-08-16 11:30 - 00475648 _____ (Intel Corporation) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll

2013-07-12 17:59 - 2013-07-12 17:59 - 00014336 _____ (Intel Corp.) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll

2013-02-06 12:23 - 2013-02-06 12:23 - 00270336 _____ (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll

2013-04-26 07:24 - 2013-04-26 07:24 - 00051712 _____ (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\bbtun.dll

2013-08-28 20:22 - 2013-08-28 20:22 - 05897216 _____ (Razer Inc.) C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll

2013-08-15 11:08 - 2013-08-15 11:08 - 00070656 _____ (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzStorageIO.dll

2013-08-15 11:09 - 2013-08-15 11:09 - 00073728 _____ (Razer Inc) C:\Program Files (x86)\Razer\Synapse\RzEmilySettings.dll

2013-06-21 18:33 - 2013-06-21 18:33 - 00181760 _____ (Razer USA Ltd) C:\Program Files (x86)\Razer\Synapse\rzdetmgr.dll

2013-08-29 14:29 - 2013-08-29 14:29 - 00796672 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00296448 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll

2013-07-23 11:51 - 2013-07-23 11:51 - 00061440 _____ (Razer) C:\Program Files (x86)\Razer\Synapse\RazerProtocolDLL.dll

2013-08-20 18:35 - 2013-08-20 18:35 - 00057344 _____ (Razer Inc) C:\windows\SysWOW64\rzdevinfo.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 00225280 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\en\PsdRs.dll.mui

2012-06-01 04:36 - 2012-06-01 04:36 - 00723832 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\psd.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 00662016 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtpmcp.dll

2012-06-01 04:36 - 2012-06-01 04:36 - 00303992 _____ (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll

2013-05-06 17:59 - 2013-05-06 17:59 - 00419856 _____ (Research In Motion Limited) C:\Program Files (x86)\Research In Motion\BlackBerry Link\Rim.Desktop.AutoUpdate.UpgradeXMLParser.dll

2013-05-06 17:59 - 2013-05-06 17:59 - 00134672 _____ (Research In Motion Limited) C:\Program Files (x86)\Research In Motion\BlackBerry Link\Rim.Desktop.Services.Native.dll

2012-11-09 17:56 - 2012-11-09 17:56 - 00220632 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

2012-11-09 17:56 - 2012-11-09 17:56 - 00534480 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll

2012-11-09 17:56 - 2012-11-09 17:56 - 00862664 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll

2012-11-09 17:56 - 2012-11-09 17:56 - 00537560 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll

2012-11-09 17:56 - 2012-11-09 17:56 - 00038360 _____ (Microsoft Corporation) C:\Users\Shane Saing\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll

2013-09-08 15:49 - 2013-09-03 06:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll

2013-09-08 15:49 - 2013-09-03 06:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll

2013-09-08 15:49 - 2013-09-03 06:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll

2013-09-08 15:49 - 2013-09-03 06:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll

2013-09-08 15:49 - 2013-09-03 06:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

2011-05-12 04:12 - 2012-03-09 11:22 - 00342832 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\WrapI2C.dll

2011-05-12 04:12 - 2012-03-09 11:22 - 00105264 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\null.dll

2011-05-12 04:12 - 2012-03-09 11:22 - 00138032 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\smsc.dll

2011-05-12 04:12 - 2012-03-09 11:22 - 00252720 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv2.dll

2011-05-12 04:12 - 2012-03-09 11:22 - 00142128 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_intel.dll

2011-05-12 04:12 - 2012-03-09 11:22 - 00162608 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_ati2.dll

2012-07-22 02:26 - 2012-03-09 11:22 - 00117552 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv_legacy.dll

2013-09-08 15:49 - 2013-09-03 06:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) ==========

 

 

 

==================== Faulty Device Manager Devices =============

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/14/2013 06:53:43 PM) (Source: RIM MDNS) (User: )

Description: 608: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (09/14/2013 06:53:43 PM) (Source: RIM MDNS) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (09/13/2013 05:40:51 PM) (Source: System Restore) (User: )

Description: An unspecified error occurred during System Restore: (Windows Backup). Additional information: 0x80070005.

 

Error: (09/12/2013 08:52:30 PM) (Source: CVHSVC) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/12/2013 08:43:33 PM) (Source: System Restore) (User: )

Description: An unspecified error occurred during System Restore: (Removed LightScribe System Software.). Additional information: 0x80070005.

 

Error: (09/12/2013 07:42:20 PM) (Source: CVHSVC) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/12/2013 07:17:57 PM) (Source: System Restore) (User: )

Description: An unspecified error occurred during System Restore: (Windows Backup). Additional information: 0x80070005.

 

Error: (09/11/2013 09:49:54 PM) (Source: .NET Runtime) (User: )

Description: .NET Runtime version 4.0.30319.2012 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5128.  Message ID: [0x2509].

 

Error: (09/11/2013 09:41:26 PM) (Source: .NET Runtime) (User: )

Description: .NET Runtime version 4.0.30319.2012 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1460.  Message ID: [0x2509].

 

Error: (09/11/2013 09:41:20 PM) (Source: .NET Runtime) (User: )

Description: .NET Runtime version 4.0.30319.2012 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4900.  Message ID: [0x2509].

 

 

System errors:

=============

Error: (09/14/2013 10:12:20 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: The following fatal alert was received: 45.

 

Error: (09/14/2013 10:12:18 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: The following fatal alert was received: 45.

 

Error: (09/14/2013 10:10:36 PM) (Source: Service Control Manager) (User: )

Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 

%%1053

 

Error: (09/14/2013 10:10:36 PM) (Source: Service Control Manager) (User: )

Description: The Application Virtualization Client service failed to start due to the following error: 

%%1053

 

Error: (09/14/2013 10:10:36 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

 

Error: (09/14/2013 10:08:11 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error: 

%%5

 

Error: (09/14/2013 10:02:55 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: The following fatal alert was received: 45.

 

Error: (09/14/2013 10:02:55 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: The following fatal alert was received: 45.

 

Error: (09/14/2013 06:53:47 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error: 

%%5

 

Error: (09/14/2013 02:06:04 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error: 

%%5

 

 

Microsoft Office Sessions:

=========================

Error: (09/14/2013 06:53:43 PM) (Source: RIM MDNS)(User: )

Description: 608: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (09/14/2013 06:53:43 PM) (Source: RIM MDNS)(User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (09/13/2013 05:40:51 PM) (Source: System Restore)(User: )

Description: Windows Backup0x80070005

 

Error: (09/12/2013 08:52:30 PM) (Source: CVHSVC)(User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/12/2013 08:43:33 PM) (Source: System Restore)(User: )

Description: Removed LightScribe System Software.0x80070005

 

Error: (09/12/2013 07:42:20 PM) (Source: CVHSVC)(User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/12/2013 07:17:57 PM) (Source: System Restore)(User: )

Description: Windows Backup0x80070005

 

Error: (09/11/2013 09:49:54 PM) (Source: .NET Runtime)(User: )

Description: .NET Runtime version 4.0.30319.2012 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5128.  Message ID: [0x2509].

 

Error: (09/11/2013 09:41:26 PM) (Source: .NET Runtime)(User: )

Description: .NET Runtime version 4.0.30319.2012 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1460.  Message ID: [0x2509].

 

Error: (09/11/2013 09:41:20 PM) (Source: .NET Runtime)(User: )

Description: .NET Runtime version 4.0.30319.2012 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4900.  Message ID: [0x2509].

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-03-25 19:27:00.361

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:27:00.231

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:24:24.233

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:24:24.103

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:22:49.500

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_jubusenum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:22:49.360

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_jubusenum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:04:51.604

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_usbenumfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:04:51.474

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_usbenumfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:04:36.324

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_jubusenum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-25 19:04:36.184

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ew_jubusenum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 41%

Total physical RAM: 8102.36 MB

Available physical RAM: 4735.25 MB

Total Pagefile: 16202.89 MB

Available Pagefile: 12464.79 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:275.91 GB) (Free:90.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_RECOVERY) (Fixed) (Total:16.88 GB) (Free:2.56 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:0 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 15C4F2B4)

Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=276 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

If that happens again where you exceed forum character limits is easier if you attach the log.. OK do the following;

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

 

When the scan is complete

 

 

If threats were found

 

 

close program

 

copy and paste the report here

 

Post those logs, also give an update on current issues/concerns..

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.14.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Shane Saing :: SHANESAING-HP [administrator]

 

14/09/2013 11:47:35 PM

mbam-log-2013-09-14 (23-47-35).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222973

Time elapsed: 3 minute(s), 15 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

No Threats were found with Eset scanner. The computer is now running quicker than before and has no popups finally! Thank you so much Kevin.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04

Ran by Shane Saing (administrator) on SHANESAING-HP on 14-09-2013 23:45:59

Running from C:\Users\Shane Saing\Downloads

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe

(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe

(Intel Corporation) C:\windows\system32\IProsetMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

() C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe

(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel Corporation) C:\windows\system32\igfxext.exe

(Intel Corporation) C:\windows\system32\igfxsrvc.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()

HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-29] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-07-22] (IDT, Inc.)

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [HP Officejet 6500 E710a-f (NET)] - C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKCU\...\Run: [blackBerryLink.exe] - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [3786768 2013-05-06] (Research In Motion)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-29] (Valve Corporation)

MountPoints2: D - D:\AutoRun.exe

MountPoints2: {0bc1a21b-9525-11e2-ba67-100ba97b0f94} - D:\setup.exe

MountPoints2: {1af7290e-e926-11e1-9d7e-001e101f36d9} - D:\AutoRun.exe

MountPoints2: {1af72911-e926-11e1-9d7e-001e101f36d9} - D:\AutoRun.exe

MountPoints2: {22137ed1-8bb1-11e1-93e7-402cf4c44020} - "D:\WD SmartWare.exe" autoplay=true

MountPoints2: {4ee056a1-e781-11e1-93a4-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {4ee056b2-e781-11e1-93a4-ec9a74fbe712} - H:\AutoRun.exe

MountPoints2: {64967a06-a8e0-11e2-8d93-100ba97b0f94} - D:\setup_QuickStart.exe

MountPoints2: {792be350-817b-11e2-aa45-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {792be352-817b-11e2-aa45-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {96ccacbb-a7f8-11e2-9b59-001e101f21c1} - D:\setup_vmc_lite.exe /checkApplicationPresence

MountPoints2: {a3cd4776-8eaa-11e2-b59e-100ba97b0f94} - D:\setup.exe

MountPoints2: {acc45484-9e34-11e2-946e-806e6f6e6963} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe

MountPoints2: {b7e35f7c-09be-11e2-ab1d-100ba97b0f94} - D:\AutoRun.exe

MountPoints2: {b7e35f84-09be-11e2-ab1d-100ba97b0f94} - D:\AutoRun.exe

MountPoints2: {b80f6842-817e-11e2-a9fe-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {b80f6844-817e-11e2-a9fe-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {c3c5961d-e83e-11e1-9762-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {c3c5962f-e83e-11e1-9762-ec9a74fbe712} - H:\AutoRun.exe

MountPoints2: {c3c5965e-e83e-11e1-9762-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {c3c5966e-e83e-11e1-9762-ec9a74fbe712} - D:\AutoRun.exe

MountPoints2: {f8538b1d-78e6-11e2-bcde-402cf4c44020} - D:\AutoRun.exe

MountPoints2: {f8538b23-78e6-11e2-bcde-402cf4c44020} - D:\AutoRun.exe

HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-04] (Intel Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-27] (Intel Corporation)

HKLM-x32\...\Run: [File Sanitizer] - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)

HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)

HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2012-06-01] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [iFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1126264 2012-06-01] (Infineon Technologies AG)

HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4265472 2013-04-26] (Research In Motion Limited)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)

Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli

Startup: C:\Users\Shane Saing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710a-f (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710a-f (Network).lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\HPStatusBL.dll (Hewlett-Packard Co.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com.au/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKCU - {9B0F2E5B-2CA8-4D56-9D16-97150BF19C9A} URL = http://au.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms}

SearchScopes: HKCU - {E63C0A38-8290-4D17-A03C-BA6853769DA2} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYAU&apn_uid=617607ec-49b8-4006-9bde-7539043dae0b&apn_sauid=B5CA5ED9-2159-4AB9-9CA8-6D1AB20F922F

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU -  No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Shane Saing\AppData\Roaming\Mozilla\Firefox\Profiles\kmw7fp2d.default

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Shane Saing\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\

FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\

FF HKCU\...\Firefox\Extensions: [{66e2f9b0-1793-4097-b066-b683979829fc}] - C:\Program Files (x86)\Lyrics_Fan\133.xpi

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (ShipRush FedEx) - C:\Users\Shane Saing\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll (Z-Firm LLC)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Shane Saing\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (Google Drive) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Skype Click to Call) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Lexity Live) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomdglhpapfpbfooeapcficgfhoncc\1.1_0

CHR Extension: (Gmail) - C:\Users\SHANES~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [okkbcpjgdooahcefofhjdpacngfecaaa] - C:\Program Files (x86)\Lyrics_Fan\133.crx

 

==================== Services (Whitelisted) =================

 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)

R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)

S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)

R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-29] (Hewlett-Packard Company)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)

R2 HPSLPSVC; C:\Users\SHANES~1\AppData\Local\Temp\7zS56D6\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.)

R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1126264 2012-06-01] (Infineon Technologies AG)

R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980856 2012-06-01] (Infineon Technologies AG)

R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] ()

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)

R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203640 2012-06-01] (Infineon Technologies AG)

R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-04-26] (Apple Inc.)

R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1235456 2013-04-26] (Research In Motion Limited)

R2 Vodafone Mobile Broadband QuickStart; C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe [229216 2011-12-21] ()

 

==================== Drivers (Whitelisted) ====================

 

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-08] (Hewlett-Packard Company)

R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)

R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)

R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2012-06-01] (Infineon Technologies AG)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-08-20] (Razer Inc)

R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-08-20] (Razer Inc)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [x]

S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]

S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

S3 JMCR; system32\DRIVERS\jmcr.sys [x]

S3 johci; system32\DRIVERS\johci.sys [x]

S3 massfilter; system32\drivers\massfilter.sys [x]

S3 massfilter_lte; \??\C:\windows\system32\drivers\massfilter_lte.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-14 23:43 - 2013-09-14 23:43 - 00000639 _____ C:\Users\Shane Saing\Downloads\fixlist.txt

2013-09-14 22:18 - 2013-09-14 22:19 - 00044119 _____ C:\Users\Shane Saing\Downloads\Addition.txt

2013-09-14 22:17 - 2013-09-14 23:44 - 00000000 ____D C:\FRST

2013-09-14 22:16 - 2013-09-14 22:16 - 01950312 _____ (Farbar) C:\Users\Shane Saing\Downloads\FRST64.exe

2013-09-14 22:06 - 2013-09-14 22:08 - 00000000 ____D C:\AdwCleaner

2013-09-14 22:05 - 2013-09-14 22:06 - 01037278 _____ C:\Users\Shane Saing\Downloads\AdwCleaner.exe

2013-09-14 17:18 - 2013-09-14 17:18 - 00031332 _____ C:\Users\Shane Saing\Desktop\dds.txt

2013-09-14 17:18 - 2013-09-14 17:18 - 00011745 _____ C:\Users\Shane Saing\Desktop\attach.txt

2013-09-14 17:08 - 2013-09-14 17:08 - 01440846 _____ C:\Users\Shane Saing\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-09-14 17:02 - 2013-09-14 17:02 - 00688992 ____R (Swearware) C:\Users\Shane Saing\Downloads\dds.com

2013-09-13 18:36 - 2013-09-14 22:09 - 00000894 _____ C:\windows\PFRO.log

2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 _____ C:\windows\SysWOW64\CN0BT2271J05JZ

2013-09-13 18:06 - 2013-09-14 22:09 - 00000392 _____ C:\windows\setupact.log

2013-09-13 18:06 - 2013-09-13 18:07 - 00272792 _____ C:\windows\Minidump\091313-68000-01.dmp

2013-09-13 18:06 - 2013-09-13 18:06 - 00293904 _____ C:\windows\system32\FNTCACHE.DAT

2013-09-13 18:06 - 2013-09-13 18:06 - 00000000 _____ C:\windows\setuperr.log

2013-09-13 18:05 - 2013-09-13 18:05 - 388598166 _____ C:\windows\MEMORY.DMP

2013-09-12 20:43 - 2013-09-12 20:43 - 00058856 _____ C:\Users\Shane Saing\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-12 20:33 - 2013-09-14 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-12 20:33 - 2013-09-14 11:59 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-12 20:33 - 2013-09-12 20:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Shane Saing\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-12 20:33 - 2013-09-12 20:33 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-12 20:33 - 2013-09-12 20:33 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Malwarebytes

2013-09-12 20:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2013-09-12 19:25 - 2013-09-12 19:25 - 00000150 _____ C:\Delme.bat

2013-09-11 23:42 - 2013-08-10 15:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-09-11 23:42 - 2013-08-10 15:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-09-11 23:42 - 2013-08-10 15:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-09-11 23:42 - 2013-08-10 15:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-09-11 23:42 - 2013-08-10 15:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-09-11 23:42 - 2013-08-10 15:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-09-11 23:42 - 2013-08-10 15:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-09-11 23:42 - 2013-08-10 13:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-09-11 23:42 - 2013-08-10 13:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-09-11 23:42 - 2013-08-10 13:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-09-11 23:42 - 2013-08-10 13:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-09-11 23:42 - 2013-08-10 13:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-09-11 23:42 - 2013-08-10 12:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-09-11 23:42 - 2013-08-10 12:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-11 19:03 - 2013-09-14 12:03 - 00000000 ____D C:\9be40971adaa2e3311cc2120

2013-09-11 17:22 - 2013-09-14 22:09 - 00000394 _____ C:\windows\Tasks\Lyrics-Fan Update.job

2013-09-11 17:22 - 2013-09-11 17:22 - 00003054 _____ C:\windows\System32\Tasks\Lyrics-Fan Update

2013-09-11 16:25 - 2013-09-14 12:03 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Strawberry.Shortcake.Movie.Skys.The.Limit.2009.DVDRip.XviD-DOCUMENT [NO-RAR] - [ www.torrentday.com ]

2013-09-11 15:54 - 2013-09-11 17:48 - 00000000 ____D C:\Users\Shane Saing\Downloads\BRATZ-THE.MOVIE.2007.DVDrip.Swesub.XviD.AC3-Mr_KeFF

2013-09-11 15:46 - 2013-09-14 12:03 - 00000000 ____D C:\Users\Shane Saing\Downloads\The Big Wedding[2013]BRRip XviD-ETRG

2013-09-11 11:27 - 2013-08-05 12:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys

2013-09-11 11:27 - 2013-08-02 12:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2013-09-11 11:27 - 2013-08-02 12:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2013-09-11 11:27 - 2013-08-02 12:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2013-09-11 11:27 - 2013-08-02 12:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2013-09-11 11:27 - 2013-08-02 12:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2013-09-11 11:27 - 2013-08-02 12:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2013-09-11 11:27 - 2013-08-02 12:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2013-09-11 11:27 - 2013-08-02 12:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2013-09-11 11:27 - 2013-08-02 12:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 12:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2013-09-11 11:27 - 2013-08-02 11:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2013-09-11 11:27 - 2013-08-02 11:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2013-09-11 11:27 - 2013-08-02 11:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2013-09-11 11:27 - 2013-08-02 11:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2013-09-11 11:27 - 2013-08-02 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 11:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2013-09-11 11:27 - 2013-08-02 10:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2013-09-11 11:27 - 2013-08-02 10:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2013-09-11 11:27 - 2013-08-02 10:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2013-09-11 11:27 - 2013-08-02 10:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2013-09-11 11:27 - 2013-08-02 10:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2013-09-11 11:27 - 2013-08-02 10:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 10:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 10:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 11:27 - 2013-08-02 10:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-11 11:26 - 2013-08-08 11:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2013-09-11 11:26 - 2013-07-26 12:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2013-09-11 11:26 - 2013-07-26 12:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll

2013-09-11 11:26 - 2013-07-26 11:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2013-09-11 11:26 - 2013-07-26 11:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll

2013-09-05 18:24 - 2013-09-05 18:24 - 00000000 ____D C:\Users\Shane Saing\Downloads\World War Z[2013]UNRATED CUT BRRip XviD-ETRG

2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys

2013-09-02 13:52 - 2013-09-02 13:55 - 00000000 ____D C:\Users\Shane Saing\Downloads\Kick-Ass.2.2013.R6.HDRip.XviD-S4A

2013-08-29 14:29 - 2013-08-29 14:29 - 00796672 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll

2013-08-21 17:34 - 2013-08-21 17:34 - 00141496 _____ (Razer Inc) C:\windows\system32\Drivers\rzudd.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00033464 _____ (Razer Inc) C:\windows\system32\Drivers\rzdaendpt.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00030904 _____ (Razer Inc) C:\windows\system32\Drivers\rzvkeyboard.sys

2013-08-20 18:35 - 2013-08-20 18:35 - 00154112 _____ (Razer Inc) C:\windows\SysWOW64\rztouchdll.dll

2013-08-20 18:35 - 2013-08-20 18:35 - 00057344 _____ (Razer Inc) C:\windows\SysWOW64\rzdevinfo.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00296448 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00117248 _____ (Razer Inc) C:\windows\SysWOW64\rzdisplaydll.dll

2013-08-15 17:24 - 2013-08-15 17:25 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Smurfs.2.2013.CAM.READ.NFO.XViD-VAiN

2013-08-15 15:50 - 2013-07-09 15:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll

2013-08-15 15:50 - 2013-07-09 15:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2013-08-15 15:50 - 2013-07-09 15:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll

2013-08-15 15:50 - 2013-07-09 15:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll

2013-08-15 15:50 - 2013-07-09 14:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll

2013-08-15 15:50 - 2013-07-09 14:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll

2013-08-15 15:50 - 2013-07-09 14:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll

2013-08-15 15:50 - 2013-07-09 14:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll

2013-08-15 15:45 - 2013-07-25 19:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL

2013-08-15 15:45 - 2013-07-25 18:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL

2013-08-15 15:45 - 2013-07-19 11:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2013-08-15 15:45 - 2013-07-19 11:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2013-08-15 15:45 - 2013-07-09 15:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll

2013-08-15 15:45 - 2013-07-09 14:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll

2013-08-15 15:44 - 2013-07-06 16:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2013-08-15 15:44 - 2013-06-15 14:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

 

==================== One Month Modified Files and Folders =======

 

2013-09-14 23:44 - 2013-09-14 22:17 - 00000000 ____D C:\FRST

2013-09-14 23:43 - 2013-09-14 23:43 - 00000639 _____ C:\Users\Shane Saing\Downloads\fixlist.txt

2013-09-14 23:35 - 2012-04-06 08:31 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2013-09-14 23:30 - 2012-12-26 19:02 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-14 23:13 - 2012-06-24 21:23 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\PMB Files

2013-09-14 23:13 - 2012-06-24 21:23 - 00000000 ____D C:\ProgramData\PMB Files

2013-09-14 22:19 - 2013-09-14 22:18 - 00044119 _____ C:\Users\Shane Saing\Downloads\Addition.txt

2013-09-14 22:18 - 2009-07-14 14:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-14 22:18 - 2009-07-14 14:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-14 22:16 - 2013-09-14 22:16 - 01950312 _____ (Farbar) C:\Users\Shane Saing\Downloads\FRST64.exe

2013-09-14 22:14 - 2012-03-06 15:47 - 01502362 _____ C:\windows\WindowsUpdate.log

2013-09-14 22:11 - 2012-04-08 18:56 - 00000000 ____D C:\Program Files (x86)\Steam

2013-09-14 22:10 - 2012-12-26 19:02 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-14 22:10 - 2011-05-12 04:11 - 00000000 ____D C:\ProgramData\PDFC

2013-09-14 22:10 - 2009-07-14 13:20 - 00000000 ____D C:\windows\tracing

2013-09-14 22:09 - 2013-09-13 18:36 - 00000894 _____ C:\windows\PFRO.log

2013-09-14 22:09 - 2013-09-13 18:06 - 00000392 _____ C:\windows\setupact.log

2013-09-14 22:09 - 2013-09-11 17:22 - 00000394 _____ C:\windows\Tasks\Lyrics-Fan Update.job

2013-09-14 22:09 - 2013-04-19 21:19 - 00065536 _____ C:\windows\system32\Ikeext.etl

2013-09-14 22:09 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-09-14 22:08 - 2013-09-14 22:06 - 00000000 ____D C:\AdwCleaner

2013-09-14 22:06 - 2013-09-14 22:05 - 01037278 _____ C:\Users\Shane Saing\Downloads\AdwCleaner.exe

2013-09-14 18:37 - 2012-06-04 22:56 - 00000000 ____D C:\ProgramData\MFAData

2013-09-14 17:18 - 2013-09-14 17:18 - 00031332 _____ C:\Users\Shane Saing\Desktop\dds.txt

2013-09-14 17:18 - 2013-09-14 17:18 - 00011745 _____ C:\Users\Shane Saing\Desktop\attach.txt

2013-09-14 17:08 - 2013-09-14 17:08 - 01440846 _____ C:\Users\Shane Saing\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-09-14 17:02 - 2013-09-14 17:02 - 00688992 ____R (Swearware) C:\Users\Shane Saing\Downloads\dds.com

2013-09-14 13:35 - 2012-04-06 08:31 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-09-14 13:35 - 2012-04-06 08:31 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-14 13:35 - 2012-04-06 08:31 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-09-14 13:31 - 2012-11-09 17:55 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\Windows Live

2013-09-14 12:03 - 2013-09-12 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-14 12:03 - 2013-09-11 19:03 - 00000000 ____D C:\9be40971adaa2e3311cc2120

2013-09-14 12:03 - 2013-09-11 16:25 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Strawberry.Shortcake.Movie.Skys.The.Limit.2009.DVDRip.XviD-DOCUMENT [NO-RAR] - [ www.torrentday.com ]

2013-09-14 12:03 - 2013-09-11 15:46 - 00000000 ____D C:\Users\Shane Saing\Downloads\The Big Wedding[2013]BRRip XviD-ETRG

2013-09-14 12:03 - 2013-08-09 18:11 - 00000000 ____D C:\Program Files\Greyhound Predictor v2

2013-09-14 12:03 - 2013-04-19 21:06 - 00000000 ____D C:\ProgramData\MobileBroadbandQuickStartService

2013-09-14 12:03 - 2013-02-06 04:48 - 00000000 ____D C:\Program Files (x86)\Citrix

2013-09-14 12:03 - 2012-09-10 08:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-14 12:03 - 2012-08-31 19:30 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2013-09-14 12:03 - 2012-05-21 17:32 - 00000000 ____D C:\ProgramData\Intel

2013-09-14 12:03 - 2012-04-06 08:31 - 00000000 ____D C:\windows\system32\Macromed

2013-09-14 12:03 - 2012-04-04 20:42 - 00000000 ___RD C:\Users\Shane Saing\Virtual Machines

2013-09-14 12:03 - 2012-04-04 20:42 - 00000000 ___RD C:\Users\Shane Saing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-14 12:03 - 2012-04-04 20:42 - 00000000 ___RD C:\Users\Shane Saing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-14 12:03 - 2011-05-12 04:27 - 00000000 ____D C:\ProgramData\Roxio

2013-09-14 12:03 - 2011-05-12 04:11 - 00000000 ____D C:\windows\SysWOW64\Macromed

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\zh-Hant

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\zh-Hans

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\ru

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\ja

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\it

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\fr

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\es

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\de

2013-09-14 12:03 - 2011-05-12 04:06 - 00000000 ____D C:\windows\SysWOW64\cs

2013-09-14 12:03 - 2011-05-12 03:58 - 00000000 ____D C:\windows\SysWOW64\ko

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\windows\SysWOW64\Recovery

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\windows\servicing

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\windows\AppCompat

2013-09-14 12:03 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-09-14 12:02 - 2012-03-06 15:53 - 00000000 ____D C:\windows\SysWOW64\SDA

2013-09-14 12:02 - 2009-07-14 13:20 - 00000000 ____D C:\windows\registration

2013-09-14 12:00 - 2013-07-13 11:53 - 00000000 ____D C:\windows\system32\MRT

2013-09-14 11:59 - 2013-09-12 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-14 11:59 - 2012-08-14 22:20 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Skype

2013-09-14 11:59 - 2012-05-26 21:16 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\Facebook

2013-09-14 11:59 - 2012-05-07 07:58 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\Google

2013-09-14 11:58 - 2012-09-10 08:22 - 00000000 __RHD C:\MSOCache

2013-09-13 19:03 - 2012-09-10 08:17 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\SoftGrid Client

2013-09-13 18:55 - 2012-07-24 22:47 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Media Player Classic

2013-09-13 18:52 - 2013-02-03 20:40 - 00000000 ____D C:\Users\Shane Saing\Documents\Debts

2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 _____ C:\windows\SysWOW64\CN0BT2271J05JZ

2013-09-13 18:14 - 2013-07-09 11:21 - 00000925 _____ C:\Users\Public\Desktop\AVG 2013.lnk

2013-09-13 18:07 - 2013-09-13 18:06 - 00272792 _____ C:\windows\Minidump\091313-68000-01.dmp

2013-09-13 18:06 - 2013-09-13 18:06 - 00293904 _____ C:\windows\system32\FNTCACHE.DAT

2013-09-13 18:06 - 2013-09-13 18:06 - 00000000 _____ C:\windows\setuperr.log

2013-09-13 18:06 - 2012-05-12 17:19 - 00000000 ____D C:\windows\Minidump

2013-09-13 18:06 - 2012-04-04 20:32 - 00000000 ____D C:\Users\Shane Saing

2013-09-13 18:05 - 2013-09-13 18:05 - 388598166 _____ C:\windows\MEMORY.DMP

2013-09-12 20:43 - 2013-09-12 20:43 - 00058856 _____ C:\Users\Shane Saing\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-12 20:33 - 2013-09-12 20:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Shane Saing\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-12 20:33 - 2013-09-12 20:33 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-12 20:33 - 2013-09-12 20:33 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Malwarebytes

2013-09-12 20:31 - 2009-07-28 01:04 - 00000000 ____D C:\windows\Panther

2013-09-12 19:39 - 2009-07-14 15:13 - 00794188 _____ C:\windows\system32\PerfStringBackup.INI

2013-09-12 19:30 - 2011-05-12 04:21 - 00000000 ____D C:\ProgramData\Uninstall

2013-09-12 19:28 - 2011-05-12 04:21 - 00000000 ____D C:\ProgramData\Sonic

2013-09-12 19:26 - 2013-02-17 00:44 - 00000000 ____D C:\Users\Shane Saing\AppData\Roaming\Roxio Log Files

2013-09-12 19:25 - 2013-09-12 19:25 - 00000150 _____ C:\Delme.bat

2013-09-12 19:22 - 2012-05-23 11:48 - 00000000 ____D C:\Program Files (x86)\AlcorMicro

2013-09-12 19:22 - 2011-05-12 03:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-11 23:42 - 2011-05-12 03:38 - 00803736 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2013-09-11 22:14 - 2012-05-12 21:22 - 00000000 ____D C:\Users\Shane Saing\AppData\Local\CrashDumps

2013-09-11 19:03 - 2012-04-06 08:21 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-09-11 17:48 - 2013-09-11 15:54 - 00000000 ____D C:\Users\Shane Saing\Downloads\BRATZ-THE.MOVIE.2007.DVDrip.Swesub.XviD.AC3-Mr_KeFF

2013-09-11 17:22 - 2013-09-11 17:22 - 00003054 _____ C:\windows\System32\Tasks\Lyrics-Fan Update

2013-09-10 21:22 - 2009-07-14 15:08 - 00032646 _____ C:\windows\Tasks\SCHEDLGU.TXT

2013-09-09 16:28 - 2012-05-07 00:45 - 00000540 _____ C:\Users\Shane Saing\Desktop\New Text Document (2).txt

2013-09-05 18:24 - 2013-09-05 18:24 - 00000000 ____D C:\Users\Shane Saing\Downloads\World War Z[2013]UNRATED CUT BRRip XviD-ETRG

2013-09-05 10:44 - 2012-12-26 19:13 - 00000000 ____D C:\Program Files\CCleaner

2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys

2013-09-02 13:55 - 2013-09-02 13:52 - 00000000 ____D C:\Users\Shane Saing\Downloads\Kick-Ass.2.2013.R6.HDRip.XviD-S4A

2013-08-31 21:38 - 2013-02-17 21:08 - 00000202 _____ C:\Users\Shane Saing\Desktop\GF8 Wagon.txt

2013-08-30 18:15 - 2012-04-05 18:15 - 00003228 _____ C:\windows\System32\Tasks\HPCeeScheduleForSHANESAING-HP$

2013-08-30 18:15 - 2012-04-05 18:15 - 00000352 _____ C:\windows\Tasks\HPCeeScheduleForSHANESAING-HP$.job

2013-08-29 23:27 - 2013-07-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-29 23:27 - 2012-09-19 18:22 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-08-29 14:29 - 2013-08-29 14:29 - 00796672 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll

2013-08-22 16:13 - 2012-10-01 21:46 - 00000000 ____D C:\Users\Shane Saing\Documents\acms stuff

2013-08-22 10:52 - 2012-05-05 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-21 17:34 - 2013-08-21 17:34 - 00141496 _____ (Razer Inc) C:\windows\system32\Drivers\rzudd.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00033464 _____ (Razer Inc) C:\windows\system32\Drivers\rzdaendpt.sys

2013-08-20 18:41 - 2013-08-20 18:41 - 00030904 _____ (Razer Inc) C:\windows\system32\Drivers\rzvkeyboard.sys

2013-08-20 18:35 - 2013-08-20 18:35 - 00154112 _____ (Razer Inc) C:\windows\SysWOW64\rztouchdll.dll

2013-08-20 18:35 - 2013-08-20 18:35 - 00057344 _____ (Razer Inc) C:\windows\SysWOW64\rzdevinfo.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00296448 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll

2013-08-20 18:34 - 2013-08-20 18:34 - 00117248 _____ (Razer Inc) C:\windows\SysWOW64\rzdisplaydll.dll

2013-08-16 16:22 - 2012-04-05 18:52 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2013-08-16 12:01 - 2012-04-05 04:29 - 00000000 ____D C:\windows\rescache

2013-08-15 17:25 - 2013-08-15 17:24 - 00000000 ____D C:\Users\Shane Saing\Downloads\The.Smurfs.2.2013.CAM.READ.NFO.XViD-VAiN

 

Some content of TEMP:

====================

C:\Users\Shane Saing\AppData\Local\Temp\Quarantine.exe

C:\Users\Shane Saing\AppData\Local\Temp\tbuTor.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-11 16:56

 

==================== End Of Log ============================

Link to post
Share on other sites

Sorry! This should be it,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-09-2013 04
Ran by Shane Saing at 2013-09-14 23:46:37 Run:1
Running from C:\Users\Shane Saing\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
C:\Users\Shane Saing\AppData\Local\Temp\Quarantine.exe
C:\Users\Shane Saing\AppData\Local\Temp\tbuTor.dll
End
 
*****************
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E63C0A38-8290-4D17-A03C-BA6853769DA2} => Key deleted successfully.
HKCR\CLSID\{E63C0A38-8290-4D17-A03C-BA6853769DA2} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => Value deleted successfully.
HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
C:\Users\Shane Saing\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Shane Saing\AppData\Local\Temp\tbuTor.dll => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Excellent, thank you for log. OK continue:

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Filesipconfig /flushdns /cC:\Users\Shane Saing\Downloads\FRST64.exeC:\Users\Shane Saing\Desktop\dds.txtC:\Users\Shane Saing\Desktop\attach.txtC:\Users\Shane Saing\Downloads\dds.comC:\FRST:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post logs from OTM and Security Checks, hopefully we can complete and close out after this......

 

Kevin.... :)

Link to post
Share on other sites

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Shane Saing\Desktop\cmd.bat deleted successfully.

C:\Users\Shane Saing\Desktop\cmd.txt deleted successfully.

C:\Users\Shane Saing\Downloads\FRST64.exe moved successfully.

C:\Users\Shane Saing\Desktop\dds.txt moved successfully.

C:\Users\Shane Saing\Desktop\attach.txt moved successfully.

C:\Users\Shane Saing\Downloads\dds.com moved successfully.

C:\FRST\Quarantine folder moved successfully.

C:\FRST\Logs folder moved successfully.

C:\FRST\Hives\Users\00000002 folder moved successfully.

C:\FRST\Hives\Users\00000001 folder moved successfully.

C:\FRST\Hives\Users folder moved successfully.

C:\FRST\Hives folder moved successfully.

C:\FRST folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Shane Saing

->Temp folder emptied: 197539284 bytes

->Temporary Internet Files folder emptied: 11746659 bytes

->Java cache emptied: 908449 bytes

->FireFox cache emptied: 27442788 bytes

->Google Chrome cache emptied: 365984514 bytes

->Flash cache emptied: 1071 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 799232 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 627362 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5965762 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46378992 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 627.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 09162013_155245

 

Files moved on Reboot...

C:\Users\Shane Saing\AppData\Local\Temp\7zS56D6\HPSLPSVC64.DLL moved successfully.

C:\Users\Shane Saing\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\windows\temp\FXSAPIDebugLogFile.txt moved successfully.

C:\windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus Free Edition 2013   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 7 Update 25  

 Adobe Flash Player 11.8.800.168  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox 22.0 Firefox out of Date!  

 Google Chrome 29.0.1547.62  

 Google Chrome 29.0.1547.66  

````````Process Check: objlist.exe by Laurent````````  

 AVG avgwdsvc.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Thanks for the logs, continue:

 


Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for McAfee security scanner if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Let me know if those steps complete ok, if no issues you should be good to go,

here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.