Jump to content

svchost.exe infection Win32.User added


Recommended Posts

I recently started receiving a threat identified window from my anti-virus software that states "svchost.exe in c:\windows\system32.....Win32.User added." I've tried many times to remove the virus, but have failed everytime. I have done a scan with MBAR, frst, and adwcleaner and have all the logs for each.

* I am using Windows 7 Home Premium 64-Bit Operating System.  

Symptoms:

I've noticed since this started is connection failure, troubleshooter for anything failure, slow startup, internet explorer doesn't work(page does not display)

Link to post
Share on other sites

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Post those logs you mention in next reply...

 

Thank you,

 

Kevin

Link to post
Share on other sites

Here is the lMalwarebytes Anti-Rootkit BETA 1.07.0.1009

www.malwarebytes.org

Database version: v2014.04.17.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17041

Owner :: GERARDOS [administrator]

4/17/2014 1:42:39 PM

mbar-log-2014-04-17 (13-42-39).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.

Objects scanned: 293619

Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 6

HKLM\SOFTWARE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Delete on reboot.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

og for the Initial scan using mbar:

Link to post
Share on other sites

Following that I did another scan:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

www.malwarebytes.org

Database version: v2014.04.17.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17041

Owner :: GERARDOS [administrator]

4/17/2014 5:07:10 PM

mbar-log-2014-04-17 (17-07-10).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.

Objects scanned: 294536

Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Here is the FRST64 Log 1 of 2:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01

Ran by SYSTEM on MININT-U2CJMCH on 18-04-2014 03:22:12

Running from J:\Frst

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [shwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)

HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)

HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [instaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)

HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [766040 2014-04-13] (Webroot)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoViewOnDrive] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

HKLM\...\Policies\Explorer: [NoShellSearchButton] 0

HKLM\...\Policies\Explorer: [NoFind] 0

HKLM\...\Policies\Explorer: [NoFile] 0

HKLM\...\Policies\Explorer: [HideClock] 0

HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0

HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKLM\...\Policies\Explorer: [NoSetFolders] 0

HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKLM\...\Policies\Explorer: [NoSetTaskbar] 0

HKLM\...\Policies\Explorer: [NoDeletePrinter] 0

HKLM\...\Policies\Explorer: [NoDFSTab] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKLM\...\Policies\Explorer: [NoLogoff] 0

HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0

HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0

HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKLM\...\Policies\Explorer: [NoResolveSearch] 0

HKLM\...\Policies\Explorer: [NoSaveSettings] 0

HKLM\...\Policies\Explorer: [NoHardwareTab] 0

HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKLM\...\Policies\Explorer: [NoDesktop] 0

HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\Owner\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-01] (DT Soft Ltd)

HKU\Owner\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup

HKU\Owner\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-09] (Electronic Arts)

HKU\Owner\...\Policies\system: [DisableCMD] 0

HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0

HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0

HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0

HKU\Owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\Owner\...\Policies\Explorer: [NoFolderOptions] 0

HKU\Owner\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\Owner\...\Policies\Explorer: [NoControlPanel] 0

HKU\Owner\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\Owner\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\Owner\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\Owner\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\Owner\...\Policies\Explorer: [NoFind] 0

HKU\Owner\...\Policies\Explorer: [NoFile] 0

HKU\Owner\...\Policies\Explorer: [HideClock] 0

HKU\Owner\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\Owner\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\Owner\...\Policies\Explorer: [NoSetFolders] 0

HKU\Owner\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\Owner\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\Owner\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\Owner\...\Policies\Explorer: [NoDFSTab] 0

HKU\Owner\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\Owner\...\Policies\Explorer: [NoLogoff] 0

HKU\Owner\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\Owner\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\Owner\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\Owner\...\Policies\Explorer: [NoResolveSearch] 0

HKU\Owner\...\Policies\Explorer: [NoSaveSettings] 0

HKU\Owner\...\Policies\Explorer: [NoHardwareTab] 0

HKU\Owner\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-01] (DT Soft Ltd)

HKU\UpdatusUser\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup

HKU\UpdatusUser\...\Run: [Media Finder] => "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray

HKU\UpdatusUser\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-09] (Electronic Arts)

HKU\UpdatusUser\...\Policies\system: [DisableCMD] 0

HKU\UpdatusUser\...\Policies\system: [NoDispAppearancePage] 0

HKU\UpdatusUser\...\Policies\system: [NoDispBackgroundPage] 0

HKU\UpdatusUser\...\Policies\system: [NoDispSettingsPage] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\UpdatusUser\...\Policies\Explorer: [NoFolderOptions] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoControlPanel] 0

HKU\UpdatusUser\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\UpdatusUser\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\UpdatusUser\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\UpdatusUser\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoFind] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoFile] 0

HKU\UpdatusUser\...\Policies\Explorer: [HideClock] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoSetFolders] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoDFSTab] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoLogoff] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoResolveSearch] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoSaveSettings] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoHardwareTab] 0

HKU\UpdatusUser\...\Policies\Explorer: [NoStartMenuSubFolders] 0

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)

S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] ()

S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)

S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()

S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-21] ()

S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [766040 2014-04-13] (Webroot)

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-11-07] (DT Soft Ltd)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-08-05] (LeapFrog)

S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-11-07] (Duplex Secure Ltd.)

S2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)

S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-04-13] (Webroot)

S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]

S3 motccgp; system32\DRIVERS\motccgp.sys [X]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

S3 MotDev; system32\DRIVERS\motodrv.sys [X]

S3 motmodem; system32\DRIVERS\motmodem.sys [X]

S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]

S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]

S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

S0 SR;

S2 srservice;

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bcmwl664.sys 8B5D16D20774FC3727F44E161BE2C0AC

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B

C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys BFBE9220934B215AA46CDCBB6B6A1F73

C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit

C:\Windows\system32\drivers\BVRPMPR5a64.SYS 9887CA12F407D7FBC7F48F3678F5F0B6

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706

C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36

C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52

C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\FlyUsb.sys 6CD6BB45BD3E0EEF6CE496BF52854FF1

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0

C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\System32\DRIVERS\igdkmd64.sys 371D7F91C0D2314EB984A4A6CBEABC92

C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9

C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914

C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6

C:\Windows\System32\DRIVERS\k57nd60a.sys 12E27942DBB7C91880163634B0D8A776

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64

C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\LVPr2M64.sys B3944D06EB4B64D57BD7E5FE89415F58

C:\Windows\System32\DRIVERS\LVPr2M64.sys B3944D06EB4B64D57BD7E5FE89415F58

C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860

C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8

C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\MijXfilt.sys C030F9E822A057C1A7A9BB4EA3E8877E

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\System32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC

C:\Windows\System32\DRIVERS\nvlddmkm.sys 9B93CC9C70EDE60A9C486E7719DB9E8D

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1

C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34

C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09

C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C

C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C

C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3

C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\Drivers\sptd.sys A6CFF1AF7664627A296B6A0A96CF876E

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\sxuptp.sys 52EB25BD8AB4E331028C48B178441B36

C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09

C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit

C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240

C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2

C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A

C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31

C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965

C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA

C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3

C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\System32\drivers\WRkrn.sys D1CCA131959907540E3D577D2B1324C6

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================

Link to post
Share on other sites

Here is FRST64 log 2 of 2:

==================== One Month Created Files and Folders ========

2014-04-18 03:21 - 2014-04-18 03:22 - 00000000 ____D () C:\FRST

2014-04-17 12:41 - 2014-04-17 12:44 - 00000000 ____D () C:\AdwCleaner

2014-04-17 12:12 - 2014-04-17 12:12 - 02158592 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-04-17 11:46 - 2014-04-17 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-17 11:26 - 2014-04-17 11:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\535D121D.sys

2014-04-17 09:36 - 2014-04-17 09:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\29927C0C.sys

2014-04-17 00:28 - 2014-04-17 00:28 - 01426178 _____ () C:\Users\Owner\Desktop\adwcleaner.exe

2014-04-17 00:23 - 2014-04-17 00:23 - 00000058 _____ () C:\Users\Owner\Desktop\lll.txt

2014-04-17 00:08 - 2014-04-17 13:07 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-04-17 00:08 - 2014-04-17 00:08 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-17 00:06 - 2014-04-17 13:21 - 00000000 ____D () C:\Users\Owner\Desktop\mbar

2014-04-17 00:06 - 2014-04-17 13:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-04-17 00:06 - 2014-04-17 00:07 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-17 00:06 - 2014-04-17 00:06 - 00000000 ____D () C:\Windows\erdnt

2014-04-16 14:27 - 2014-01-08 18:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-16 14:27 - 2014-01-03 14:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2014-04-14 20:09 - 2014-04-14 20:09 - 00000000 ____D () C:\Users\Owner\Desktop\Adolfo Tax 2013

2014-04-13 13:11 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys

2014-04-13 13:11 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2014-04-13 13:11 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2014-04-13 13:11 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll

2014-04-13 13:11 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll

2014-04-13 13:11 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2014-04-13 13:11 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll

2014-04-13 13:11 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll

2014-04-13 13:11 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-04-13 13:11 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-04-13 13:11 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2014-04-13 13:11 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe

2014-04-13 13:11 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-04-13 13:11 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe

2014-04-13 13:11 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-04-13 13:11 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-04-13 13:11 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll

2014-04-13 13:11 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys

2014-04-13 13:11 - 2012-08-23 05:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll

2014-04-13 13:11 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2014-04-13 13:11 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll

2014-04-13 13:11 - 2012-08-23 01:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2014-04-13 13:10 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll

2014-04-13 13:10 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-04-13 13:10 - 2012-03-14 01:00 - 00385024 _____ (CANON INC.) C:\Windows\System32\SET5D4C.tmp

2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList

2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList

2014-04-11 23:01 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-04-11 23:01 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-11 23:00 - 2014-03-06 02:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-04-11 23:00 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-04-11 23:00 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2014-04-11 23:00 - 2014-03-06 01:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-11 23:00 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2014-04-11 23:00 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-04-11 23:00 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2014-04-11 23:00 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-04-11 23:00 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-04-11 23:00 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2014-04-11 23:00 - 2014-03-06 00:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-11 23:00 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-04-11 23:00 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2014-04-11 23:00 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2014-04-11 23:00 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2014-04-11 23:00 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-04-11 23:00 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-04-11 23:00 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2014-04-11 23:00 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-11 23:00 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-11 23:00 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-11 23:00 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-04-11 23:00 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2014-04-11 23:00 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-11 23:00 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-11 23:00 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-11 23:00 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-11 23:00 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-04-11 23:00 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-11 23:00 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-11 23:00 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-11 23:00 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-04-11 23:00 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-11 23:00 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-04-11 23:00 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-11 23:00 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-11 23:00 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-04-11 23:00 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-11 23:00 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-11 23:00 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-11 23:00 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-04-11 23:00 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-04-11 23:00 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2014-04-11 23:00 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-11 23:00 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-11 23:00 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-08 18:41 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2014-04-08 18:41 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2014-04-08 18:41 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2014-04-08 18:41 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2014-04-08 18:41 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2014-04-08 18:41 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-08 18:41 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 18:41 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-08 18:41 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-08 18:41 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-08 18:41 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-08 18:41 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys

2014-04-08 18:41 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys

2014-04-08 18:41 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys

2014-04-08 18:41 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll

2014-04-08 18:41 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-08 18:41 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2014-03-27 01:40 - 2014-03-27 01:40 - 00000000 ____D () C:\Users\Owner\Documents\Ghost Games

2014-03-27 01:09 - 2014-03-27 01:37 - 00000000 ____D () C:\Program Files\Need for Speed Rivals

2014-03-24 13:04 - 2014-03-24 13:04 - 00000000 ____D () C:\FIFA 14

2014-03-24 13:01 - 2014-03-26 22:00 - 00000000 ____D () C:\Users\Owner\Documents\FIFA 14

2014-03-24 12:59 - 2013-10-12 19:10 - 00000224 _____ () C:\Program Files\update-FIFA14.bat

2014-03-24 12:59 - 2013-10-12 16:47 - 00000732 _____ () C:\Program Files\visit-www.nosteam.ro.html

2014-03-24 12:56 - 2013-10-12 19:31 - 00000000 ____D () C:\Program Files\FIFA 14

2014-03-20 13:23 - 2014-03-20 13:32 - 00000000 ____D () C:\Users\Owner\Documents\Assassin's Creed IV Black Flag

2014-03-20 13:23 - 2014-03-20 13:23 - 00000000 ____D () C:\ProgramData\Steam

2014-03-20 13:23 - 2014-03-20 13:23 - 00000000 ____D () C:\ProgramData\Orbit

2014-03-20 12:44 - 2014-03-20 13:01 - 00000000 ____D () C:\Program Files (x86)\Assassins Creed IV Black Flag

2014-03-20 00:19 - 2014-03-20 00:19 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\2K Sports

2014-03-20 00:16 - 2014-03-27 01:36 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (3)

2014-03-20 00:09 - 2014-03-20 00:09 - 00000000 ____D () C:\Program Files (x86)\2K Sports

2014-03-19 00:35 - 2014-03-19 00:40 - 00000000 ___HD () C:\ProgramData\CanonIJMIG

2014-03-19 00:32 - 2014-03-19 00:36 - 00000000 ___HD () C:\ProgramData\CanonIJScan

==================== One Month Modified Files and Folders =======

2014-04-18 03:22 - 2014-04-18 03:21 - 00000000 ____D () C:\FRST

2014-04-17 23:10 - 2009-07-13 21:10 - 01794915 _____ () C:\Windows\WindowsUpdate.log

2014-04-17 23:02 - 2013-10-08 19:52 - 00000000 ____D () C:\ProgramData\Origin

2014-04-17 23:02 - 2013-10-08 19:51 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-04-17 23:01 - 2012-08-08 17:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-17 20:26 - 2012-02-10 00:50 - 00000000 ____D () C:\ProgramData\WRData

2014-04-17 15:02 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-17 15:02 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-17 14:55 - 2012-02-10 00:51 - 00000749 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk

2014-04-17 14:55 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-17 14:55 - 2009-07-13 20:51 - 00106300 _____ () C:\Windows\setupact.log

2014-04-17 14:54 - 2013-10-08 19:07 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-17 13:23 - 2011-03-31 20:37 - 00532846 _____ () C:\Windows\PFRO.log

2014-04-17 13:21 - 2014-04-17 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-17 13:21 - 2014-04-17 00:06 - 00000000 ____D () C:\Users\Owner\Desktop\mbar

2014-04-17 13:08 - 2009-07-13 21:13 - 00783656 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-04-17 13:07 - 2014-04-17 00:08 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-04-17 13:06 - 2014-04-17 00:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-04-17 12:44 - 2014-04-17 12:41 - 00000000 ____D () C:\AdwCleaner

2014-04-17 12:12 - 2014-04-17 12:12 - 02158592 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-04-17 12:01 - 2013-05-21 09:27 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-04-17 11:26 - 2014-04-17 11:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\535D121D.sys

2014-04-17 10:36 - 2011-07-28 02:12 - 00000000 ____D () C:\Users\Owner\.umplayer

2014-04-17 09:59 - 2012-01-12 01:35 - 00000000 ____D () C:\Windows\4BC83065F98B4DB1B4AEAA2F1FA9BA2B.TMP

2014-04-17 09:36 - 2014-04-17 09:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\29927C0C.sys

2014-04-17 02:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

2014-04-17 00:28 - 2014-04-17 00:28 - 01426178 _____ () C:\Users\Owner\Desktop\adwcleaner.exe

2014-04-17 00:23 - 2014-04-17 00:23 - 00000058 _____ () C:\Users\Owner\Desktop\lll.txt

2014-04-17 00:08 - 2014-04-17 00:08 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-17 00:07 - 2014-04-17 00:06 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-17 00:06 - 2014-04-17 00:06 - 00000000 ____D () C:\Windows\erdnt

2014-04-16 23:43 - 2011-03-31 18:59 - 00000000 ____D () C:\ProgramData\Sonic

2014-04-16 22:49 - 2009-07-13 15:19 - 00020992 ____N (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

2014-04-16 18:17 - 2012-02-10 00:51 - 00000000 ____D () C:\Program Files\Webroot

2014-04-16 18:17 - 2011-06-04 12:50 - 00000000 __RHD () C:\MSOCache

2014-04-16 18:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration

2014-04-16 18:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat

2014-04-16 15:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF

2014-04-16 14:20 - 2011-04-18 18:56 - 00000000 ____D () C:\users\Owner

2014-04-15 12:17 - 2014-02-06 12:56 - 00000000 ____D () C:\Users\Owner\Desktop\Chapter Summaries

2014-04-14 20:09 - 2014-04-14 20:09 - 00000000 ____D () C:\Users\Owner\Desktop\Adolfo Tax 2013

2014-04-13 13:24 - 2012-10-16 19:37 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-04-13 13:13 - 2013-10-08 19:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-04-13 13:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-04-13 12:58 - 2011-07-27 23:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent

2014-04-13 12:02 - 2013-01-24 18:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer

2014-04-13 08:03 - 2012-02-10 00:51 - 00154248 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll

2014-04-13 08:03 - 2012-02-10 00:51 - 00115680 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys

2014-04-13 08:03 - 2012-02-10 00:51 - 00105320 _____ (Webroot) C:\Windows\System32\WRusr.dll

2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList

2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList

2014-04-11 19:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-04-10 16:58 - 2013-03-26 18:36 - 00000000 ___RD () C:\Users\Owner\Desktop\Movies

2014-04-08 23:03 - 2013-07-10 23:00 - 00000000 ____D () C:\Windows\System32\MRT

2014-04-08 23:03 - 2013-01-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-08 23:01 - 2011-04-19 13:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2014-04-08 10:02 - 2013-06-09 20:33 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-04-03 10:40 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-03-31 05:35 - 2011-04-19 13:29 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2014-03-27 13:05 - 2011-05-03 00:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps

2014-03-27 01:59 - 2013-03-26 18:32 - 00000000 ___RD () C:\Users\Owner\Desktop\Games

2014-03-27 01:40 - 2014-03-27 01:40 - 00000000 ____D () C:\Users\Owner\Documents\Ghost Games

2014-03-27 01:37 - 2014-03-27 01:09 - 00000000 ____D () C:\Program Files\Need for Speed Rivals

2014-03-27 01:36 - 2014-03-20 00:16 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (3)

2014-03-27 01:27 - 2011-03-31 18:53 - 00360693 _____ () C:\Windows\DirectX.log

2014-03-26 22:00 - 2014-03-24 13:01 - 00000000 ____D () C:\Users\Owner\Documents\FIFA 14

2014-03-24 13:29 - 2013-03-26 18:29 - 00000000 ____D () C:\Users\Owner\Desktop\English Essays

2014-03-24 13:29 - 2011-08-02 22:34 - 00000000 ___RD () C:\Users\Owner\Desktop\New folder

2014-03-24 13:04 - 2014-03-24 13:04 - 00000000 ____D () C:\FIFA 14

2014-03-24 11:15 - 2013-11-21 22:57 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-03-24 11:15 - 2013-10-08 22:55 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-03-20 16:24 - 2013-10-08 22:55 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-03-20 13:32 - 2014-03-20 13:23 - 00000000 ____D () C:\Users\Owner\Documents\Assassin's Creed IV Black Flag

2014-03-20 13:31 - 2013-10-08 23:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\PunkBuster

2014-03-20 13:23 - 2014-03-20 13:23 - 00000000 ____D () C:\ProgramData\Steam

2014-03-20 13:23 - 2014-03-20 13:23 - 00000000 ____D () C:\ProgramData\Orbit

2014-03-20 13:01 - 2014-03-20 12:44 - 00000000 ____D () C:\Program Files (x86)\Assassins Creed IV Black Flag

2014-03-20 03:37 - 2012-12-03 20:45 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (2)

2014-03-20 00:19 - 2014-03-20 00:19 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\2K Sports

2014-03-20 00:09 - 2014-03-20 00:09 - 00000000 ____D () C:\Program Files (x86)\2K Sports

2014-03-19 23:34 - 2011-05-01 23:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Roxio Burn

2014-03-19 00:40 - 2014-03-19 00:35 - 00000000 ___HD () C:\ProgramData\CanonIJMIG

2014-03-19 00:36 - 2014-03-19 00:32 - 00000000 ___HD () C:\ProgramData\CanonIJScan

2014-03-19 00:35 - 2013-01-12 05:29 - 00000000 ____D () C:\Users\Owner\Desktop\School How-to

2014-03-19 00:34 - 2013-06-09 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\canon

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-04-08 23:00:25

Restore point made on: 2014-04-11 23:00:42

Restore point made on: 2014-04-13 13:10:43

Restore point made on: 2014-04-14 09:36:26

==================== BCD ================================

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=Y:

description Windows Boot Manager

locale en-US

inherit {globalsettings}

default {default}

resumeobject {f7162758-5c1f-11e0-a1ae-782bcb97fddf}

displayorder {default}

toolsdisplayorder {memdiag}

timeout 30

Windows Boot Loader

-------------------

identifier {default}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale en-US

inherit {bootloadersettings}

recoverysequence {current}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {f7162758-5c1f-11e0-a1ae-782bcb97fddf}

nx OptIn

Windows Boot Loader

-------------------

identifier {current}

device ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{f716275b-5c1f-11e0-a1ae-782bcb97fddf}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {bootloadersettings}

osdevice ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{f716275b-5c1f-11e0-a1ae-782bcb97fddf}

systemroot \windows

nx OptIn

winpe Yes

Resume from Hibernate

---------------------

identifier {f7162758-5c1f-11e0-a1ae-782bcb97fddf}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {resumeloadersettings}

filedevice partition=C:

filepath \hiberfil.sys

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=Y:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems Yes

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {f716275b-5c1f-11e0-a1ae-782bcb97fddf}

description Ramdisk Options

ramdisksdidevice partition=Y:

ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 6126.46 MB

Available physical RAM: 5371.64 MB

Total Pagefile: 6124.61 MB

Available Pagefile: 5368.82 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:70.01 GB) NTFS

Drive j: () (Removable) (Total:11.26 GB) (Free:3.73 GB) FAT32

Drive k: () (Removable) (Total:1.84 GB) (Free:0.05 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: CB59CF0B)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)

========================================================

Disk: 5 (Size: 11 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================

Disk: 6 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2014-04-09 00:50

==================== End Of Log ============================

Link to post
Share on other sites

See if you can run the following with your system booted in Normal mode....

 

Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the the original log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Will windows boot normally?

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01

Ran by SYSTEM at 2014-04-18 19:12:19 Run:1

Running from K:\Frst

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

Start

LastRegBack: 2014-04-09 00:50

End

*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Link to post
Share on other sites

Here are the other logs from before:

Rkill 2.6.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/18/2014 06:59:50 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\rundll32.exe (PID: 2612) [WD-HEUR]

* C:\Windows\System32\rundll32.exe (PID: 2620) [WD-HEUR]

* C:\Windows\System32\WUDFHost.exe (PID: 6120) [WD-HEUR]

* C:\Windows\System32\MsSpellCheckingFacility.exe (PID: 4916) [WD-HEUR]

4 proccesses terminated!

Possibly Patched Files.

* C:\Windows\system32\csrss.exe

* C:\Windows\system32\csrss.exe

* C:\Windows\system32\wininit.exe

* C:\Windows\system32\winlogon.exe

* C:\Windows\system32\services.exe

* C:\Windows\system32\lsass.exe

* C:\Windows\system32\lsm.exe

* C:\Windows\system32\svchost.exe

* C:\Windows\system32\svchost.exe

* C:\Windows\System32\svchost.exe

* C:\Windows\System32\svchost.exe

* C:\Windows\system32\svchost.exe

* C:\Windows\system32\svchost.exe

* C:\Windows\System32\spoolsv.exe

* C:\Windows\system32\taskhost.exe

* C:\Windows\system32\Dwm.exe

* C:\Windows\Explorer.EXE

* C:\Windows\system32\conhost.exe

* C:\Windows\system32\conhost.exe

* C:\Windows\system32\conhost.exe

* C:\Windows\system32\DllHost.exe

* C:\Windows\system32\DllHost.exe

* C:\Windows\system32\conhost.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!

* HKCU\SOFTWARE\Classes\.exe has been deleted!

* HKCU\SOFTWARE\Classes\exefile has been deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.

Startup Type set to: Automatic

* Cryptographic Services (CryptSvc) is not Running.

Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.

Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.

Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* C:\Windows\System32\browser.dll : 136,704 : 07/04/2012 06:13 PM : 05f5a0d14a2ee1d8255c2aa0e9e8e694 [NoSig]

+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_d4de1860b7af7c14\browser.dll : 136,192 : 07/13/2009 09:40 PM : 94fbc06f294d58d02361918418f996e3 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.17056_none_d4ff6bf4b79663c4\browser.dll : 136,704 : 07/04/2012 06:01 PM : 6b054c67aaa87843504e8e3c09102009 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.21256_none_d5890aa5d0b400b5\browser.dll : 136,704 : 07/04/2012 06:17 PM : 00a7a2067e9822e4626de846574ada80 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-browsers

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01

Ran by Owner (administrator) on GERARDOS on 18-04-2014 20:23:01

Running from C:\Users\Owner\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Webroot) C:\Program Files\Webroot\WRSA.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Webroot) C:\Program Files\Webroot\WRSA.exe

() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.e

Link to post
Share on other sites

FRST 2nd page:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x46C23B18115ACF01

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F84FDD03-0D44-11E3-A8F2-782BCB97FDDF}

URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll No File

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

SearchScopes: HKLM-x32 - DefaultScope {71242C34-B68F-44BB-BD89-6FFDBDC1EA7D} URL =

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={F84FDD03-0D44-11E3-A8F2-782BCB97FDDF}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)

BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: No Name - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No File

BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll No File

BHO-x32: No Name - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File

BHO-x32: No Name - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)

BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DC

Link to post
Share on other sites

Here is the addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01

Ran by Owner at 2014-04-18 20:23:35

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}

AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )

AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)

Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )

Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.2 - Belkin International, Inc.)

Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden

Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )

Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)

Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)

Canon MG3200 series User Registration (HKLM-x32\...\

Link to post
Share on other sites

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )

AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)

Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )

Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.2 - Belkin International, Inc.)

Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden

Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )

Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)

Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)

Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎)

Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\ {90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)

Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)

Dell Dock (Version: 2.0 - Stardock Corporation) Hidden

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)

iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)

Java 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 3.2.19.13664 - LeapFrog)

LeapFrog Connect (x32 Version: 3.2.19.13664 - LeapFrog) Hidden

LeapFrog Tag Plugin (x32 Version: 3.2.19.13664 - LeapFrog) Hidden

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)

LWS Facebook (x32 Version: 13.30.1346.0 - Logitech) Hidden

LWS Gallery (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS Help_main (x32 Version: 13.30.1396.0 - Logitech) Hidden

LWS Launcher (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden

LWS Pictures And Video (x32 Version: 13.30.1395.0 - Logitech) Hidden

LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden

LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

LWS Webcam Software (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden

LWS YouTube Plugin (x32 Version: 13.30.1346.0 - Logitech) Hidden

Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.00.0000 - SEGA)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\... \{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

MotioninJoy ds3 driver version 0.5.0002 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.5.0002 - www.motioninjoy.com)

MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)

MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden

MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.1920.0 - Motorola)

Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)

Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)

Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)

Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)

NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)

NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden

NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (x32 Version: 1.8 - Roxio) Hidden

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden

Roxio Creator Sta rter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden

Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)

Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SnapPlayer (HKLM-x32\...\{FF7991D3-7C6D-4C87-A541-545198F52E7D}) (Version: 1.0.4497.25196 - EMCP)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

The Extractor (HKLM-x32\...\The Extractor1.4.3.2) (Version: 1.4.3.2 - N00bsoft)

THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)

UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microso oft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)

Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 3.2.19.13664 - LeapFrog)

uTorrentControl2 Toolbar (HKLM-x32\...\uTorrentControl2 Toolbar) (Version: 6.8.11.4 - uTorrentControl2) <==== ATTENTION

Video Mover (HKLM-x32\...\Video Mover_is1) (Version: - )

Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.68 - Webroot)

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)

==================== Restore Points =========================

Link to post
Share on other sites

==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-01-11 00:27 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {31B90F4A-D005-4AC7-BBB4-4E325DACC778} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-GERARDOS => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)

Task: {3A17EC18-AFAD-4863-BC00-24705AB1B69E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {5767C590-61A8-426A-8CD4-F54307B755F6} - System32\Tasks\{31378781-7047-4352-A337-2756342CC90C} => C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe [2013-05-13] (BlueStack Systems, Inc.)

Task: {6A17A875-D1C4-477B-9D3A-C830F6BE85D5} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()

Task: {791B7A8B-C5C4-4D55-8B34-95D8D4F8B1C2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {89D2823C-6595-4AA2-A2EA-A91834A9CD4D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {8E87A275-7D2B-4CF5-88A5-87E71E8EA636} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {9CDD4F2E-3FD1-4920-927F-565E76F3654B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)

Task: {B27CF24F-698E-489F-953D-F14A468300B5} - System32\Tasks\{9A877CD1-212C-47F9-AE15-D067FE0AF68C} => C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe [2013-05-13] (BlueStack Systems, Inc.)

Task: {BBDD263D-4A90-4FB7-B095-9C4467BEED0C} - System32\Tasks\{B8572EF3-154B-458C-8123-76C3F3EC0BA7} => C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe [2013-05-13] (BlueStack Systems, Inc.)

Task: {CC403CF8-2B75-4F8B-B17F-B129FC2EE076} - System32\Tasks\{11F30EED-CC40-486D-83E7-014F851A406B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)

Task: {DA5482AD-D4AD-4787-8AEC-6E735D7D6B90} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()

Task: {E6602F1F-2C3B-49C9-BF3A-1A1888595581} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()

Task: {F45582DE-3ED3-42D7-993A-2D8494903D54} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 23:06 - 2013-08-29 18:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-01-05 04:59 - 2010-02-17 22:25 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

2012-01-05 04:59 - 2010-02-09 19:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

2013-06-10 00:45 - 2011-09-06 07:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

2013-10-09 02:55 - 2013-11-22 03:03 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2014-02-13 05:54 - 2014-02-13 05:54 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\bcc0ea3c7ff5056e938bb6166f969a45\VistaBridgeLibrary.ni.dll

2011-08-12 16:18 - 2011-08-12 16:18 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

2011-08-12 16:19 - 2011-08-12 16:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

2012-01-05 04:59 - 2011-02-25 01:08 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll

2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-05-25 19:10 - 2011-05-25 19:10 - 00120144 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll

2011-05-25 19:10 - 2011-05-25 19:10 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll

2011-05-25 19:12 - 2011-05-25 19:12 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll

2011-05-25 19:10 - 2011-05-25 19:10 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll

2011-05-25 19:11 - 2011-05-25 19:11 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll

2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2011-09-14 13:19 - 2011-09-14 13:19 - 02348544 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll

2011-09-14 13:19 - 2011-09-14 13:19 - 08500224 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll

2010-05-07 21:35 - 2010-05-07 21:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll

2010-05-07 21:35 - 2010-05-07 21:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll

2010-05-07 21:36 - 2010-05-07 21:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll

2010-05-07 21:37 - 2010-05-07 21:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2010-05-07 21:37 - 2010-05-07 21:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2011-08-22 19:47 - 2011-08-22 19:47 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

2014-02-13 05:59 - 2014-02-13 05:59 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll

2011-03-31 22:45 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:8173A019

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: CDC Serial

Description: CDC Serial

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: DW1501 Wireless-N WLAN Half-Mini Card

Description: DW1501 Wireless-N WLAN Half-Mini Card

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Broadcom

Service: BCM43XX

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (04/18/2014 08:23:37 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070005, Access is denied.

].

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (04/18/2014 08:23:37 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070005, Access is denied.

]

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (04/18/2014 08:19:50 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (04/18/2014 08:19:28 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (04/18/2014 08:19:24 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (04/18/2014 08:19:03 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (04/18/2014 08:18:57 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (04/18/2014 08:18:52 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (04/18/2014 08:15:57 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (04/18/2014 08:00:37 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

System errors:

=============

Error: (04/18/2014 08:23:37 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Software Shadow Copy Provider service failed to start due to the following error:

%%5

Error: (04/18/2014 08:23:37 PM) (Source: DCOM) (User: )

Description: 5swprv{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error: (04/18/2014 08:23:33 PM) (Source: Service Control Manager) (User: )

Description: The Windows Backup service failed to start due to the following error:

%%5

Error: (04/18/2014 08:23:33 PM) (Source: DCOM) (User: )

Description: 5sdrsvc{687E55CA-6621-4C41-B9F1-C0EDDC94BB05}

Error: (04/18/2014 08:23:21 PM) (Source: Service Control Manager) (User: )

Description: The Cryptographic Services service failed to start due to the following error:

%%5

Error: (04/18/2014 08:22:21 PM) (Source: Service Control Manager) (User: )

Description: The Cryptographic Services service failed to start due to the following error:

%%5

Error: (04/18/2014 08:22:18 PM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%5

Error: (04/18/2014 08:22:18 PM) (Source: Service Control Manager) (User: )

Description: The Network Location Awareness service failed to start due to the following error:

%%5

Error: (04/18/2014 08:21:24 PM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%5

Error: (04/18/2014 08:21:24 PM) (Source: Service Control Manager) (User: )

Description: The Network Location Awareness service failed to start due to the following error:

%%5

Microsoft Office Sessions:

=========================

Error: (04/18/2014 08:23:37 PM) (Source: VSS)(User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070005, Access is denied.

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (04/18/2014 08:23:37 PM) (Source: VSS)(User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070005, Access is denied.

Operation:

Obtain a callable interface for this provider

List interfaces for all providers supporting this context

Query Shadow Copies

Context:

Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

Snapshot Context: 13

Snapshot Context: 13

Execution Context: Coordinator

Error: (04/18/2014 08:19:50 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

Error: (04/18/2014 08:19:28 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

Error: (04/18/2014 08:19:24 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

Error: (04/18/2014 08:19:03 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

Error: (04/18/2014 08:18:57 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

Error: (04/18/2014 08:18:52 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

Error: (04/18/2014 08:15:57 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

Error: (04/18/2014 08:00:37 PM) (Source: Windows Search Service)(User: )

Description: 10x800700b7Failed to add Gather Application: Windows

==================== Memory info ===========================

Percentage of memory in use: 29%

Total physical RAM: 6126.46 MB

Available physical RAM: 4315.85 MB

Total Pagefile: 12251.09 MB

Available Pagefile: 10350 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:70.69 GB) NTFS

Drive i: (NFS Rivals) (CDROM) (Total:8.98 GB) (Free:0 GB) CDFS

Drive j: (rld-nba2k14) (CDROM) (Total:7.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: CB59CF0B)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.