RhysAndersen

Lucky Leap issue- Computer hijacked! :(

17 posts in this topic

Ok, here's my problem-

 

Started running slower recently. My internet seems to be taken over and a lot slower recently while my wife's is not. Pop-ups come up while using well-known sites that do not have pop-ups. I ran Malwarebytes Pro one time (it had been forever since i'd ran it)  to check and what do you know it came up with some stuff and said it should be deleted. I tried to "remove" them and then upon re-starting my computer wouldnt load past the windows login screen. After trying to fix it for forever and no luck, I restored my comp to a previous state. Since then I'd been using it a bit knowing something was there but not how to get it. I finally found the name lucky leap on my computer internet and knowing i didn't install it I checked the internet and found it was some sort of virus-like adware or something. This time I decided to try to be sneakier, ran the "rootkill" program, ran malwarebytes chameleon and THEN tried to clean a few of the malicious files found with ABAM and of course I got back to where I was before. I couldn't even get into safe mode a few times. Had to hard reboot multiple times until finally safe mode loaded.

 

I currently cannot run in normal windows mode. I have to load in safe with network. Since it "crashed" again I've gone through and used the ABAR rootkit program with the fixdamage and everything and I still can't get it to load into normal. I've thought to myself multiple times before that there could be a couple different viruses. I can always restore to a point before, but it obviously means the virus or whatever will still be there. HELP! I love Malwarebytes!

Share this post


Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/15/2011 5:12:00 AM
System Uptime: 10/5/2013 6:25:44 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | G74Sx
Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 1995/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 49.42 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 286.337 GiB free.
E: is FIXED (NTFS) - 349 GiB total, 30.606 GiB free.
F: is FIXED (NTFS) - 349 GiB total, 231.75 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP289: 9/15/2013 3:00:16 AM - Windows Update
RP290: 9/18/2013 3:52:43 AM - Windows Update
RP291: 9/21/2013 3:52:18 PM - Windows Update
RP292: 9/25/2013 11:48:29 PM - Windows Update
RP293: 9/29/2013 1:35:46 AM - Windows Update
RP294: 10/2/2013 11:36:01 AM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
aioscnnr
AnyMedia Player 3.3.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS FaceLogon
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_G74 Series_ENG
AsusVibe2.0
Atheros Client Installation Program
ATK Package
AVG SafeGuard toolbar
Batman: Arkham Asylum GOTY Edition
Bing Bar
BitTorrent
Bluetooth Win7 Suite (64)
Blur
Bonjour
Borderlands
Brink
Bulletstorm
C4USelfUpdater
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Camfrog Video Chat 6.1
CamStudio OSS Desktop Recorder
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
center
Cisco WebEx Meetings
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD 12
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX 9 Runtime
DiRT 3
E.Y.E: Divine Cybermancy
EasyTether
EasyTether ADB USB driver
Epson USB Display
essentials
Evaer Video Recorder for Skype 1.2.9.51
ExpressGateCloud
Finger Sensing Pad Driver
FLVPlayer4Free Free FLV Player 4.5.0.0
Free 3D Photo Maker version 2.0.13.1117
Fresco Logic USB3.0 Host Controller
FrostWire 5.3.8
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GameFast.exe
Garry's Mod
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
Intel® Control Center
Intel® Management Engine Components
Intel® Turbo Boost Technology Monitor 2.0
iTunes
Java 7 Update 25
Java Auto Updater
Java 6 Update 29
Junk Mail filter update
K-Lite Mega Codec Pack 8.0.0
Kies Air Discovery Service
Kies mini
Kodak AIO Printer
KODAK AiO Software
League of Legends
LIMBO
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
My Lockbox 2.6
Nuance PDF Reader
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
ocr
OpenAL
Pando Media Booster
Plants vs. Zombies: Game of the Year
Portal 2
PreReq
PrimoPDF -- brought to you by Nitro PDF Software
PrintProjects
PunkBuster Services
QuickTime
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Rotation Desktop for G Series.exe
Roxio AACS Certificate
Roxio CinePlayer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Serious Sam HD: The First Encounter
Serious Sam HD: The Second Encounter
Service Pack 1 for SQL Server 2008 (KB968369)
Sid Meier's Civilization V
SkyDrift
Skype Click to Call
Skype™ 6.6
Smart Technology Programming Software 7.0.23.0
Sql Server Customer Experience Improvement Program
StarCraft II
Steam
swMSM
syncables desktop SE
Test Drive Unlimited 2
THX TruStudio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Ventrilo Client
VLC media player 1.0.1
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinPcap 4.1.2
Wireless Console 3
WModem Driver Installer
Xactimate 27
Xvid MPEG-4 Video Codec
YTD YouTube Downloader & Converter 3.7
.
==== Event Viewer Messages From Past Week ========
.
10/5/2013 7:16:51 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/5/2013 6:36:27 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.159.1409.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9901.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
10/5/2013 6:36:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/5/2013 6:34:56 PM, Error: Service Control Manager [7000]  - The MBAMSwissArmy service failed to start due to the following error:  The driver was not loaded because the system is booting into safe mode.
10/5/2013 6:34:40 PM, Error: mbamchameleon [61440]  -
10/5/2013 6:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/5/2013 6:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/5/2013 6:27:51 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
10/5/2013 6:27:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/5/2013 6:27:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/5/2013 6:27:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/5/2013 6:27:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/5/2013 6:26:18 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ATKWMIACPIIO_ discache ElbyCDIO MBAMSwissArmy MpFilter spldr Wanarpv6
10/5/2013 6:26:13 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
10/5/2013 6:26:08 PM, Error: Service Control Manager [7000]  - The HitmanPro 3.6 Crusader (Boot) service failed to start due to the following error:  The system cannot find the file specified.
10/5/2013 3:13:50 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (XACTWARE) service to connect.
10/5/2013 3:13:50 AM, Error: Service Control Manager [7000]  - The SQL Server (XACTWARE) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/5/2013 3:08:20 AM, Error: Service Control Manager [7031]  - The Update lucky leap service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/5/2013 3:01:32 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
10/5/2013 2:56:22 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/5/2013 11:19:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TurboBoost with arguments "" in order to run the server: {432533D5-CFFA-4B76-B573-85035430429E}
10/5/2013 11:16:32 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.159.1409.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9901.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
10/5/2013 1:47:06 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.159.1409.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9901.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
10/5/2013 1:36:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ATKWMIACPIIO_ discache ElbyCDIO MpFilter spldr Wanarpv6
10/5/2013 1:33:31 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
10/4/2013 5:58:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/4/2013 5:58:22 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by RHYS at 19:20:34 on 2013-10-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12265.10819 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [avichannel] "C:\Program Files (x86)\Evaer\videochannel.exe"
uRun: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
mRunOnce: [ (A0)] cmd /c "C:\Users\RHYS\Desktop\mbar\mbar.exe" /rdv /s
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\RHYS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{53F68677-B5CA-492C-8935-2AB1E93CA2FB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\14E64656273756E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\2456C6B696E6F574F505C65737F5D494D4F4F5339343339334 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\34F627E656273747F6E65602F4666696365602D416E616765627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\36162696E6028353 : DHCPNameServer = 192.168.85.1
TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\65562796A7F6E6D2839303C4D264736473 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C43D13DB-036B-43E4-B2EA-CD158D284548} : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-10-17 54848]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-5 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-27 45856]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-8-10 17152]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2012-11-16 20784]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-19 246568]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-19 76584]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-11-26 445800]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-10 471144]
R3 SaiK1708;SaiK1708;C:\Windows\System32\drivers\SaiK1708.sys [2012-9-20 180544]
R3 SaiU1708;SaiU1708;C:\Windows\System32\drivers\SaiU1708.sys [2012-9-20 47168]
S0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2013-10-5 116440]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
S1 MpKsl7b9478dc;MpKsl7b9478dc;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys [2013-10-5 46768]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/31 17:45:21];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-12-28 130320]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-8-10 113840]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-3-31 91248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-3-31 78960]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-3-31 296048]
S2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [2012-8-9 98304]
S2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);"K:\PC cleaning\HitmanPro35_x64.exe" /crusader:boot --> K:\PC cleaning\HitmanPro35_x64.exe [?]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]
S2 MSSQL$XACTWARE;SQL Server (XACTWARE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-3-31 83704]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-10 2655768]
S2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-28 1643184]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-6-28 35840]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-11-23 102368]
S3 eppvad_simple;EPSON Projector UD Audio Device;C:\Windows\System32\drivers\EMP_UDAU.sys [2012-8-9 23040]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-25 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928]
S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-8-10 32344]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-8-10 290920]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-11-23 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-17 1255736]
S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-13 792512]
S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-10 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-10 79360]
S4 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-2-22 249856]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-05 23:34:56    116440    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-10-05 16:43:40    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-05 07:30:46    --------    d-----w-    C:\Users\RHYS\AppData\Roaming\Malwarebytes
2013-10-05 07:29:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-10-05 07:29:55    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-10-05 07:29:55    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 07:28:08    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\offreg.dll
2013-10-05 07:28:08    46768    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys
2013-10-04 07:53:08    9694160    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\mpengine.dll
2013-10-02 16:36:25    9694160    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-25 16:39:21    --------    d-----w-    C:\Users\RHYS\AppData\Local\CrashRpt
2013-09-14 22:53:50    --------    d-----w-    C:\Riot Games
2013-09-14 22:53:15    --------    d-----w-    C:\Users\RHYS\AppData\Roaming\Riot Games
2013-09-14 21:07:01    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware2
2013-09-13 19:43:56    --------    d-----w-    C:\Users\RHYS\AppData\Roaming\Visan
2013-09-13 19:26:14    --------    d-----w-    C:\ProgramData\HP Photo Creations
2013-09-13 19:26:14    --------    d-----w-    C:\Program Files (x86)\HP Photo Creations
2013-09-13 19:25:58    --------    d-----w-    C:\Users\RHYS\AppData\Roaming\HpUpdate
2013-09-09 15:04:55    --------    d-sh--w-    C:\found.005
2013-09-08 16:10:51    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-10-05 07:24:03    380    ----a-w-    C:\Users\RHYS\AppData\Roaming\sp_data.sys
2013-09-08 16:10:45    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-09-08 16:10:45    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-08-28 17:40:55    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-08-10 05:22:18    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-10 05:20:59    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll(88).dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 19:20:43.21 ===============
 

Share this post


Link to post
Share on other sites

I saw the bit about utorrent. I deleted bitorrent off my computer and can reload the dds files if needed.

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Share this post


Link to post
Share on other sites

combofix is saying my microsoft security essentials is not off, but I unchecked that box a while ago and saved settings. I checked it again and it says realtime protection is not on. How do I get combofix to recognize it as off?

Share this post


Link to post
Share on other sites

ComboFix 13-10-04.02 - RHYS 10/05/2013  21:51:24.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12265.10145 [GMT -5:00]
Running from: c:\users\RHYS\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\searchplugins\bing-zugo.xml
c:\windows\AsPatch10430001.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-06 to 2013-10-06  )))))))))))))))))))))))))))))))
.
.
2013-10-06 02:16 . 2013-10-06 02:16    --------    d-----w-    c:\users\RHYS\AppData\Local\VS Revo Group
2013-10-06 02:16 . 2013-10-06 02:16    --------    d-----w-    c:\programdata\VS Revo Group
2013-10-06 02:16 . 2009-12-30 16:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-10-06 02:16 . 2013-10-06 02:16    --------    d-----w-    c:\program files\VS Revo Group
2013-10-05 16:43 . 2013-10-05 18:31    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-05 07:30 . 2013-10-05 07:30    --------    d-----w-    c:\users\RHYS\AppData\Roaming\Malwarebytes
2013-10-05 07:29 . 2013-10-05 07:29    --------    d-----w-    c:\programdata\Malwarebytes
2013-10-05 07:29 . 2013-10-05 07:30    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-05 07:29 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-05 07:28 . 2013-10-05 07:28    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\offreg.dll
2013-10-05 07:28 . 2013-10-05 07:28    46768    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys
2013-10-04 07:53 . 2013-09-05 05:32    9694160    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\mpengine.dll
2013-10-02 16:36 . 2013-09-05 05:32    9694160    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-25 16:39 . 2013-09-25 16:39    --------    d-----w-    c:\users\RHYS\AppData\Local\CrashRpt
2013-09-14 22:53 . 2013-09-14 22:53    --------    d-----w-    C:\Riot Games
2013-09-14 22:53 . 2013-09-14 22:54    --------    d-----w-    c:\users\RHYS\AppData\Roaming\Riot Games
2013-09-13 19:43 . 2013-09-13 19:43    --------    d-----w-    c:\users\RHYS\AppData\Roaming\Visan
2013-09-13 19:26 . 2013-09-14 19:09    --------    d-----w-    c:\program files (x86)\HP Photo Creations
2013-09-13 19:26 . 2013-09-14 19:09    --------    d-----w-    c:\programdata\HP Photo Creations
2013-09-13 19:25 . 2013-09-13 19:25    --------    d-----w-    c:\users\RHYS\AppData\Roaming\HpUpdate
2013-09-09 15:04 . 2013-09-09 15:04    --------    d-----w-    C:\found.005
2013-09-08 16:11 . 2013-09-14 22:23    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-09-08 16:10 . 2013-09-08 16:10    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-08 16:10 . 2013-09-08 16:10    --------    d-----w-    c:\programdata\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-05 07:24 . 2012-11-27 02:25    380    ----a-w-    c:\users\RHYS\AppData\Roaming\sp_data.sys
2013-09-15 08:07 . 2011-10-02 14:43    79143768    ----a-w-    c:\windows\system32\MRT.exe
2013-09-08 16:10 . 2012-09-06 19:58    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-09-08 16:10 . 2011-10-13 23:35    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-09-05 20:43 . 2013-09-05 20:43    965008    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06BEFA36-E56E-4202-B385-63764C726209}\gapaengine.dll
2013-08-28 17:40 . 2013-08-27 16:19    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-23 02:47 . 2012-11-28 05:01    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 01:48 . 2013-09-14 19:59    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 17:00    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 17:00    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 17:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 17:00    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-07-09 05:54 . 2013-08-14 17:00    1732032    ----a-w-    c:\windows\system32\ntdll(88).dll
2013-07-09 05:52 . 2013-08-14 17:00    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 17:00    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 17:00    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 17:00    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 17:00    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 17:00    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 17:00    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 17:00    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 17:00    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 17:00    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"avichannel"="c:\program files (x86)\Evaer\videochannel.exe" [2012-07-04 1691136]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2012-10-28 56360]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-05 4284976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-12-28 506480]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-12-28 375168]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
"Malwarebytes Anti-Rootkit (cleanup)"="c:\programdata\Malwarebytes' Anti-Malware (portable)\cleanup.dll" [2013-08-13 1616696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 MpKsl7b9478dc;MpKsl7b9478dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys [x]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/31 17:45];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
R2 EMP_UDSA;EMP_UDSA;c:\program files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe;c:\program files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [x]
R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);k:\pc cleaning\HitmanPro35_x64.exe;k:\pc cleaning\HitmanPro35_x64.exe [x]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys;c:\windows\SYSNATIVE\drivers\EMP_UDAU.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R4 GSService;GSService;c:\windows\SysWOW64\GSService.exe;c:\windows\SysWOW64\GSService.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x]
S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1708.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-01 23:50    1185744    ----a-w-    c:\program files (x86)\Google\Chrome\Application\30.0.1599.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 03:12]
.
2013-05-26 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-11-20 08:25]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41    220160    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41    220160    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-10-15 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-10-15 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-RunOnce-(A0) - c:\users\RHYS\Desktop\mbar\mbar.exe
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro36CrusaderBoot]
"ImagePath"="\"k:\pc cleaning\HitmanPro35_x64.exe\" /crusader:boot"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2398509053-587471880-2104730802-1000\Software\SecuROM\License information*]
"datasecu"=hex:82,d9,d3,c7,7a,6d,64,8e,56,23,12,ac,36,89,3f,98,c2,11,91,c2,27,
   c6,bf,2a,09,12,42,37,30,9a,53,d9,95,8e,2d,35,ce,25,72,a5,94,7c,d0,7c,b6,a4,\
"rkeysecu"=hex:08,e5,3f,13,dc,de,32,de,d8,1f,18,72,86,14,79,c9
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-05  22:10:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-06 03:10
.
Pre-Run: 53,162,299,392 bytes free
Post-Run: 54,942,044,160 bytes free
.
- - End Of File - - 80F459D353802B0C20D5E06117C27D5D
 

Share this post


Link to post
Share on other sites

Okay, if you can please uninstall ALL versions of JAVA
Uninstall Pando Media Booster

 

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

 

Share this post


Link to post
Share on other sites

Alright, so I'd normally try to keep going through the steps, but so far I've uninstalled what you asked and then tried to do the ABAR program. The error comes up about the dds driver not being installed. Like the original post stated I had ran the ABAR program tool before with no luck. It said I had like 8 issues. I "cleaned" and then restarted my comp to try to scan again but failed like this time due to the dds driver not being installed. I deleted the ABAR software from before and redownloaded the new software. So im stuck at this point and didnt want to go further due to trying to follow the steps in order.

 

Just so you know, I stated this originally, but I did run the fixdamage exe from the plugins folder prior to this post too.

Share this post


Link to post
Share on other sites

Try running from the command line or modifying a short cut.  mbar.exe /z and see if that helps to allow it to run or not.

Share this post


Link to post
Share on other sites

alright u lost me there, not a command line pro. I dont know what youre talking about with the modifying shortcut bit either. I just learn this stuff as i go...

 

Sorry if this makes you have to write more.   Can i download the dds driver somewhere and put it where it needs to be or is that an extra-obvious wrong idea?

Share this post


Link to post
Share on other sites

by command line im assuming you mean running command prompt?

 

But I dont know how to get it to run from there

Share this post


Link to post
Share on other sites

We can bypass that and simply have you move on to the next steps and we'll see what those scanners find unless you'd like me to provide more information on doing it from the command line.

Share this post


Link to post
Share on other sites

ill use the others- but i was looking online and a few sites said that the dda driver error is usually from a rootkit trying to stop malwarebytes from running. Ill run the others and post the logs. thanks

Share this post


Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by RHYS on Sat 10/05/2013 at 23:16:28.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] application updater
Successfully deleted: [service] application updater



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\RHYS\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\RHYS\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\RHYS\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\RHYS\AppData\Roaming\mozilla\firefox\profiles\hgupipme.default\user.js
Successfully deleted: [Folder] C:\Users\RHYS\AppData\Roaming\mozilla\firefox\profiles\hgupipme.default\extensions\toolbar@ask.com
Emptied folder: C:\Users\RHYS\AppData\Roaming\mozilla\firefox\profiles\hgupipme.default\minidumps [74 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/05/2013 at 23:19:28.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

(THIS IS FROM ADWCLEANER. I ALREADY USED IT ONCE AND IT FOUND MULTIPLE THREATS OR REGISTRY ISSUES INCLUDING LUCKY LEAP TRACES, AVG SAFEGUARD TOOLBAR AND A FEW OTHERS. TOLD IT TO CLEAN IT AND IT DID AND IT RESTARTED MY COMP BUT WHEN IT RESTARTED IT WENT BACK TO NORMAL MODE AND CRASHED RIGHT AFTER LOGIN SCREEN. I LOOKED AT THE QUARANTINE AND THERE'S MULTIPLE QUARANTINED FILES. I CAN POST THOSE IF YOU LIKE)

 

 

# AdwCleaner v3.006 - Report created 05/10/2013 at 23:32:53
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RHYS - RICE
# Running from : C:\Users\RHYS\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\prefs.js ]


-\\ Google Chrome v30.0.1599.66

[ File : C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3827 octets] - [05/10/2013 23:21:56]
AdwCleaner[R1].txt - [811 octets] - [05/10/2013 23:32:54]
AdwCleaner[s0].txt - [3563 octets] - [05/10/2013 23:26:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [930 octets] ##########

 

 

 

 

ESET ONLINE SCAN---

 

 

C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe    multiple threats
C:\Users\RHYS\Desktop\Work\Website\Personal\Rhys Andersen\frostwire-5.4.0.windows.exe    multiple threats
C:\Users\RHYS\Downloads\cbsidlm-cbsi134-Freemake_Video_Converter-ORG-75218346.exe    probably a variant of Win32/CNETInstaller.A application
C:\Users\RHYS\Downloads\OLD DOWNLOADS\cbsidlm-tr1_7-CamStudio-SEO2-10067101.exe    Win32/DownloadAdmin.D application
C:\Users\RHYS\Downloads\OLD DOWNLOADS\cnet_mylockbox_setup_zip.exe    a variant of Win32/InstallCore.D application
C:\Users\RHYS\Downloads\OLD DOWNLOADS\frostwire-5.3.8.windows.exe    multiple threats
C:\Users\RHYS\Downloads\OLD DOWNLOADS\GraboidVideoSetup-3.11.exe    Win32/Graboid application
C:\Users\RHYS\Downloads\OLD DOWNLOADS\InternationalPrimoPDF.exe    Win32/OpenCandy application
C:\Users\RHYS\Downloads\OLD DOWNLOADS\media.player.codec.pack.v4.1.1.setup.exe    probably a variant of Win32/Toolbar.Widgi application
C:\Users\RHYS\Downloads\OLD DOWNLOADS\vlcmediaplayer-setup.exe    multiple threats
C:\Windows\AutoKMS\AutoKMS.exe    MSIL/HackKMS.A application
 

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by RHYS (administrator) on RICE on 06-10-2013 10:14:03
Running from C:\Users\RHYS\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-10-15] (Saitek)
HKLM\...\Run: [saiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-10-15] (Saitek)
HKLM\...\Runonce: [GrpConv] - grpconv -o
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1616696 2013-08-13] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ (A0)] - cmd /c "C:\Users\RHYS\Desktop\mbar\mbar.exe" /bootscan /s [1178424 2013-08-13] (Malwarebytes Corporation)
HKCU\...\Run: [avichannel] - C:\Program Files (x86)\Evaer\videochannel.exe [1691136 2012-07-03] (Evaer Technology)
HKCU\...\Run: [EasyTether] - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [56360 2012-10-28] (Mobile Stream)
HKCU\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[s0].txt [3563 2013-10-05] ()
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909312 2011-03-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [FLxHCIm64] - C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD12DMREngine] - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [506480 2012-12-28] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [375168 2012-12-28] (CyberLink Corp.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKU\UpdatusUser\...\Run: [bitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
HKU\UpdatusUser\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {39BCF954-D162-464F-ACB6-E6B6437765B3} URL = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms}
SearchScopes: HKCU - {39BCF954-D162-464F-ACB6-E6B6437765B3} URL = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111017&iesrc={referrer:source}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: DivXWebPlayer - C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======


CHR Extension: (Frostwire Toolbar) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.4.0_0
CHR Extension: (Google Drive) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Gmail) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaaaooaijelonlmbcbjkocdnicdfmo] - C:\Users\RHYS\AppData\Local\APN\GoogleCRXs\aaaaaaooaijelonlmbcbjkocdnicdfmo_7.15.4.0.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] ()
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [91248 2012-12-28] (CyberLink Corp.)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78960 2012-12-28] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296048 2012-12-28] (CyberLink)
S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION)
S4 GSService; C:\Windows\SysWOW64\GSService.exe [249856 2012-02-14] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 MSSQL$XACTWARE; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2011-09-15] ()
S4 SQLAgent$XACTWARE; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 HitmanPro36CrusaderBoot; "K:\PC cleaning\HitmanPro35_x64.exe" /crusader:boot [x]
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-28] (AVG Technologies)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-10-28] (Mobile Stream)
S3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-19] (Windows ® Win 7 DDK provider)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [116440 2013-10-05] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S1 MpKsl7b9478dc; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys [46768 2013-10-05] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-10-15] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-10-15] (Saitek)
R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.)
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 10:13 - 2013-10-06 10:13 - 00000000 ____D C:\FRST
2013-10-06 10:12 - 2013-10-06 10:12 - 01954124 _____ (Farbar) C:\Users\RHYS\Downloads\FRST64.exe
2013-10-06 10:04 - 2013-10-06 10:04 - 00001091 _____ C:\Users\RHYS\Desktop\esetonline.txt
2013-10-05 23:53 - 2013-10-05 23:53 - 02347384 _____ (ESET) C:\Users\RHYS\Downloads\esetsmartinstaller_enu.exe
2013-10-05 23:42 - 2013-10-05 23:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-05 23:19 - 2013-10-05 23:19 - 00006787 _____ C:\Users\RHYS\Desktop\JRT.txt
2013-10-05 23:16 - 2013-10-05 23:16 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 23:07 - 2013-10-05 23:33 - 00000000 ____D C:\AdwCleaner
2013-10-05 23:07 - 2013-10-05 23:07 - 01045226 _____ C:\Users\RHYS\Downloads\AdwCleaner.exe
2013-10-05 23:06 - 2013-10-05 23:06 - 01030305 _____ (Thisisu) C:\Users\RHYS\Downloads\JRT.exe
2013-10-05 22:39 - 2013-10-05 22:48 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-05 22:38 - 2013-10-05 22:48 - 00000000 ____D C:\Users\RHYS\Desktop\mbar
2013-10-05 22:36 - 2013-10-05 22:37 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005(1).exe
2013-10-05 22:10 - 2013-10-05 22:10 - 00032498 _____ C:\ComboFix.txt
2013-10-05 21:50 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 21:50 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 21:50 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 21:50 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 21:50 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 21:50 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 21:50 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 21:50 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 21:45 - 2013-10-05 22:10 - 00000000 ____D C:\Qoobox
2013-10-05 21:45 - 2013-10-05 22:08 - 00000000 ____D C:\Windows\erdnt
2013-10-05 21:44 - 2013-10-05 21:44 - 05130782 ____R (Swearware) C:\Users\RHYS\Downloads\ComboFix.exe
2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Users\RHYS\AppData\Local\VS Revo Group
2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-05 21:16 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2013-10-05 21:15 - 2013-10-05 21:15 - 10031224 _____ (VS Revo Group                                               ) C:\Users\RHYS\Downloads\RevoUninProSetup.exe
2013-10-05 19:30 - 2013-10-05 19:30 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(3).scr
2013-10-05 19:20 - 2013-10-05 19:20 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(2).scr
2013-10-05 19:16 - 2013-10-05 19:16 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(1).scr
2013-10-05 14:41 - 2013-10-05 14:41 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds.scr
2013-10-05 11:43 - 2013-10-05 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-05 11:42 - 2013-10-05 11:42 - 00204496 _____ (Malwarebytes) C:\Users\RHYS\Downloads\startuplite-setup-1.07.exe
2013-10-05 11:24 - 2013-10-05 11:24 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005.exe
2013-10-05 02:30 - 2013-10-05 02:30 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64-30785.exe
2013-10-05 02:30 - 2013-10-05 02:30 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-05 02:30 - 2013-10-05 02:30 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Malwarebytes
2013-10-05 02:29 - 2013-10-05 02:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 02:29 - 2013-10-05 02:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-05 02:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-05 02:28 - 2013-10-05 02:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RHYS\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-05 02:23 - 2013-10-05 02:23 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-05 02:21 - 2013-10-05 02:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\RHYS\Downloads\mbam-clean-1.60.2.0003.exe
2013-10-05 02:15 - 2013-10-05 02:15 - 01440846 _____ C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-10-05 02:15 - 2013-10-05 02:15 - 00000000 ____D C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000
2013-10-01 03:03 - 2013-10-01 03:03 - 00000000 ____H C:\Users\RHYS\Documents\Default.rdp
2013-09-29 13:07 - 2013-09-29 13:08 - 00000000 ____D C:\Users\RHYS\Desktop\DONT EVEN THINK ABOUT IT
2013-09-27 13:10 - 2013-09-27 13:10 - 00000784 _____ C:\Users\RHYS\Desktop\09_27_2013 - TPUB Seamless Gutters (SC).pdf.log
2013-09-27 12:56 - 2013-09-27 12:56 - 00000784 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.log
2013-09-27 12:30 - 2013-09-27 12:30 - 00010820 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.xlsx
2013-09-25 11:39 - 2013-09-25 11:39 - 00000000 ____D C:\Users\RHYS\AppData\Local\CrashRpt
2013-09-20 04:20 - 2013-09-20 04:20 - 00012593 _____ C:\Users\RHYS\Documents\Expenses Spreadsheet.xlsx
2013-09-15 03:11 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 03:11 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 03:11 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-15 03:11 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 03:11 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 03:11 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-15 03:11 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-15 03:11 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-15 03:11 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-15 03:11 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-15 03:11 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 03:11 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-15 03:11 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-15 03:11 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 17:53 - 2013-09-14 17:54 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Riot Games
2013-09-14 17:53 - 2013-09-14 17:53 - 00000000 ____D C:\Riot Games
2013-09-14 17:50 - 2013-09-14 17:51 - 32229024 _____ (Riot Games) C:\Users\RHYS\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-09-14 16:07 - 2013-09-14 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2
2013-09-14 14:59 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-14 14:59 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-14 14:59 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-14 14:59 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-14 14:59 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-14 14:59 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-14 14:59 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-14 14:59 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-14 14:59 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-14 14:59 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-14 14:59 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-14 14:59 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-14 14:59 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-14 14:59 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-14 14:59 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-14 14:59 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-14 14:59 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-14 14:59 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-14 14:59 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-14 14:59 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-14 14:59 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-14 14:59 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 14:59 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-14 14:59 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-14 14:59 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-14 14:59 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-14 14:59 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-14 14:55 - 2013-09-14 14:55 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64.exe
2013-09-14 14:54 - 2013-09-14 14:55 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill.exe
2013-09-14 14:47 - 2013-09-14 14:47 - 406211619 _____ C:\Windows\MEMORY.DMP
2013-09-14 14:47 - 2013-09-14 14:47 - 00266320 _____ C:\Windows\Minidump\091413-26208-01.dmp
2013-09-14 13:35 - 2013-09-14 14:09 - 00000000 ___RD C:\Users\Public\Desktop\Installation Log Files
2013-09-14 13:15 - 2013-09-14 13:15 - 00066814 _____ C:\Users\RHYS\Documents\cc_20130914_131522.reg
2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ___RD C:\Users\RHYS\Documents\HP Photo Creations
2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Visan
2013-09-13 14:26 - 2013-09-14 14:09 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-09-13 14:26 - 2013-09-14 14:09 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-09-13 14:26 - 2013-09-13 14:43 - 00001993 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-09-13 14:25 - 2013-09-13 14:25 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\HpUpdate
2013-09-11 16:55 - 2013-09-11 16:55 - 00018223 _____ C:\Users\RHYS\Downloads\sample basic contents sheet.xlsx
2013-09-11 16:55 - 2013-09-11 16:55 - 00013096 _____ C:\Users\RHYS\Downloads\Adjusters_Invoice.xlsx
2013-09-11 16:55 - 2013-09-11 16:55 - 00010804 _____ C:\Users\RHYS\Downloads\sample billing form.xlsx
2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\found.005
2013-09-08 11:10 - 2013-09-08 11:10 - 00000000 ____D C:\ProgramData\McAfee
2013-09-08 11:09 - 2013-09-08 11:09 - 00903080 _____ (Oracle Corporation) C:\Users\RHYS\Downloads\jxpiinstall.exe

==================== One Month Modified Files and Folders =======

2013-10-06 10:13 - 2013-10-06 10:13 - 00000000 ____D C:\FRST
2013-10-06 10:12 - 2013-10-06 10:12 - 01954124 _____ (Farbar) C:\Users\RHYS\Downloads\FRST64.exe
2013-10-06 10:04 - 2013-10-06 10:04 - 00001091 _____ C:\Users\RHYS\Desktop\esetonline.txt
2013-10-06 02:16 - 2012-11-26 23:05 - 01463343 _____ C:\Windows\WindowsUpdate.log
2013-10-05 23:53 - 2013-10-05 23:53 - 02347384 _____ (ESET) C:\Users\RHYS\Downloads\esetsmartinstaller_enu.exe
2013-10-05 23:42 - 2013-10-05 23:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-05 23:33 - 2013-10-05 23:07 - 00000000 ____D C:\AdwCleaner
2013-10-05 23:28 - 2012-11-03 14:43 - 00000000 ____D C:\ProgramData\Kodak
2013-10-05 23:28 - 2011-04-01 23:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-05 23:27 - 2012-11-27 18:51 - 00030815 _____ C:\Windows\setupact.log
2013-10-05 23:27 - 2011-08-10 09:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-05 23:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 23:19 - 2013-10-05 23:19 - 00006787 _____ C:\Users\RHYS\Desktop\JRT.txt
2013-10-05 23:16 - 2013-10-05 23:16 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 23:07 - 2013-10-05 23:07 - 01045226 _____ C:\Users\RHYS\Downloads\AdwCleaner.exe
2013-10-05 23:06 - 2013-10-05 23:06 - 01030305 _____ (Thisisu) C:\Users\RHYS\Downloads\JRT.exe
2013-10-05 22:48 - 2013-10-05 22:39 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-05 22:48 - 2013-10-05 22:38 - 00000000 ____D C:\Users\RHYS\Desktop\mbar
2013-10-05 22:39 - 2013-03-13 03:21 - 00064414 _____ C:\Windows\PFRO.log
2013-10-05 22:37 - 2013-10-05 22:36 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005(1).exe
2013-10-05 22:10 - 2013-10-05 22:10 - 00032498 _____ C:\ComboFix.txt
2013-10-05 22:10 - 2013-10-05 21:45 - 00000000 ____D C:\Qoobox
2013-10-05 22:08 - 2013-10-05 21:45 - 00000000 ____D C:\Windows\erdnt
2013-10-05 22:05 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-10-05 21:58 - 2009-07-13 21:34 - 87556096 _____ C:\Windows\system32\config\software.bak
2013-10-05 21:58 - 2009-07-13 21:34 - 24117248 _____ C:\Windows\system32\config\system.bak
2013-10-05 21:58 - 2009-07-13 21:34 - 01048576 _____ C:\Windows\system32\config\default.bak
2013-10-05 21:58 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-10-05 21:58 - 2009-07-13 21:34 - 00061440 _____ C:\Windows\system32\config\sam.bak
2013-10-05 21:44 - 2013-10-05 21:44 - 05130782 ____R (Swearware) C:\Users\RHYS\Downloads\ComboFix.exe
2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Users\RHYS\AppData\Local\VS Revo Group
2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-05 21:15 - 2013-10-05 21:15 - 10031224 _____ (VS Revo Group                                               ) C:\Users\RHYS\Downloads\RevoUninProSetup.exe
2013-10-05 21:13 - 2011-09-15 05:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-05 19:30 - 2013-10-05 19:30 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(3).scr
2013-10-05 19:20 - 2013-10-05 19:20 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(2).scr
2013-10-05 19:16 - 2013-10-05 19:16 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(1).scr
2013-10-05 18:54 - 2011-09-14 21:47 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\BitTorrent
2013-10-05 14:41 - 2013-10-05 14:41 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds.scr
2013-10-05 13:31 - 2013-10-05 11:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-05 11:42 - 2013-10-05 11:42 - 00204496 _____ (Malwarebytes) C:\Users\RHYS\Downloads\startuplite-setup-1.07.exe
2013-10-05 11:24 - 2013-10-05 11:24 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005.exe
2013-10-05 02:47 - 2011-04-01 23:36 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-05 02:39 - 2012-06-30 23:13 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\vlc
2013-10-05 02:30 - 2013-10-05 02:30 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64-30785.exe
2013-10-05 02:30 - 2013-10-05 02:30 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-05 02:30 - 2013-10-05 02:30 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Malwarebytes
2013-10-05 02:30 - 2013-10-05 02:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 02:30 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 02:30 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 02:29 - 2013-10-05 02:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-05 02:29 - 2013-10-05 02:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\RHYS\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-05 02:24 - 2012-11-26 21:25 - 00000380 _____ C:\Users\RHYS\AppData\Roaming\sp_data.sys
2013-10-05 02:23 - 2013-10-05 02:23 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-05 02:21 - 2013-10-05 02:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\RHYS\Downloads\mbam-clean-1.60.2.0003.exe
2013-10-05 02:15 - 2013-10-05 02:15 - 01440846 _____ C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-10-05 02:15 - 2013-10-05 02:15 - 00000000 ____D C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000
2013-10-05 00:55 - 2011-09-17 16:34 - 00000000 ____D C:\Users\RHYS\AppData\Local\CrashDumps
2013-10-04 16:28 - 2011-12-25 00:57 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Skype
2013-10-03 22:52 - 2013-07-22 09:40 - 00000000 ____D C:\Users\RHYS\Documents\Outlook Files
2013-10-01 03:03 - 2013-10-01 03:03 - 00000000 ____H C:\Users\RHYS\Documents\Default.rdp
2013-09-29 13:08 - 2013-09-29 13:07 - 00000000 ____D C:\Users\RHYS\Desktop\DONT EVEN THINK ABOUT IT
2013-09-27 13:10 - 2013-09-27 13:10 - 00000784 _____ C:\Users\RHYS\Desktop\09_27_2013 - TPUB Seamless Gutters (SC).pdf.log
2013-09-27 13:10 - 2011-10-04 13:57 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\PrimoPDF
2013-09-27 12:56 - 2013-09-27 12:56 - 00000784 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.log
2013-09-27 12:30 - 2013-09-27 12:30 - 00010820 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.xlsx
2013-09-25 11:39 - 2013-09-25 11:39 - 00000000 ____D C:\Users\RHYS\AppData\Local\CrashRpt
2013-09-24 23:33 - 2012-05-13 19:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-20 04:20 - 2013-09-20 04:20 - 00012593 _____ C:\Users\RHYS\Documents\Expenses Spreadsheet.xlsx
2013-09-19 00:26 - 2013-08-16 21:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-19 00:26 - 2011-09-17 15:20 - 00000000 ____D C:\Users\RHYS\AppData\Local\Mozilla
2013-09-15 12:28 - 2013-04-01 19:26 - 00000000 ___RD C:\Users\RHYS\Desktop\Work
2013-09-15 11:03 - 2011-09-15 05:12 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-15 11:03 - 2011-09-15 05:12 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-15 03:41 - 2009-07-29 01:03 - 00000000 ____D C:\Windows\Panther
2013-09-15 03:40 - 2012-11-26 19:36 - 00411928 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 03:11 - 2013-07-13 08:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-15 03:11 - 2011-09-15 06:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-15 03:07 - 2012-11-19 22:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 03:07 - 2011-10-02 09:43 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-14 20:41 - 2013-09-14 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2
2013-09-14 20:41 - 2012-04-06 12:54 - 00000000 ____D C:\ProgramData\P4G
2013-09-14 20:41 - 2011-10-28 14:20 - 00000000 ____D C:\Windows\Minidump
2013-09-14 20:41 - 2011-08-10 09:57 - 00000000 ____D C:\ExpressGateUtil
2013-09-14 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-14 17:54 - 2013-09-14 17:53 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Riot Games
2013-09-14 17:53 - 2013-09-14 17:53 - 00000000 ____D C:\Riot Games
2013-09-14 17:51 - 2013-09-14 17:50 - 32229024 _____ (Riot Games) C:\Users\RHYS\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-09-14 17:49 - 2011-08-10 09:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-14 17:44 - 2011-09-15 05:12 - 00000000 ____D C:\Users\RHYS
2013-09-14 17:32 - 2012-11-20 03:25 - 00000000 ____D C:\Windows\AutoKMS
2013-09-14 17:32 - 2012-08-14 10:13 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2013-09-14 17:32 - 2011-09-15 06:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-09-14 17:32 - 2011-09-15 06:23 - 00000000 ___RD C:\Users\RHYS\Desktop\Desktop Icons
2013-09-14 17:32 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-14 17:24 - 2013-04-11 21:11 - 00000000 ____D C:\ProgramData\Visan
2013-09-14 14:55 - 2013-09-14 14:55 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64.exe
2013-09-14 14:55 - 2013-09-14 14:54 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill.exe
2013-09-14 14:47 - 2013-09-14 14:47 - 406211619 _____ C:\Windows\MEMORY.DMP
2013-09-14 14:47 - 2013-09-14 14:47 - 00266320 _____ C:\Windows\Minidump\091413-26208-01.dmp
2013-09-14 14:09 - 2013-09-14 13:35 - 00000000 ___RD C:\Users\Public\Desktop\Installation Log Files
2013-09-14 14:09 - 2013-09-13 14:26 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-09-14 14:09 - 2013-09-13 14:26 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-09-14 14:09 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-14 13:15 - 2013-09-14 13:15 - 00066814 _____ C:\Users\RHYS\Documents\cc_20130914_131522.reg
2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ___RD C:\Users\RHYS\Documents\HP Photo Creations
2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Visan
2013-09-13 14:43 - 2013-09-13 14:26 - 00001993 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-09-13 14:38 - 2011-12-25 08:21 - 00000000 ____D C:\Users\RHYS\AppData\Local\HP
2013-09-13 14:25 - 2013-09-13 14:25 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\HpUpdate
2013-09-11 16:55 - 2013-09-11 16:55 - 00018223 _____ C:\Users\RHYS\Downloads\sample basic contents sheet.xlsx
2013-09-11 16:55 - 2013-09-11 16:55 - 00013096 _____ C:\Users\RHYS\Downloads\Adjusters_Invoice.xlsx
2013-09-11 16:55 - 2013-09-11 16:55 - 00010804 _____ C:\Users\RHYS\Downloads\sample billing form.xlsx
2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\found.005
2013-09-08 11:10 - 2013-09-08 11:10 - 00000000 ____D C:\ProgramData\McAfee
2013-09-08 11:10 - 2012-09-06 14:58 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-08 11:10 - 2011-10-13 18:35 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-08 11:09 - 2013-09-08 11:09 - 00903080 _____ (Oracle Corporation) C:\Users\RHYS\Downloads\jxpiinstall.exe

Alureon:
C:\Users\RHYS\AppData\Local\Temp\sqcwbjx\swdcpss\wow.dll

Files to move or delete:
====================
C:\Users\RHYS\jagex_cl_runescape_LIVE.dat
C:\Users\RHYS\random.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-24 09:21

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by RHYS at 2013-10-06 10:14:56
Running from C:\Users\RHYS\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 4.2.1)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
aioscnnr (x32 Version: 7.6.11.10)
AnyMedia Player 3.3.5 (x32 Version: 3.3.5)
Apple Application Support (x32 Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS AI Recovery (x32 Version: 1.0.23)
ASUS FaceLogon (x32 Version: 1.0.0013)
ASUS Live Update (x32 Version: 3.1.2)
ASUS Power4Gear Hybrid (Version: 1.2.0)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0040)
ASUS USB Charger Plus (x32 Version: 2.0.8)
ASUS Virtual Camera (x32 Version: 1.0.25)
ASUS WebStorage (x32 Version: 3.0.84.161)
AsusScr_G74 Series_ENG (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.7.146)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0015)
Bing Bar (x32 Version: 7.0.610.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Blur (x32)
Bonjour (Version: 3.0.0.10)
Borderlands (x32)
Brink (x32)
Bulletstorm (x32)
C4USelfUpdater (x32 Version: 1.00.0000)
Call of Duty: Modern Warfare 2 - Multiplayer (x32)
Call of Duty: Modern Warfare 2 (x32)
Camfrog Video Chat 6.1 (x32 Version: 6.1.151)
CamStudio OSS Desktop Recorder (x32 Version: 2.6 Beta r294)
Canon DIGITAL CAMERA Solution Disk Software Guide (x32 Version: 1.4.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide (x32 Version: 1.0.0.1)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities MyCamera (x32 Version: 7.4.0.2)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
CCleaner (Version: 3.25)
center (x32 Version: 6.2.5.0)
Cisco WebEx Meetings (x32)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDVD 12 (x32 Version: 12.0.2428.57)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DirectX 9 Runtime (x32 Version: 1.00.0000)
DiRT 3 (x32)
E.Y.E: Divine Cybermancy (x32)
EasyTether (Version: 1.1.17)
EasyTether (x32 Version: 1.1.17)
EasyTether ADB USB driver (Version: 1.0.0)
Epson USB Display (x32 Version: 1.51.000)
ESET Online Scanner v3 (x32)
essentials (x32 Version: 6.0.14.0)
Evaer Video Recorder for Skype 1.2.9.51 (x32 Version: 1.2.9.51)
ExpressGateCloud (x32 Version: 2.6.27.160)
Finger Sensing Pad Driver (Version: 9.1.3.5)
FLVPlayer4Free Free FLV Player 4.5.0.0 (x32)
Free 3D Photo Maker version 2.0.13.1117 (x32)
Fresco Logic USB3.0 Host Controller (Version: 3.5.73.0)
FrostWire 5.3.8 (x32 Version: 5.3.8.0)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
GameFast.exe (Version: 1.0.0.1)
Garry's Mod (x32)
Google Chrome (x32 Version: 30.0.1599.66)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (x32 Version: 140.0.65.65)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
iTunes (Version: 10.6.3.25)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kies mini (x32 Version: 1.00.0000)
K-Lite Mega Codec Pack 8.0.0 (x32 Version: 8.0.0)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (x32 Version: 7.6.12.20)
League of Legends (x32 Version: 3.0.0)
LIMBO (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (x32)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (x32 Version: 10.1.2531.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
My Lockbox 2.6 (Version: 2.6)
Nuance PDF Reader (x32 Version: 6.00.0041)
NVIDIA 3D Vision Controller Driver 306.97 (Version: 306.97)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (x32 Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697)
ocr (x32 Version: 6.2.3.50)
OpenAL (x32)
Plants vs. Zombies: Game of the Year (x32)
Portal 2 (x32)
PreReq (x32 Version: 6.2.3.0)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)
PrintProjects (x32 Version: 1.0.0.9282)
PunkBuster Services (x32 Version: 0.987)
QuickTime (x32 Version: 7.72.80.56)
Rapture3D 2.4.8 Game (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6564)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Rotation Desktop for G Series.exe (Version: 1.0.0.9)
Roxio AACS Certificate (x32 Version: 1.0.0)
Roxio CinePlayer (x32 Version: 5.8)
Roxio CinePlayer (x32 Version: 5.8.58233.5)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.15.0)
Serious Sam HD: The First Encounter (x32)
Serious Sam HD: The Second Encounter (x32)
Service Pack 1 for SQL Server 2008 (KB968369) (x32 Version: 10.1.2531.0)
Sid Meier's Civilization V (x32)
SkyDrift (x32)
Skype Click to Call (x32 Version: 5.9.9216)
Skype™ 6.6 (x32 Version: 6.6.106)
Smart Technology Programming Software 7.0.23.0 (Version: 7.0.23.0)
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0)
StarCraft II (x32 Version: 1.4.3.21029)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
syncables desktop SE (x32 Version: 5.5.746.11492)
Test Drive Unlimited 2 (x32)
THX TruStudio (x32 Version: 1.03.01)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Ventrilo Client (x32 Version: 3.0.8)
VLC media player 1.0.1 (x32 Version: 1.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.32.0)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
Wireless Console 3 (x32 Version: 3.0.27)
WModem Driver Installer (x32 Version: 2.0.6.9)
Xactimate 27 (x32 Version: 27.6.1068.48950)
Xvid MPEG-4 Video Codec (x32)
YTD YouTube Downloader & Converter 3.7 (x32)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

15-09-2013 08:00:16 Windows Update
18-09-2013 08:52:43 Windows Update
21-09-2013 20:52:18 Windows Update
26-09-2013 04:48:29 Windows Update
29-09-2013 06:35:46 Windows Update
02-10-2013 16:36:01 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-10-05 22:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {020CAA9B-93D6-452E-9106-B7E54BEA4742} - \Scheduled Update for Ask Toolbar No Task File
Task: {044200BD-8409-4705-A67E-3660BAF21CD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)
Task: {15BEA5DF-E2F3-439E-876D-104A2E29E00D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {301EA0EE-6E32-4E60-997E-DF0C17D0FC62} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2012-11-20] ()
Task: {3B6C7B4A-CD27-4EF7-AC5F-6D5EE0BACA62} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {3FC2EEB2-034B-4915-BC6D-47AE61BD0953} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)
Task: {516A3BD9-7653-4D11-80A0-31110DF7FBCD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6A8E1E7D-71CE-4906-B924-F3D111DFFBF7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.0.19\WSCStub.exe
Task: {7D094985-8319-4FE2-A708-6EDF4898336A} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {823D06CC-1930-4E66-B47A-BD00CF906FA7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)
Task: {943B2BA2-C931-4E22-8FAD-49748F566117} - System32\Tasks\{E5846720-7FDF-41E0-929E-D4F0A86CD7D6} => C:\Program Files (x86)\Xactware\Xactimate27\CORE\x.exe [2012-07-03] (Xactware)
Task: {9945CC47-4B50-4FCC-A70D-429E67BC617D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14] (Adobe Systems Incorporated)
Task: {9D54CAF0-352C-4870-B7B2-63657664A2FD} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {B8AABF2F-20AF-4FA8-8676-ADC164AE176E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.0.19\SymErr.exe
Task: {B8DE8580-568D-4E18-8207-D9E0EAADB5A4} - System32\Tasks\{8334ABBE-9DDC-4201-B128-6DB79F3EC701} => C:\Program Files (x86)\asus\VirtualCamera\VirCam.exe [2012-01-12] (ASUS)
Task: {CE2D1D71-DF2F-415B-9874-A4E300DC7DD0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
Task: {DCFC4D73-7F34-4B83-B642-935E816D2E2A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.0.19\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-16 21:38 - 2013-09-19 00:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-14 22:12 - 2013-05-14 22:12 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2013 11:28:19 PM) (Source: MSSQL$XACTWARE) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$XACTWARE\Performance'. SQL Server performance counters are disabled.


System errors:
=============
Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:13:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2013 10:11:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/05/2013 11:28:19 PM) (Source: MSSQL$XACTWARE)(User: )
Description: First CounterSYSTEM\CurrentControlSet\Services\MSSQL$XACTWARE\Performance


CodeIntegrity Errors:
===================================
  Date: 2013-10-05 21:57:56.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-05 21:57:56.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-08 20:29:12.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-08 20:29:12.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-08 20:29:12.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-08 20:29:12.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-08 20:29:12.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-08 20:28:02.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-08 20:28:02.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-08 20:28:02.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 12265.16 MB
Available physical RAM: 9262.48 MB
Total Pagefile: 24528.5 MB
Available Pagefile: 21810.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:50.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:286.34 GB) NTFS
Drive e: (SDATA1) (Fixed) (Total:349.3 GB) (Free:30.61 GB) NTFS
Drive f: (System Files) (Fixed) (Total:349.33 GB) (Free:231.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 699 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=349 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=349 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Share this post


Link to post
Share on other sites

Here's the full scan current log of mbam

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.05.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16686
RHYS :: RICE [limited]

Protection: Disabled

10/6/2013 3:38:09 PM
MBAM-log-2013-10-06 (18-19-00).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 459696
Time elapsed: 1 hour(s), 1 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\utilluckyleap.exe.vir (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\RHYS\Desktop\Work\Website\Personal\Rhys Andersen\frostwire-5.4.0.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\RHYS\Downloads\OLD DOWNLOADS\frostwire-5.3.8.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\RHYS\Downloads\OLD DOWNLOADS\InternationalPrimoPDF.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\RHYS\Downloads\OLD DOWNLOADS\media.player.codec.pack.v4.1.1.setup.exe (PUP.Dealio.TB) -> No action taken.
C:\Users\RHYS\Downloads\OLD DOWNLOADS\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> No action taken.
C:\Windows\AutoKMS\AutoKMS.exe (Trojan.AutoKMS) -> No action taken.

(end)
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.