Welcome to Britec Forum - Free Tech Support - Please Donate

SARDU MultiBoot Creator
Hello There, Guest! Login Register


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Still Infected
#1
Hi,

Ok when you guys previously helped me it got better, but then it went back to being slow again. My task manager, browser and my computer can become so unresponsive that I have to force reboot. Also it takes a while to start up like 5 minutes. On my task manager when I looked at it and searched some stuff up, it came up that malware could be using it causing my CPU to skyrocket like windows module installer and others. I still believe that my laptop is still infected, but with something different because all scans don't detect it at all and some stuff has been popping up on my laptop like the desktop.ini and I did not do anything to make that pop up but I was able to make it hidden again. Please help.

Thanks,
Shadowtime101
Reply
#2
(12-04-2014, 02:11 AM)Shadowtime101 Wrote:  Hi,

Ok when you guys previously helped me it got better, but then it went back to being slow again.  My task manager, browser and my computer can become so unresponsive that I have to force reboot.  Also it takes a while to start up like 5 minutes.  On my task manager when I looked at it and searched some stuff up, it came up that malware could be using it causing my CPU to skyrocket like windows module installer and others.  I still believe that my laptop is still infected, but with something different because all scans don't detect it at all and some stuff has been popping up on my laptop like the desktop.ini and I did not do anything to make that pop up but I was able to make it hidden again.  Please help.

Thanks,
Shadowtime101

Have you tested your hard drive? Please download and run Crystal Disk Info and post up those results.



@nsm0220 why would you suggest uninstalling Avast?
Tim's Computer Repair (TCR) 
1503 Kings Way, Savannah, GA 31406, US
912-220-0765
http://www.TimsComputerFix.net 

Reply
#3
Please download [Image: Farbar_Recovery_Scan_Tool.png]Farbar Recovery Scan Tool from Here and save it to your desktop.

Please Note: You need to run the right version 32bit or 64bit. please choose right version to download...not sure which version? download both of them and run them. Only the right version will run on your computer system. 

 
·         Right click and run as administrator. When the tool opens click Yes to disclaimer.

·         Press Scan button.

·         A log file will be created, called (FRST.txt) it will be where the tool was run from.

·         Please copy and paste log in this post.

·         It also makes also another log on the first time is run called (Addition.txt). Please paste that into your next reply.
If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 





   
 
Reply
#4
@Shadowtime101

We would need to know what has already been tried so we're not going over the same old stuff.

@Timster

The folks on the Avast forum called his malware testing vids immature, he didn't like it too much and has reacted against them ever since. However, there is an issue with some people saying that adware has started appearing due to their Avast install. But that's because they don't see the slightly hidden "extra installs".
Reply
#5
(12-04-2014, 02:49 PM)Timster Wrote:  
(12-04-2014, 02:11 AM)Shadowtime101 Wrote:  Hi,

Ok when you guys previously helped me it got better, but then it went back to being slow again.  My task manager, browser and my computer can become so unresponsive that I have to force reboot.  Also it takes a while to start up like 5 minutes.  On my task manager when I looked at it and searched some stuff up, it came up that malware could be using it causing my CPU to skyrocket like windows module installer and others.  I still believe that my laptop is still infected, but with something different because all scans don't detect it at all and some stuff has been popping up on my laptop like the desktop.ini and I did not do anything to make that pop up but I was able to make it hidden again.  Please help.

Thanks,
Shadowtime101

Have you tested your hard drive? Please download and run Crystal Disk Info and post up those results.



@nsm0220 why would you suggest uninstalling Avast?
because had 2 avs running at the same and avast zero day protection is junk

(12-04-2014, 03:23 PM)GuiltySpark Wrote:  @Shadowtime101

We would need to know what has already been tried so we're not going over the same old stuff.

@Timster

The folks on the Avast forum called his malware testing vids immature, he didn't like it too much and has reacted against them ever since. However, there is an issue with some people saying that adware has started appearing due to their Avast install. But that's because they don't see the slightly hidden "extra installs".
i was 17 at the time avast was bullying me to death because they hated gdata i even got an email from one of say that they what gdata to be gone

(12-04-2014, 03:23 PM)Britec Wrote:  Please download [Image: Farbar_Recovery_Scan_Tool.png]Farbar Recovery Scan Tool from Here and save it to your desktop.

Please Note: You need to run the right version 32bit or 64bit. please choose right version to download...not sure which version? download both of them and run them. Only the right version will run on your computer system. 

 
·         Right click and run as administrator. When the tool opens click Yes to disclaimer.

·         Press Scan button.

·         A log file will be created, called (FRST.txt) it will be where the tool was run from.

·         Please copy and paste log in this post.

·         It also makes also another log on the first time is run called (Addition.txt). Please paste that into your next reply.
britec his laptop haves no malware i cheek his laptop over and over
Reply
#6
I really don't know what's been going on with my laptop it has experienced the automatic repair loop or hardware failure before but I was able to get it out of that, plus when it told me to restore I restored to an infected restore point because all of them were infected, so that is one reason why I think it is infected still and maybe hardware problems I don't know.

----------------------------------------------------------------------------
CrystalDiskInfo 6.2.1 © 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8 [6.2 Build 9200] (x64)
Date : 2014/12/04 16:28:36

-- Controller Map ----------------------------------------------------------
+ AMD SATA Controller [ATA]
- ST500LT0 12-9WS142 SATA Disk Device
- hp DVD A DS8A9SH SATA CdRom Device
- Microsoft Storage Spaces Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST500LT012-9WS142 : 500.1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST500LT012-9WS142
----------------------------------------------------------------------------
Model : ST500LT012-9WS142
Firmware : 0001YAM1
Serial Number : S0VAKNZM
Disk Size : 500.1 GB (8.4/137.4/500.1/500.1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300 | SATA/300
Power On Hours : 2469 hours
Power On Count : 1254 count
Temperature : 31 C (87 F)
Health Status : Good
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 115 _99 __6 00000523B3E8 Read Error Rate
03 _99 _99 __0 000000000000 Spin-Up Time
04 _98 _98 __0 000000000944 Start/Stop Count
05 100 100 _36 000000000000 Reallocated Sectors Count
07 _78 _60 _30 00000470342B Seek Error Rate
09 _98 _98 __0 0000000009A5 Power-On Hours
0A 100 100 _97 000000000000 Spin Retry Count
0C _99 _99 __0 0000000004E6 Power Cycle Count
B7 100 100 __0 000000000000 Vendor Specific
B8 100 100 _97 000000000000 End-to-End Error
BB _44 _44 __0 000000000038 Reported Uncorrectable Errors
BC 100 __1 __0 000000000432 Command Timeout
BD 100 100 __0 000000000000 High Fly Writes
BE _69 _44 _45 00011F15001F Airflow Temperature
BF 100 100 __0 00000000001D G-Sense Error Rate
C0 100 100 __0 000000000062 Power-off Retract Count
C1 _96 _96 __0 0000000023FA Load/Unload Cycle Count
C2 _31 _56 __0 00100000001F Temperature
C4 100 100 __0 000000000000 Reallocation Event Count
C5 100 100 __0 000000000000 Current Pending Sector Count
C6 100 100 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
FE 100 100 __0 000000000000 Free Fall Protection

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5330 5641 4B4E 5A4D 2020 2020 2020 2020 2020 2020
020: 0000 8000 0004 3030 3031 5941 4D31 5354 3530 304C
030: 5430 3132 2D39 5753 3134 3220 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0D06 0004 004C 004C
080: 01F8 0029 306B 7C09 6123 3069 BC09 6123 407F 0030
090: 0030 8080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5000 C500
110: 6C8A 0905 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 0078 0000 0008 0000 0000 00FF 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 5F00 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 103D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 A9A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 2F 00 73 63 E8 B3 23 05 00 00 00 03 23
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 62 62 44
020: 09 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 2F 00 4E 3C 2B 34 70 04 00 00 00 09 32
040: 00 62 62 A5 09 00 00 00 00 00 0A 33 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 63 63 E6 04 00 00 00
060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 33
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 2C 2C 38
080: 00 00 00 00 00 00 BC 32 00 64 01 32 04 00 00 00
090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22
0A0: 00 45 2C 1F 00 15 1F 01 00 00 BF 32 00 64 64 1D
0B0: 00 00 00 00 00 00 C0 22 00 64 64 62 00 00 00 00
0C0: 00 00 C1 32 00 60 60 FA 23 00 00 00 00 00 C2 22
0D0: 00 1F 38 1F 00 00 00 10 00 00 C4 32 00 64 64 00
0E0: 00 00 00 00 00 00 C5 32 00 64 64 00 00 00 00 00
0F0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 32
100: 00 C8 C8 00 00 00 00 00 00 00 FE 32 00 64 64 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53
170: 03 00 01 00 02 64 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 04 01 01 01 01 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 1D 00 00 00 C2 10 FA C8 1A 08 00 00
1B0: 00 00 00 00 01 00 27 00 B7 19 D4 2B CA 54 00 00
1C0: D8 4B 35 48 22 DB 14 00 00 00 00 00 00 00 00 00
1D0: 01 00 00 00 00 00 00 00 34 17 00 00 3C 00 06 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 61
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0D0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0E0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0F0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
100: 00 00 00 00 00 00 00 00 00 00 FE 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15
Reply
#7
Disk Health is Good.

Can you run the FRST scan Britec asked for please Shadowtime101.

Thanks.
Reply
#8
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by jespi_000 at 2014-12-04 17:10:42
Running from C:\Users\jespi_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2: Free (HKLM-x32\...\Steam App 107400) (Version: - Bohemia Interactive)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version: - Ubisoft Singapore)
Unity Web Player (HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

18-11-2014 00:28:36 Installed HP Support Assistant
24-11-2014 02:09:39 Checkpoint by HitmanPro
01-12-2014 02:15:56 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2014-08-14 19:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07138C66-1FD1-40C6-80C3-8DE97D0743AD} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
Task: {0D576258-1873-4121-A466-9520E00ABD0C} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-17] (IObit)
Task: {0E9041F6-65C5-48CA-83E9-0639930C694D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {0FC589DC-D790-476D-A3F2-FF2677124A94} - System32\Tasks\Driver Booster SkipUAC (Greg) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {10B12067-2E6A-49DE-B109-4E2D6E3D316D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {25BC94A5-E858-4874-8898-F92DC5E2FF94} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-11-13] (COMODO)
Task: {36945791-D78E-4660-A820-DE81625BDD3A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {4C7380CC-14A3-4BC0-99C8-D56B17D59E37} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-02] (Microsoft Corporation)
Task: {4D254997-C263-449B-86BA-AF550615C4E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {59007B5F-5118-4931-9070-AA3775EBB36B} - System32\Tasks\Driver Booster SkipUAC (jespi_000) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {6A75C320-9DFF-4ED2-AA3C-E7A38036B43E} - System32\Tasks\CIMT_S-1-5-21-3436019999-1338614278-3438539980-1002 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {844F2422-F58F-4B27-AC56-3DF6405AEEB6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {948B39CB-F1EF-4346-879B-E0548E334AF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {96B63A3F-A1C6-44B4-99CE-138470526DF5} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-11-02] ()
Task: {9C68FAF9-04EA-464E-802A-CA24FC233AD0} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A396CE51-BC7E-433D-8403-1B3F2428088F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
Task: {A69A2DB0-E66D-456E-91B4-46E35768F632} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
Task: {AD3ECD29-04C0-4432-AE9B-D21CE5B9AEC3} - System32\Tasks\ASC8_SkipUac_jespi_000 => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-17] (IObit)
Task: {AE0ECBC7-5687-48B4-A819-23C2569E3579} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AFF32D8C-D695-41FB-A858-3EDA9228D758} - System32\Tasks\HPCeeScheduleForjespi_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B0064209-C584-45EA-9E30-5C4658A28D4A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {BDD0AE65-1E86-4432-B333-684B00B7F671} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
Task: {BF93684D-1BB8-4827-A96A-92D021094413} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-11-20] ()
Task: {CB2CF135-D2C8-4B90-AEED-4F2C2718FBEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {D27118BE-3F2B-41E8-9EBF-67EFDA6E7963} - System32\Tasks\Uninstaller_SkipUac_jespi_000 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-30] (IObit)
Task: {DB2EC9DB-D29E-4FF0-BD2E-AEC1DD173A06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-02] (Adobe Systems Incorporated)
Task: {DD08B184-D9B0-4EB8-A960-CCC1DC83E04E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-07] (Synaptics Incorporated)
Task: {DDDBAAEB-7B4F-47AC-89E4-A486166F0F66} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-30] (IObit)
Task: {E6869FC6-06AF-474C-A056-6D5AA07414B6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-09] (AVAST Software)
Task: {FCD95A06-46DF-4EE5-914E-6C9E8226C03D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-11-02] (Realtek Semiconductor)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASC8_SkipUac_jespi_000.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-3436019999-1338614278-3438539980-1002.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\HPCeeScheduleForjespi_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_jespi_000.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-03-13 23:41 - 2013-03-13 23:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-17 17:09 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-17 17:13 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-13 23:41 - 2013-03-13 23:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-11-30 18:51 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-12-03 18:02 - 2014-12-03 18:02 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120301\algo.dll
2014-12-04 16:26 - 2014-12-04 16:26 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120401\algo.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-30 18:51 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-11-30 18:51 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-11-30 18:51 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-11-30 18:51 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2013-09-17 20:53 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-12 16:44 - 2014-11-12 16:44 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\DxtoryCodec64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DxtoryCodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Hamdrv.sys:$CmdTcID
AlternateDataStreams: C:\Users\jespi_000\Desktop\FRST64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\jespi_000\Desktop\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Desktop\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\jespi_000\Desktop\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Downloads\514730.1-lg.jpg:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Downloads\A-man-uses-an-Apple-iPhon-007.jpg:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Downloads\CrystalDiskInfo6_2_1-en.exe:$CmdTcID
AlternateDataStreams: C:\Users\jespi_000\Downloads\CrystalDiskInfo6_2_1-en.exe:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Downloads\images.jpg:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Downloads\index.jpg:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Downloads\IShnx42ew3z3950000000000.jpg:$CmdZnID
AlternateDataStreams: C:\Users\jespi_000\Downloads\spybot-2.4.exe:$CmdTcID
AlternateDataStreams: C:\Users\jespi_000\Downloads\spybot-2.4.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\StartupApproved\Run: => "Advanced SystemCare 8"

========================= Accounts: ==========================

Administrator (S-1-5-21-3436019999-1338614278-3438539980-500 - Administrator - Disabled)
Greg (S-1-5-21-3436019999-1338614278-3438539980-1002 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-3436019999-1338614278-3438539980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3436019999-1338614278-3438539980-1004 - Limited - Enabled)
jespi_000 (S-1-5-21-3436019999-1338614278-3438539980-1005 - Administrator - Enabled) => C:\Users\jespi_000

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2014 06:46:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (12/04/2014 06:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0xf58
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (12/04/2014 06:34:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/03/2014 09:25:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x1208
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (12/03/2014 06:57:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -550.

Error: (12/03/2014 05:04:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/03/2014 06:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0xb58
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (12/02/2014 08:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51bac464
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0xff8
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (12/02/2014 06:08:01 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (12/02/2014 05:48:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CIS.exe version 8.0.0.4337 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b98

Start Time: 01d00e8f47821e8b

Termination Time: 3651

Application Path: C:\Program Files\COMODO\COMODO Internet Security\CIS.exe

Report Id: 0ff82476-7a86-11e4-bf3a-9cb654422a60

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (12/03/2014 06:55:15 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/03/2014 06:56:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:32:33 PM on ‎12/‎3/‎2014 was unexpected.

Error: (12/02/2014 06:43:28 PM) (Source: DCOM) (EventID: 10010) (User: JOSHUA_COMPUTER)
Description: {C288AC5A-D846-4696-8028-2DF6F508D0D9}

Error: (12/02/2014 06:41:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/02/2014 06:11:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (12/02/2014 06:10:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MOBCleanup service failed to start due to the following error:
%%2

Error: (12/02/2014 06:08:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/02/2014 04:36:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/02/2014 04:32:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (12/02/2014 04:31:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MOBCleanup service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/04/2014 06:46:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (12/04/2014 06:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c000000500000000​0002ea19f5801d00fc8a717ae0bC:\Windows\system32\atieclxx.exeC:\Windows\system32\a​tieclxx.exee7b9312d-7bbb-11e4-bf3c-9cb654422a60

Error: (12/04/2014 06:34:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/03/2014 09:25:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c000000500000000​0002ea19120801d00f7a536705d4C:\Windows\system32\atieclxx.exeC:\Windows\system32\​atieclxx.exe93b53b49-7b6d-11e4-bf3c-9cb654422a60

Error: (12/03/2014 06:57:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -550

Error: (12/03/2014 05:04:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/03/2014 06:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c000000500000000​0002ea19b5801d00efe0e5756edC:\Windows\system32\atieclxx.exeC:\Windows\system32\a​tieclxx.exe4f2872e2-7af1-11e4-bf3b-9cb654422a60

Error: (12/02/2014 08:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351bac464atieclxx.exe6.14.11.114351bac464c000000500000000​0002ea19ff801d00ea93e93fcecC:\Windows\system32\atieclxx.exeC:\Windows\system32\a​tieclxx.exe7f6ea023-7a9c-11e4-bf3b-9cb654422a60

Error: (12/02/2014 06:08:01 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (12/02/2014 05:48:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CIS.exe8.0.0.4337b9801d00e8f47821e8b3651C:\Program Files\COMODO\COMODO Internet Security\CIS.exe0ff82476-7a86-11e4-bf3a-9cb654422a60


CodeIntegrity Errors:
===================================
Date: 2014-12-04 17:05:41.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-04 06:15:35.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-03 19:37:42.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-03 18:59:32.398
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-02 18:42:39.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-02 18:27:58.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-02 18:06:58.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-02 02:23:33.010
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-02 02:09:53.024
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-01 23:14:44.975
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 3682.26 MB
Available physical RAM: 2312.06 MB
Total Pagefile: 7394.26 MB
Available Pagefile: 5286.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:443.03 GB) (Free:378.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by jespi_000 (administrator) on JOSHUA_COMPUTER on 04-12-2014 17:06:08
Running from C:\Users\jespi_000\Desktop
Loaded Profile: jespi_000 (Available profiles: Greg & jespi_000)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3​d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Farbar) C:\Users\jespi_000\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [147160 2014-11-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-11-13] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-02] (LogMeIn Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-17] (IObit)
HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2014-12-01] (Dxtory Software)
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3436019999-1338614278-3438539980-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {AA3F748D-E134-4B59-9954-88D79A6E4882} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AA3F748D-E134-4B59-9954-88D79A6E4882} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3436019999-1338614278-3438539980-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{49CD9D27-111F-4E9F-91C0-F0D99AC14DAD}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{4E14BC5C-6FC2-4CBA-984A-A298BBF51E27}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-3436019999-1338614278-3438539980-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jespi_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default\use​r.js
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default\Ext​ensions\iobitascsurfingprotection@iobit.com [2014-11-30]
FF Extension: MEGA - C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default\Ext​ensions\firefox@mega.co.nz.xpi [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-24]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{googleConfusedearchFieldtrialParameter}client={googleConfuseduggestClient}&gs_ri={googleConfuseduggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:page​Classification}{googleConfusedearchVersion}{googleConfusedessionToken}sugkey={googleConfuseduggestAPIKeyParameter}
CHR Profile: C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Attack on Titan Theme for 1440x900) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebjcpbckgdhefehkcfjeaddcjnkhlke [2014-05-19]
CHR Extension: (Google Search) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (SiteAdvisor) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-09]
CHR Extension: (Google Wallet) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Gmail) - C:\Users\jespi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-09] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7615952 2014-11-13] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-11-13] (COMODO)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-23] (SurfRight B.V.)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-30] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-11-02] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-11-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-22] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-06-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-09] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-10-24] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-09] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2014-11-02] (Advanced Micro Devices)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-22] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21304 2014-11-13] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [808176 2014-11-13] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [36200 2014-11-13] (COMODO)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-02] (LogMeIn Inc.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127328 2014-11-13] (COMODO)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-11-02] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2014-11-02] (Realtek Semiconductor Corp.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-12-01] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\JESPI_~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 17:06 - 2014-12-04 17:08 - 00020532 _____ () C:\Users\jespi_000\Desktop\FRST.txt
2014-12-04 16:53 - 2014-12-04 16:53 - 02117632 _____ (Farbar) C:\Users\jespi_000\Desktop\FRST64(1).exe
2014-12-04 16:25 - 2014-12-04 16:25 - 00001203 _____ () C:\Users\jespi_000\Desktop\CrystalDiskInfo.lnk
2014-12-04 16:25 - 2014-12-04 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-12-04 16:25 - 2014-12-04 16:25 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-12-04 16:22 - 2014-12-04 16:22 - 02996728 _____ (Crystal Dew World ) C:\Users\jespi_000\Downloads\CrystalDiskInfo6_2_1-en.exe
2014-12-04 16:15 - 2014-12-04 16:15 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-12-03 19:05 - 2014-12-03 19:20 - 00002336 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-12-03 18:55 - 2014-12-03 18:55 - 00000596 _____ () C:\Windows\PFRO.log
2014-12-03 17:38 - 2014-12-03 18:56 - 00000380 _____ () C:\Windows\Tasks\HPCeeScheduleForjespi_000.job
2014-12-02 16:34 - 2014-12-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-01 21:44 - 2014-12-01 21:44 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-01 21:41 - 2014-12-01 21:42 - 15196248 _____ () C:\Users\jespi_000\Desktop\RogueKiller.exe
2014-12-01 21:29 - 2014-12-01 21:29 - 00000085 _____ () C:\Windows\wininit.ini
2014-12-01 21:23 - 2014-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-01 21:22 - 2014-12-01 21:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-01 21:22 - 2014-12-01 21:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 21:13 - 2014-12-01 21:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\jespi_000\Downloads\spybot-2.4.exe
2014-12-01 18:42 - 2014-12-02 16:20 - 00000000 ____D () C:\Users\jespi_000\Desktop\Dxtory Stuff
2014-12-01 18:35 - 2014-12-01 18:35 - 00000000 ____D () C:\Users\jespi_000\AppData\Local\Dxtory Software
2014-12-01 18:34 - 2014-12-01 18:34 - 03673600 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec64.dll
2014-12-01 18:34 - 2014-12-01 18:34 - 03166720 _____ (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2014-12-01 18:34 - 2014-12-01 18:34 - 00001199 _____ () C:\Users\jespi_000\Desktop\Dxtory.lnk
2014-12-01 18:34 - 2014-12-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2014-12-01 18:34 - 2014-12-01 18:34 - 00000000 ____D () C:\Program Files (x86)\Dxtory Software
2014-12-01 16:23 - 2014-12-01 16:23 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-12-01 16:23 - 2014-12-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-12-01 16:22 - 2014-12-04 17:00 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-12-01 16:22 - 2014-12-01 16:23 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-12-01 16:22 - 2014-12-01 16:22 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-01 16:21 - 2014-12-01 16:21 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-01 16:21 - 2014-12-01 16:21 - 00000000 ____D () C:\Program Files\COMODO
2014-12-01 16:20 - 2014-12-01 16:22 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-01 15:51 - 2014-12-02 16:35 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-11-30 20:23 - 2014-11-30 20:15 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-30 20:23 - 2014-11-30 20:15 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-30 20:05 - 2014-11-30 20:05 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-30 20:05 - 2014-11-30 20:05 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-30 20:05 - 2014-11-30 20:05 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-11-30 20:05 - 2014-11-30 20:05 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-11-30 20:05 - 2014-11-30 20:05 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-30 20:05 - 2014-11-30 20:05 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-30 20:05 - 2014-11-30 20:05 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-30 20:05 - 2014-11-30 20:05 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-30 19:59 - 2014-11-30 19:59 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-30 19:59 - 2014-11-30 19:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-30 19:59 - 2014-11-30 19:59 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-30 19:59 - 2014-11-30 19:59 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-30 19:53 - 2014-11-30 19:53 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-30 19:53 - 2014-11-30 19:53 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-30 19:53 - 2014-11-30 19:53 - 02885632 _____ (Microsoft Corporation) C:\Wind
Reply
#9
There's a lot of nasties in there, but we should wait for Britec to come back to add a fixlist as I'm not yet fully up to speed with the full workings of FRST (still learning and testing with this tool).
Reply
#10
Malware nasties? And I just wanted to say thank you so much for the pretty quick fast replies and the help you guys have given me, you guys are the 1st forum that actually helped me on my computer so thank you!
Reply


Forum Jump:


Users browsing this thread:
1 Guest(s)