Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Radio type ads are playing in the background on my computer [Closed]

malware adware virus radio

  • This topic is locked This topic is locked
20 replies to this topic

#1 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 April 2014 - 03:32 PM

I tried to download some freeware the other day, and I think it has infected my computer.  I now have what sounds like a radio station playing on my computer - it plays ads and news (mostly entertainment/gossip).  It plays even if no programs are opened - even before I log on to my computer.  As long as the computer is on, I hear it.

 

 I have run scans with Norton Antivirus and AVG and neither picked up anything.  Then I downloaded Malwarebytes - and it found lots of items to be removed, and I have removed them, but the radio is still playing on my computer.  But now I keep getting  Malicious Websites Blocked messages from Malewarebytes.  There are two things that are being reported:  one is Trojan.Zekos.Patched, with a location of C:Windows/System 32/rpcss.dll and the other is Searchnet.Blinkxcore,com its path is C:Windows/System 32/svchost.exe.

 

I have tried using Hitman antivirus as well, with no luck.

 

Your help is greatly appreciated!

 

Steve

 

 


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 21 April 2014 - 09:26 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Search with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
    Search for files with FRST (Recovery Environment)
    Type the following in the edit box after "Search:"

    rpcss.dll
    Click Search button and post the log (Search.txt) it makes to your reply.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.
Proud Member of UNITE & TB
 

#3 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 22 April 2014 - 09:52 AM

Attached File  TDSSKiller.3.0.0.32_22.04.2014_11.39.05_log.txt   216.93KB   76 downloadsHere are the results of the FRST search:

 

Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Stevef at 2014-04-22 11:14:01
Running from C:\Users\Stevef\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-03-07 00:36] - [2010-11-20 09:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2011-03-07 00:36] - [2010-11-20 09:27] - 0515072 ____N (Microsoft Corporation) CFEC2F4117732D341DB5C828407CC1AB

====== End Of Search ======

 

 

The TDSS-Killer scan results are attached as requested.

 

Thanks for your help, and I look forward to your reply

 

Steve



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 23 April 2014 - 04:11 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 

#5 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 23 April 2014 - 09:19 AM

Here are the FRST.txt results:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Stevef (administrator) on STEVEF-PC on 23-04-2014 10:17:38
Running from C:\Users\Stevef\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Spotify Ltd) C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Stevef\AppData\Roaming\Spotify\spotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
() C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Farbar) C:\Users\Stevef\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [KS Mouse Suite Daemon] => KICONSPY.EXE
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1583808 2009-03-02] (Leader Technologies Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-24] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\.DEFAULT\...\Run: [EPSON Artisan 810 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\Run: [EPSON Artisan 810 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE [55120 2008-12-09] (NewSoft Technology Corporation)
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-05-31] (AVG Secure Search)
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\RunOnce: [AVG search provider] - "C:\Program Files (x86)\AVG\AVG10\SearchProvider.exe" /AFTERINST
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\RunOnce: [spchecker] - "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\MountPoints2: {2a656dd0-e6ba-11df-920c-806e6f6e6963} - E:\Welcome.exe
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\MountPoints2: {fddf4451-2d2e-11e0-870d-806e6f6e6963} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1752897894-3349346008-619840215-1000\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE [55120 2008-12-09] (NewSoft Technology Corporation)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [EPSONFF936F] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [Spotify Web Helper] => C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-09] (Spotify Ltd)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [GoogleChromeAutoLaunch_EDB5E3CD333E8E75245B3ADD3873254E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1312720 2013-03-21] (Google Inc.)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [Spotify] => C:\Users\Stevef\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-09] (Spotify Ltd)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [EPSON Artisan 810 Series v2] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\MountPoints2: {fddf4451-2d2e-11e0-870d-806e6f6e6963} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1752897894-3349346008-619840215-1002\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [113768 2010-07-12] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\search~1\datamngr\iebho.dll => "c:\progra~2\search~1\datamngr\iebho.dll" File Not Found
AppInit_DLLs-x32:  c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [102504 2010-07-12] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
URLSearchHook: HKCU - (No Name) - {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ASUT
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {08195388-CB82-4A7D-8C5B-FA23E11E15C1} URL = http://search.avg.co...{language}&nt=1
SearchScopes: HKCU - {0EFAB008-FC22-4571-BBB8-9AB2A8797074} URL = http://www.google.co...age={startPage}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ASUT
SearchScopes: HKCU - {7E5B91A1-DEBE-4B23-AFAB-905686D04D91} URL = http://search.yahoo....p={SearchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
SearchScopes: HKCU - {C9402052-D0FF-4A94-8446-53EB9ED4C007} URL = http://search.yahoo....53,17118,0,18,0
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Stevef\AppData\Roaming\Mozilla\Firefox\Profiles\ikqfbvb8.default-1384784127577
FF user.js: detected! => C:\Users\Stevef\AppData\Roaming\Mozilla\Firefox\Profiles\ikqfbvb8.default-1384784127577\user.js
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @airarena/KMP - C:\Program Files (x86)\Altnet Music Plugin\ffXPI\Plugins\npAMPff.dll (Airarena Pty Ltd.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: No Name - C:\Users\Stevef\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-01-22]
FF Extension: OneClickDownloader - C:\Users\Stevef\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-09-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{494d1265-1d59-43c6-8fa1-eb1d9224278a}] - C:\Program Files (x86)\Altnet Music Plugin\ffXPI
FF Extension: No Name - C:\Program Files (x86)\Altnet Music Plugin\ffXPI [2011-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-01]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292 [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFF [2013-10-09]
 
Chrome: 
=======
CHR HomePage: hxxp://www.searchnu.com/410
CHR RestoreOnStartup: "hxxp://www.searchnu.com/410", "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Stevef\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Altnet Music Plugin for Firefox) - C:\Program Files (x86)\Altnet Music Plugin\ffXPI\Plugins\npAMPff.dll (Airarena Pty Ltd.)
CHR Plugin: () - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Stevef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-22]
CHR Extension: (Steelers) - C:\Users\Stevef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcilfgncaioimoihaebmekgbfkfinhm [2013-02-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 GoToMyPC; "C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe" Start=service [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-24] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-03-24] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20140422.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140422.033\ENG64.SYS [126040 2014-03-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140422.033\EX64.SYS [2099288 2014-03-24] (Symantec Corporation)
S3 pksmouse; C:\Windows\System32\DRIVERS\pksmouse.sys [22528 2008-08-04] (Primax Electronics Ltd.)
S3 pksusblf; C:\Windows\System32\DRIVERS\pksusblf.sys [11776 2008-11-05] (Primax Electronics Ltd.)
S3 RDID1142; C:\Windows\System32\Drivers\rdwm1142.sys [202880 2013-08-23] (Roland Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U3 tmlwf; 
U3 tmwfp; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-23 10:17 - 2014-04-23 10:18 - 00038319 _____ () C:\Users\Stevef\Downloads\FRST.txt
2014-04-23 10:15 - 2014-04-23 10:15 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64 (1).exe
2014-04-22 16:31 - 2014-04-22 16:31 - 00004064 _____ () C:\{3E059BB4-3892-44D8-B4D5-3E6C27148212}
2014-04-22 16:28 - 2014-04-22 16:28 - 00003312 _____ () C:\{37E7ECCB-0FAF-4BF3-8007-E1ACFC9F7592}
2014-04-22 11:38 - 2014-04-22 11:38 - 00000000 ____D () C:\Users\Stevef\Desktop\TDSSKiller
2014-04-22 11:37 - 2014-04-22 11:37 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller (1).zip
2014-04-22 11:33 - 2014-04-22 11:33 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller.zip
2014-04-22 11:31 - 2014-04-22 11:31 - 00000630 _____ () C:\Users\Stevef\Desktop\Search.txt
2014-04-22 11:14 - 2014-04-22 11:21 - 00000630 _____ () C:\Users\Stevef\Downloads\Search.txt
2014-04-22 11:13 - 2014-04-23 10:17 - 00000000 ____D () C:\FRST
2014-04-22 11:12 - 2014-04-22 11:12 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64.exe
2014-04-21 23:04 - 2014-04-21 23:04 - 00000000 _____ () C:\Windows\SysWOW64\shoE210.tmp
2014-04-21 11:59 - 2014-04-21 11:59 - 00000000 __SHD () C:\found.000
2014-04-20 18:00 - 2014-04-20 18:00 - 00019236 _____ () C:\Users\Stevef\Downloads\hijackthis.log
2014-04-20 18:00 - 2014-04-20 18:00 - 00019236 _____ () C:\Users\Stevef\Desktop\hijackthis.log
2014-04-20 17:59 - 2014-04-20 17:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Stevef\Downloads\HiJackThis.exe
2014-04-20 16:11 - 2014-04-20 16:11 - 00262144 _____ () C:\Windows\Minidump\042014-99684-01.dmp
2014-04-19 18:04 - 2014-04-19 18:04 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-04-19 18:01 - 2014-04-19 18:01 - 00002616 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_180152.txt
2014-04-19 17:56 - 2014-04-19 17:56 - 00003577 _____ () C:\Users\Stevef\Desktop\RKreport[0]_D_04192014_175654.txt
2014-04-19 17:55 - 2014-04-19 17:55 - 00003430 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_175529.txt
2014-04-19 17:49 - 2014-04-19 17:56 - 00000000 ____D () C:\Users\Stevef\Desktop\RK_Quarantine
2014-04-19 17:48 - 2014-04-19 17:48 - 03972608 _____ () C:\Users\Stevef\Downloads\RogueKiller.exe
2014-04-19 16:29 - 2014-04-19 16:29 - 00019618 _____ () C:\Windows\system32\.crusader
2014-04-19 16:05 - 2014-04-19 16:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-19 16:05 - 2014-04-19 16:09 - 10971424 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro_x64.exe
2014-04-19 16:02 - 2014-04-19 16:04 - 10094400 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro.exe
2014-04-18 19:56 - 2014-04-18 19:56 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\AVG2014
2014-04-18 19:55 - 2014-04-18 19:55 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-18 19:55 - 2014-04-18 19:55 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\TuneUp Software
2014-04-18 19:54 - 2014-04-18 19:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-18 19:50 - 2014-04-18 20:07 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Avg2014
2014-04-18 19:50 - 2014-04-18 19:50 - 00000000 ____D () C:\Users\Stevef\AppData\Local\MFAData
2014-04-18 19:49 - 2014-04-18 19:49 - 04462440 _____ (AVG Technologies) C:\Users\Stevef\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-04-18 18:37 - 2014-04-23 09:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 18:37 - 2014-04-18 18:37 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 18:37 - 2014-04-18 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 18:37 - 2014-04-18 18:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 18:37 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 18:37 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 18:37 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 18:36 - 2014-04-18 18:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-18 18:34 - 2014-04-18 18:35 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-17 18:25 - 2014-04-17 18:25 - 00000000 _____ () C:\Windows\SysWOW64\sho53AC.tmp
2014-04-17 18:20 - 2014-04-17 18:20 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-17 18:19 - 2014-04-17 18:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-17 18:19 - 2014-04-17 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-04-17 18:19 - 2014-04-17 18:19 - 00000000 ____D () C:\Program Files\iPod
2014-04-17 18:14 - 2014-04-17 18:14 - 00000396 _____ () C:\Users\Stevef\AppData\Roaming\guitar_tabs.xml
2014-04-17 18:10 - 2014-04-17 18:16 - 148885840 _____ (Apple Inc.) C:\Users\Stevef\Downloads\iTunes64Setup (3).exe
2014-04-17 15:53 - 2014-04-17 15:53 - 00003142 _____ () C:\Windows\System32\Tasks\{FFA41107-2493-4721-A720-1A30AF41C248}
2014-04-17 15:48 - 2014-04-23 09:50 - 00000085 _____ () C:\Windows\system32\zdyhq.ntv
2014-04-17 15:43 - 2014-04-23 10:17 - 00037888 _____ () C:\Windows\system32\bkym.hba
2014-04-17 15:37 - 2014-04-23 10:17 - 00000102 _____ () C:\Windows\system32\pbajz.whu
2014-04-17 15:37 - 2014-04-17 15:37 - 00000064 _____ () C:\Windows\system32\vroxdr.nex
2014-04-17 15:21 - 2014-04-17 15:21 - 00301959 ____S () C:\Windows\system32\paxypy.deh
2014-04-17 15:14 - 2014-04-20 15:14 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-17 15:14 - 2014-04-17 15:37 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-17 15:14 - 2014-04-17 15:37 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-17 15:14 - 2014-04-17 15:14 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-17 15:14 - 2014-04-17 15:14 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-17 15:14 - 2014-04-17 15:14 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-17 15:14 - 2014-04-17 15:14 - 00000318 _____ () C:\Users\Stevef\AppData\Roaming\aps.uninstall.scan.results
2014-04-17 15:11 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\Stevef\AppData\Local\AnyProtectScannerSetup.exe
2014-04-17 15:06 - 2014-04-17 15:06 - 20914176 _____ () C:\Users\Stevef\Downloads\uPlayer.msi
2014-04-17 15:04 - 2014-04-17 15:48 - 00006425 _____ () C:\szfixila.log
2014-04-17 15:04 - 2014-04-17 15:48 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Fixila
2014-04-17 14:59 - 2014-04-18 18:56 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-04-16 14:21 - 2014-04-22 10:34 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-09 11:11 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 11:11 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 11:11 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 11:11 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 11:10 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 11:10 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 11:10 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 11:10 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 11:10 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 11:10 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 11:10 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 11:10 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 11:10 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 11:10 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 11:10 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 11:10 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 11:10 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 11:10 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 11:10 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 11:10 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 11:10 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 17:29 - 2014-04-06 17:30 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\BOSS-TONE-STUDIO-for-ME-80
2014-04-06 17:29 - 2014-04-06 17:29 - 00001053 _____ () C:\Users\Public\Desktop\BOSS TONE STUDIO for ME-80.lnk
2014-04-06 17:29 - 2014-04-06 17:29 - 00000000 ____D () C:\Program Files (x86)\BOSS TONE STUDIO for ME-80
2014-04-06 17:06 - 2014-04-06 17:06 - 00000000 ____D () C:\Program Files\RdDrv001
2014-04-06 17:06 - 2013-08-23 03:47 - 00714560 _____ (Roland Corporation) C:\Windows\system32\RDDP1142.EXE
2014-04-06 17:06 - 2013-08-23 03:47 - 00637952 _____ () C:\Windows\system32\RDCP1142.CPL
2014-04-06 17:06 - 2013-08-23 03:47 - 00202880 _____ (Roland Corporation) C:\Windows\system32\Drivers\RDWM1142.sys
2014-04-06 17:06 - 2013-08-23 03:47 - 00116736 _____ (Roland Corporation) C:\Windows\system32\RDAS1142.DLL
2014-04-06 17:06 - 2013-08-23 03:47 - 00102400 _____ (Roland Corporation) C:\Windows\SysWOW64\RDAW1142.DLL
2014-04-06 17:06 - 2013-08-23 03:47 - 00017920 _____ () C:\Windows\system32\RDCI1142.DLL
2014-04-06 17:06 - 2012-12-28 05:58 - 00275456 _____ (Roland Corporation) C:\Windows\SysWOW64\RDAH1142.DAT
2014-04-05 19:06 - 2014-04-05 19:06 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-25 00:14 - 2014-03-25 00:14 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-24 13:04 - 2014-03-24 13:04 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-24 12:30 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-24 12:30 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-24 12:30 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-24 12:30 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-24 12:30 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-24 12:30 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-24 12:30 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-24 12:30 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-24 12:30 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-24 12:30 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-24 12:30 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-24 12:30 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-24 12:30 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-24 12:30 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-24 12:30 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-24 12:30 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-24 12:30 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-24 12:30 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-24 12:30 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-24 12:30 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-24 12:30 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-24 12:30 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-24 12:30 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-24 12:30 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-24 12:30 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-24 12:30 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-24 12:30 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-24 12:30 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-24 12:30 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-24 12:30 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-24 12:30 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-24 12:30 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-24 12:30 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-24 12:30 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-24 12:30 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-24 12:30 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-24 12:30 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-24 12:30 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-24 12:30 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-24 12:30 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-24 12:29 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-24 12:29 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-24 12:29 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-24 12:29 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-24 12:17 - 2014-03-24 12:18 - 00000000 ____D () C:\ProgramData\AVG Secure Search
 
==================== One Month Modified Files and Folders =======
 
2014-04-23 10:18 - 2014-04-23 10:17 - 00038319 _____ () C:\Users\Stevef\Downloads\FRST.txt
2014-04-23 10:17 - 2014-04-22 11:13 - 00000000 ____D () C:\FRST
2014-04-23 10:17 - 2014-04-17 15:43 - 00037888 _____ () C:\Windows\system32\bkym.hba
2014-04-23 10:17 - 2014-04-17 15:37 - 00000102 _____ () C:\Windows\system32\pbajz.whu
2014-04-23 10:16 - 2011-07-23 17:22 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Spotify
2014-04-23 10:15 - 2014-04-23 10:15 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64 (1).exe
2014-04-23 10:04 - 2013-02-14 00:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-23 09:53 - 2011-07-23 18:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-23 09:53 - 2010-11-02 15:25 - 01498053 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 09:50 - 2014-04-17 15:48 - 00000085 _____ () C:\Windows\system32\zdyhq.ntv
2014-04-23 09:49 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 09:49 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 09:43 - 2014-04-18 18:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 09:42 - 2011-02-01 22:39 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\.oit
2014-04-23 09:42 - 2010-11-02 15:40 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 09:41 - 2014-01-22 12:42 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-04-23 09:40 - 2014-02-26 18:38 - 00007908 _____ () C:\Windows\setupact.log
2014-04-23 09:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 16:32 - 2010-11-02 15:40 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-22 16:31 - 2014-04-22 16:31 - 00004064 _____ () C:\{3E059BB4-3892-44D8-B4D5-3E6C27148212}
2014-04-22 16:28 - 2014-04-22 16:28 - 00003312 _____ () C:\{37E7ECCB-0FAF-4BF3-8007-E1ACFC9F7592}
2014-04-22 16:11 - 2011-07-23 17:22 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Spotify
2014-04-22 11:38 - 2014-04-22 11:38 - 00000000 ____D () C:\Users\Stevef\Desktop\TDSSKiller
2014-04-22 11:37 - 2014-04-22 11:37 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller (1).zip
2014-04-22 11:33 - 2014-04-22 11:33 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller.zip
2014-04-22 11:31 - 2014-04-22 11:31 - 00000630 _____ () C:\Users\Stevef\Desktop\Search.txt
2014-04-22 11:21 - 2014-04-22 11:14 - 00000630 _____ () C:\Users\Stevef\Downloads\Search.txt
2014-04-22 11:12 - 2014-04-22 11:12 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64.exe
2014-04-22 11:11 - 2013-11-21 16:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-22 10:34 - 2014-04-16 14:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 23:04 - 2014-04-21 23:04 - 00000000 _____ () C:\Windows\SysWOW64\shoE210.tmp
2014-04-21 11:59 - 2014-04-21 11:59 - 00000000 __SHD () C:\found.000
2014-04-20 18:00 - 2014-04-20 18:00 - 00019236 _____ () C:\Users\Stevef\Downloads\hijackthis.log
2014-04-20 18:00 - 2014-04-20 18:00 - 00019236 _____ () C:\Users\Stevef\Desktop\hijackthis.log
2014-04-20 17:59 - 2014-04-20 17:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Stevef\Downloads\HiJackThis.exe
2014-04-20 17:56 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 16:11 - 2014-04-20 16:11 - 00262144 _____ () C:\Windows\Minidump\042014-99684-01.dmp
2014-04-20 16:11 - 2012-08-19 23:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 15:14 - 2014-04-17 15:14 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-19 18:04 - 2014-04-19 18:04 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-04-19 18:01 - 2014-04-19 18:01 - 00002616 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_180152.txt
2014-04-19 17:56 - 2014-04-19 17:56 - 00003577 _____ () C:\Users\Stevef\Desktop\RKreport[0]_D_04192014_175654.txt
2014-04-19 17:56 - 2014-04-19 17:49 - 00000000 ____D () C:\Users\Stevef\Desktop\RK_Quarantine
2014-04-19 17:55 - 2014-04-19 17:55 - 00003430 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_175529.txt
2014-04-19 17:48 - 2014-04-19 17:48 - 03972608 _____ () C:\Users\Stevef\Downloads\RogueKiller.exe
2014-04-19 16:40 - 2010-11-02 16:01 - 00002148 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-19 16:30 - 2014-04-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-19 16:29 - 2014-04-19 16:29 - 00019618 _____ () C:\Windows\system32\.crusader
2014-04-19 16:09 - 2014-04-19 16:05 - 10971424 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro_x64.exe
2014-04-19 16:04 - 2014-04-19 16:02 - 10094400 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro.exe
2014-04-18 20:34 - 2013-01-22 23:02 - 00000000 ____D () C:\Program Files (x86)\VideoConverter
2014-04-18 20:07 - 2014-04-18 19:50 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Avg2014
2014-04-18 19:56 - 2014-04-18 19:56 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\AVG2014
2014-04-18 19:55 - 2014-04-18 19:55 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-18 19:55 - 2014-04-18 19:55 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\TuneUp Software
2014-04-18 19:55 - 2014-04-18 19:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-18 19:54 - 2011-07-23 19:25 - 00000000 ___HD () C:\$AVG
2014-04-18 19:53 - 2011-07-23 19:04 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-18 19:50 - 2014-04-18 19:50 - 00000000 ____D () C:\Users\Stevef\AppData\Local\MFAData
2014-04-18 19:49 - 2014-04-18 19:49 - 04462440 _____ (AVG Technologies) C:\Users\Stevef\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-04-18 19:01 - 2010-11-02 16:01 - 00003506 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-18 18:59 - 2010-11-02 15:47 - 00662382 _____ () C:\Windows\PFRO.log
2014-04-18 18:56 - 2014-04-17 14:59 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-04-18 18:56 - 2013-01-31 15:36 - 00000000 ____D () C:\ProgramData\Wincert
2014-04-18 18:37 - 2014-04-18 18:37 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 18:37 - 2014-04-18 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 18:37 - 2014-04-18 18:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 18:37 - 2014-04-18 18:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-18 18:35 - 2014-04-18 18:34 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-18 17:47 - 2009-07-14 01:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-17 18:25 - 2014-04-17 18:25 - 00000000 _____ () C:\Windows\SysWOW64\sho53AC.tmp
2014-04-17 18:23 - 2011-03-02 23:17 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\TuneUpMedia
2014-04-17 18:20 - 2014-04-17 18:20 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-17 18:20 - 2014-04-17 18:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-17 18:20 - 2014-04-17 18:19 - 00000000 ____D () C:\Program Files\iTunes
2014-04-17 18:20 - 2011-02-01 22:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-17 18:19 - 2014-04-17 18:19 - 00000000 ____D () C:\Program Files\iPod
2014-04-17 18:16 - 2014-04-17 18:10 - 148885840 _____ (Apple Inc.) C:\Users\Stevef\Downloads\iTunes64Setup (3).exe
2014-04-17 18:14 - 2014-04-17 18:14 - 00000396 _____ () C:\Users\Stevef\AppData\Roaming\guitar_tabs.xml
2014-04-17 16:25 - 2013-04-15 12:57 - 00000000 ____D () C:\Users\Stevef\AppData\Local\CrashDumps
2014-04-17 16:02 - 2011-01-31 03:05 - 00000000 ___RD () C:\Users\Stevef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 16:02 - 2011-01-31 03:05 - 00000000 ___RD () C:\Users\Stevef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 16:02 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-17 16:01 - 2012-10-09 13:33 - 00001415 _____ () C:\Users\Stevef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 15:55 - 2011-02-01 22:54 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Apple
2014-04-17 15:53 - 2014-04-17 15:53 - 00003142 _____ () C:\Windows\System32\Tasks\{FFA41107-2493-4721-A720-1A30AF41C248}
2014-04-17 15:48 - 2014-04-17 15:04 - 00006425 _____ () C:\szfixila.log
2014-04-17 15:48 - 2014-04-17 15:04 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Fixila
2014-04-17 15:37 - 2014-04-17 15:37 - 00000064 _____ () C:\Windows\system32\vroxdr.nex
2014-04-17 15:37 - 2014-04-17 15:14 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-17 15:37 - 2014-04-17 15:14 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-17 15:21 - 2014-04-17 15:21 - 00301959 ____S () C:\Windows\system32\paxypy.deh
2014-04-17 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-17 15:14 - 2014-04-17 15:14 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-17 15:14 - 2014-04-17 15:14 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-17 15:14 - 2014-04-17 15:14 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-17 15:14 - 2014-04-17 15:14 - 00000318 _____ () C:\Users\Stevef\AppData\Roaming\aps.uninstall.scan.results
2014-04-17 15:13 - 2013-02-14 00:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-17 15:13 - 2013-02-14 00:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-17 15:13 - 2011-05-19 11:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-17 15:06 - 2014-04-17 15:06 - 20914176 _____ () C:\Users\Stevef\Downloads\uPlayer.msi
2014-04-17 15:03 - 2013-01-22 13:43 - 00000000 _____ () C:\end
2014-04-17 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-04-16 15:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-16 14:21 - 2013-01-23 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-16 14:21 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-16 14:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-11 23:13 - 2014-04-17 15:11 - 01079839 _____ (AnyProtect.com) C:\Users\Stevef\AppData\Local\AnyProtectScannerSetup.exe
2014-04-10 17:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 11:54 - 2013-08-19 00:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 11:52 - 2011-02-02 18:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 11:21 - 2014-02-25 19:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-07 22:39 - 2011-09-07 21:53 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\OffbeatEngine
2014-04-06 17:30 - 2014-04-06 17:29 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\BOSS-TONE-STUDIO-for-ME-80
2014-04-06 17:29 - 2014-04-06 17:29 - 00001053 _____ () C:\Users\Public\Desktop\BOSS TONE STUDIO for ME-80.lnk
2014-04-06 17:29 - 2014-04-06 17:29 - 00000000 ____D () C:\Program Files (x86)\BOSS TONE STUDIO for ME-80
2014-04-06 17:06 - 2014-04-06 17:06 - 00000000 ____D () C:\Program Files\RdDrv001
2014-04-05 19:06 - 2014-04-05 19:06 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-05 19:06 - 2011-02-01 22:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-03 09:51 - 2014-04-18 18:37 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 18:37 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-18 18:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:18 - 2013-06-24 19:19 - 00072192 _____ () C:\Users\Stevef\Desktop\QZ0613.xls
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-01 20:02 - 2013-05-21 19:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-30 21:16 - 2014-04-09 11:11 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 21:13 - 2014-04-09 11:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 20:13 - 2014-04-09 11:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 19:57 - 2014-04-09 11:11 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-26 11:21 - 2011-01-31 08:19 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\SoftGrid Client
2014-03-26 09:33 - 2013-11-21 16:19 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Skype
2014-03-25 12:38 - 2012-08-29 21:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-25 12:38 - 2012-08-29 21:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-25 12:38 - 2009-07-14 00:45 - 00436072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-25 12:20 - 2013-11-21 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-03-25 00:15 - 2013-05-14 12:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-25 00:15 - 2012-12-14 17:27 - 00055906 _____ () C:\Windows\DPINST.LOG
2014-03-25 00:14 - 2014-03-25 00:14 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-25 00:14 - 2013-05-14 12:32 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-03-25 00:14 - 2013-05-14 12:32 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-03-25 00:12 - 2011-12-30 13:33 - 00000000 ____D () C:\ProgramData\Western Digital
2014-03-24 13:04 - 2014-03-24 13:04 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-24 12:18 - 2014-03-24 12:17 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-24 12:18 - 2013-06-27 03:35 - 00003702 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-24 12:15 - 2012-09-13 11:25 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-24 12:15 - 2012-09-13 11:25 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\Users\Stevef\~uTorrentPartFile_11C434226.dat
 
 
Some content of TEMP:
====================
C:\Users\Stevef\AppData\Local\Temp\HitmanPro.exe
C:\Users\Stevef\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Stevef\AppData\Local\Temp\SCC.dll
C:\Users\Stevef\AppData\Local\Temp\SymCCIS.dll
C:\Users\Stevef\AppData\Local\Temp\SymcPCCUInstaller.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-03-07 00:36] - [2010-11-20 09:27] - 0515072 ____N (Microsoft Corporation) CFEC2F4117732D341DB5C828407CC1AB
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-21 17:02
 
==================== End Of Log ============================
 
 
 
Here are the Addition.text results:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Stevef at 2014-04-23 10:20:45
Running from C:\Users\Stevef\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies)
AVG 2014 (Version: 14.0.3920 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS TONE STUDIO for ME-80 (HKLM-x32\...\BOSS-TONE-STUDIO-for-ME-80) (Version: 1.0.0 - Roland Corporation)
BOSS TONE STUDIO for ME-80 (x32 Version: 1.0.0 - Roland Corporation) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Driver Manager (HKLM-x32\...\{686695ED-BB3F-415D-B0DB-18CF535F7B50}) (Version: 7 - Driver Manager)
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.00 - SEIKO EPSON Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.000 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1a - SEIKO EPSON CORPORATION)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 26.0.1410.43 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.135 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
JamGuru 1.0 RC5 (HKLM-x32\...\JamGuru) (Version: 1.0 RC5 - Ultimate-Guitar)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Kazaa Music Plugin (HKLM-x32\...\Kazaa Music Plugin_is1) (Version:  - Kazaa Inc.)
Kensington SlimBlade Driver (HKLM\...\MouseSuite98KST) (Version:  - )
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.6.2000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.0.0.2358 - McAfee, Inc.)
ME-80 Driver (HKLM\...\RolandRDID0142) (Version:  - Roland Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
Norton 360 (HKLM-x32\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5741 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Presto! PageManager 8.15.01 SE (HKLM-x32\...\{73CD9967-000C-49C6-A900-C87D5B2D253F}) (Version: 8.15.01 - NewSoft Technology Corporation)
qBittorrent 2.9.11 (HKLM-x32\...\qbittorrent) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Safari Packages (HKCU\...\Safari Packages) (Version:  - ) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab for Intel (HKLM-x32\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
TuneUp 3.0.7.0 (HKLM-x32\...\TuneUpMedia) (Version: 3.0.7.0 - TuneUp Media, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Converter (HKCU\...\Video Converter) (Version:  - )
ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version:  - )
ViewSonic Windows 7 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version:  - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05BE7CC8-4D38-4A46-866F-F7CBA7608463} - System32\Tasks\Western Digital\SmartWare\____Volume_62129ede_e6b6_11df_8d53_806e6f6e6963______Volume_a44e142e_3309_11e1_bd14_bcaec50b5e1c__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-02-28] (Western Digital Technologies, Inc.)
Task: {16EE232E-7B43-4345-BA2E-E4D4FFB43A95} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-03-06] (Maxthon International ltd.)
Task: {1FE08FBA-6DD7-4ADB-9990-F20E0EC43188} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02] (Google Inc.)
Task: {288844EE-3A6B-4A37-B8EA-708D339957A6} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {404815BD-3A21-4F81-BB4A-706B7E58827B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {57E5BB8C-12AF-4896-BD74-4532400C045B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {6857A186-0F86-4FD8-BE32-33FA317D11AF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {738052DD-17C7-42ED-BF22-559F26E8363E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {79DD6079-4974-440F-B1F3-5F6E32D44E50} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8B4CE628-D3B5-4344-89FA-1C58BEBE2C12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {983A3C3E-0818-4E5B-8F04-A65E668A4D0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-17] (Adobe Systems Incorporated)
Task: {9A593183-468F-4A50-8237-B0ED7BA2962D} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {ABDE5A9E-A109-423F-B4E7-F7713F6ABE27} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {AFE2D46F-06F7-419C-8990-077174FC906E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {B0DB8BCA-6D95-4926-9268-406497684819} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {B990ABC7-8068-4FB9-9F79-AF98473A2234} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02] (Google Inc.)
Task: {C69E1D80-F785-4B1C-8C9C-0B7025A9CF76} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {DD3AC4F3-C80E-435F-821D-5994FB915AB9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-09] (Microsoft Corporation)
Task: {DF2BBCE0-9487-409C-96E3-26B900121025} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {FA8B88A4-4A46-4B4E-829D-459D6620FEA7} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-25 19:02 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-25 19:02 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-03-24 12:17 - 2014-03-24 12:15 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2014-04-09 11:19 - 2014-04-09 11:19 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-11-02 16:01 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-11 13:27 - 2010-01-11 13:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-05 21:22 - 2010-05-05 21:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2011-08-31 13:13 - 2011-08-31 13:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-02 16:36 - 2010-07-02 16:36 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-09-13 11:25 - 2014-03-24 12:15 - 02544664 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-09-23 17:26 - 2014-04-09 17:44 - 00602680 _____ () C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 12:17 - 2014-03-24 12:15 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 20:08 - 2007-06-01 20:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2013-06-24 19:28 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
2012-01-25 15:22 - 2014-04-09 17:44 - 36966968 _____ () C:\Users\Stevef\AppData\Roaming\Spotify\Data\libcef.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2010-02-23 18:14 - 2010-02-23 18:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-02-23 18:14 - 2010-02-23 18:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-23 18:11 - 2010-02-23 18:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-23 18:12 - 2010-02-23 18:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-23 18:14 - 2010-02-23 18:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
2013-09-23 17:26 - 2014-04-09 17:44 - 00886840 _____ () C:\Users\Stevef\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-23 17:26 - 2014-04-09 17:44 - 00108600 _____ () C:\Users\Stevef\AppData\Roaming\Spotify\Data\libegl.dll
2013-03-30 10:33 - 2013-03-21 18:49 - 00598480 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
2013-03-30 10:33 - 2013-03-21 18:49 - 00124368 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll
2013-03-30 10:33 - 2013-03-21 18:50 - 04050896 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
2013-03-30 10:33 - 2013-03-21 18:50 - 00390096 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
2013-03-30 10:33 - 2013-03-21 18:49 - 01606096 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
2013-05-15 10:00 - 2013-05-15 10:00 - 13136776 _____ () C:\Users\Stevef\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\Windows\pss\Nikon Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk => C:\Windows\pss\WD Quick View.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ampmdm => C:\Program Files (x86)\Altnet Music Plugin\AMPMDM.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: EPSON Artisan 810 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S59A5.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON Artisan 810 Series (Copy 1) (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S18CE.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON Artisan 810 Series (Copy 2) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S23D6.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON Artisan 810 Series v2 => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SA2F5.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSONFF936F (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S3247.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSONFF936F (Copy 1) (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SCB59.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSONFF936F (Copy 1) (Copy 1) (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S1B7C.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSONFF936F (Copy 1) (Copy 2) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S1E3A.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSONFF936F (Copy 2) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S20E9.tmp" /EF "HKCU"
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: Spotify => "C:\Users\Stevef\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/23/2014 09:54:49 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (04/22/2014 10:47:11 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (04/21/2014 10:56:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12329367
 
Error: (04/21/2014 10:56:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12329367
 
Error: (04/21/2014 10:56:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/21/2014 07:30:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6146
 
Error: (04/21/2014 07:30:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6146
 
Error: (04/21/2014 07:30:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/21/2014 07:30:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5101
 
Error: (04/21/2014 07:30:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5101
 
 
System errors:
=============
Error: (04/23/2014 09:43:30 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (04/23/2014 09:43:30 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (04/23/2014 09:40:49 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (04/23/2014 09:40:36 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (04/23/2014 09:40:28 AM) (Source: Service Control Manager) (User: )
Description: The GoToMyPC service failed to start due to the following error: 
%%2
 
Error: (04/22/2014 04:25:07 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (04/22/2014 04:25:07 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (04/22/2014 04:13:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (04/22/2014 04:10:31 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (04/22/2014 04:10:31 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (04/23/2014 09:54:49 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (04/22/2014 10:47:11 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (04/21/2014 10:56:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12329367
 
Error: (04/21/2014 10:56:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12329367
 
Error: (04/21/2014 10:56:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/21/2014 07:30:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6146
 
Error: (04/21/2014 07:30:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6146
 
Error: (04/21/2014 07:30:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/21/2014 07:30:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5101
 
Error: (04/21/2014 07:30:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5101
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 84%
Total physical RAM: 3884.55 MB
Available physical RAM: 599.88 MB
Total Pagefile: 7767.29 MB
Available Pagefile: 2921.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:3.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:300.26 GB) NTFS
Drive g: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
Drive l: (My Book) (Fixed) (Total:930.86 GB) (Free:672.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=328 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 23 April 2014 - 09:37 AM

Going over your logs I noticed that you have qBitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall qBitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

 

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or Norton.

 

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

File Type Assistant
Safari Packages
 


Close the window.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 

#7 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 23 April 2014 - 01:56 PM

Uninstalled qBittorrent and AVG anti-virus
Downloaded fixlist.txt and saved it
Ran FRST64.exe and selected Fix. After it ran, it said I had to restart my computer so I did. But I cannot log in to the computer anymore (writing this from iPad). The computer turns on and provides a message asking if I want to start in regular Windows mode or in safe mode. First I tried Windows mode and it never got me to the log in screen. I just get a blank screen (I can still see the curser on the screen). So I powered down and tried to boot up again, this time selecting Safe mode. Got the same result. So as of now I can't even use the computer.

Getting frustrated, but appreciate your help and want to get this solved. Thank you. Hopefully we (you!) can figure this out.

#8 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 24 April 2014 - 04:05 AM

Do you have another computer nearby?


Proud Member of UNITE & TB
 

#9 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 April 2014 - 06:02 AM

Yes, I have access to another computer

#10 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 24 April 2014 - 07:43 AM

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 

    Advertisements

Register to Remove


#11 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 April 2014 - 11:00 AM

Here are the results of the frst scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by SYSTEM on MININT-9CS0TJ3 on 24-04-2014 12:47:41
Running from F:\EPSCAN
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KS Mouse Suite Daemon] => KICONSPY.EXE
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1583808 2009-03-02] (Leader Technologies Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-24] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM\...\RunOnce: [*FRST] - "C:\Users\Stevef\Downloads\FRST64 (1).exe" [2061312 2014-04-23] (Farbar)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\Stevef\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE [55120 2008-12-09] (NewSoft Technology Corporation)
HKU\Stevef\...\Run: [EPSONFF936F] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\Stevef\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\Stevef\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\Stevef\...\Run: [Spotify Web Helper] => C:\Users\Stevef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-09] (Spotify Ltd)
HKU\Stevef\...\Run: [GoogleChromeAutoLaunch_EDB5E3CD333E8E75245B3ADD3873254E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1312720 2013-03-21] (Google Inc.)
HKU\Stevef\...\Run: [Spotify] => C:\Users\Stevef\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-09] (Spotify Ltd)
HKU\Stevef\...\Run: [EPSON Artisan 810 Series v2] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\Stevef\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\Stevef\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\Stevef\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\Stevef\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\UpdatusUser\...\Run: [EPSON Artisan 810 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\UpdatusUser\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE [55120 2008-12-09] (NewSoft Technology Corporation)
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-05-31] (AVG Secure Search)
HKU\UpdatusUser\...\RunOnce: [AVG search provider] - "C:\Program Files (x86)\AVG\AVG10\SearchProvider.exe" /AFTERINST
HKU\UpdatusUser\...\RunOnce: [spchecker] - "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\UpdatusUser\...\Policies\Explorer: [NoSetActiveDesktop] 0
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [113768 2010-07-12] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [102504 2010-07-12] (NVIDIA Corporation)

==================== Services (Whitelisted) =================

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-29] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 GoToMyPC; "C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe" Start=service [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]

==================== Drivers (Whitelisted) ====================

S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-24] (AVG Technologies)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-03-24] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20140422.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140422.033\ENG64.SYS [126040 2014-03-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140422.033\EX64.SYS [2099288 2014-03-24] (Symantec Corporation)
S3 pksmouse; C:\Windows\System32\DRIVERS\pksmouse.sys [22528 2008-08-04] (Primax Electronics Ltd.)
S3 pksusblf; C:\Windows\System32\DRIVERS\pksusblf.sys [11776 2008-11-05] (Primax Electronics Ltd.)
S3 RDID1142; C:\Windows\System32\Drivers\rdwm1142.sys [202880 2013-08-22] (Roland Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-24] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 tmlwf;
S3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 10:55 - 2014-04-23 10:55 - 00797552 _____ (Reimage®) C:\Users\Stevef\Downloads\ReimageRepair.exe
2014-04-23 10:49 - 2014-04-23 10:49 - 00004166 _____ () C:\Users\Stevef\Desktop\fixlist.txt
2014-04-23 07:28 - 2014-04-23 07:28 - 00000000 _____ () C:\Windows\SysWOW64\shoE84D.tmp
2014-04-23 07:16 - 2014-04-23 07:16 - 00072008 _____ () C:\Users\Stevef\Desktop\FRST 2.txt
2014-04-23 07:15 - 2014-04-23 07:15 - 00037202 _____ () C:\Users\Stevef\Desktop\Addition.txt
2014-04-23 06:20 - 2014-04-23 06:24 - 00037202 _____ () C:\Users\Stevef\Downloads\Addition.txt
2014-04-23 06:17 - 2014-04-23 06:24 - 00072008 _____ () C:\Users\Stevef\Downloads\FRST.txt
2014-04-23 06:15 - 2014-04-23 06:15 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64 (1).exe
2014-04-22 12:31 - 2014-04-22 12:31 - 00004064 _____ () C:\{3E059BB4-3892-44D8-B4D5-3E6C27148212}
2014-04-22 12:28 - 2014-04-22 12:28 - 00003312 _____ () C:\{37E7ECCB-0FAF-4BF3-8007-E1ACFC9F7592}
2014-04-22 07:38 - 2014-04-22 07:38 - 00000000 ____D () C:\Users\Stevef\Desktop\TDSSKiller
2014-04-22 07:37 - 2014-04-22 07:37 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller (1).zip
2014-04-22 07:33 - 2014-04-22 07:33 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller.zip
2014-04-22 07:31 - 2014-04-22 07:31 - 00000630 _____ () C:\Users\Stevef\Desktop\Search.txt
2014-04-22 07:14 - 2014-04-22 07:21 - 00000630 _____ () C:\Users\Stevef\Downloads\Search.txt
2014-04-22 07:13 - 2014-04-24 12:47 - 00000000 ____D () C:\FRST
2014-04-22 07:12 - 2014-04-22 07:12 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64.exe
2014-04-21 19:04 - 2014-04-21 19:04 - 00000000 _____ () C:\Windows\SysWOW64\shoE210.tmp
2014-04-21 07:59 - 2014-04-21 07:59 - 00000000 __SHD () C:\found.000
2014-04-20 14:00 - 2014-04-20 14:00 - 00019236 _____ () C:\Users\Stevef\Downloads\hijackthis.log
2014-04-20 14:00 - 2014-04-20 14:00 - 00019236 _____ () C:\Users\Stevef\Desktop\hijackthis.log
2014-04-20 13:59 - 2014-04-20 13:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Stevef\Downloads\HiJackThis.exe
2014-04-20 12:11 - 2014-04-20 12:11 - 00262144 _____ () C:\Windows\Minidump\042014-99684-01.dmp
2014-04-19 14:04 - 2014-04-19 14:04 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-04-19 14:01 - 2014-04-19 14:01 - 00002616 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_180152.txt
2014-04-19 13:56 - 2014-04-19 13:56 - 00003577 _____ () C:\Users\Stevef\Desktop\RKreport[0]_D_04192014_175654.txt
2014-04-19 13:55 - 2014-04-19 13:55 - 00003430 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_175529.txt
2014-04-19 13:49 - 2014-04-19 13:56 - 00000000 ____D () C:\Users\Stevef\Desktop\RK_Quarantine
2014-04-19 13:48 - 2014-04-19 13:48 - 03972608 _____ () C:\Users\Stevef\Downloads\RogueKiller.exe
2014-04-19 12:29 - 2014-04-19 12:29 - 00019618 _____ () C:\Windows\System32\.crusader
2014-04-19 12:05 - 2014-04-19 12:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-19 12:05 - 2014-04-19 12:09 - 10971424 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro_x64.exe
2014-04-19 12:02 - 2014-04-19 12:04 - 10094400 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro.exe
2014-04-18 15:56 - 2014-04-18 15:56 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\AVG2014
2014-04-18 15:55 - 2014-04-18 15:55 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\TuneUp Software
2014-04-18 15:54 - 2014-04-23 10:36 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-18 15:50 - 2014-04-23 10:34 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Avg2014
2014-04-18 15:50 - 2014-04-18 15:50 - 00000000 ____D () C:\Users\Stevef\AppData\Local\MFAData
2014-04-18 15:49 - 2014-04-18 15:49 - 04462440 _____ (AVG Technologies) C:\Users\Stevef\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-04-18 14:37 - 2014-04-23 10:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-18 14:37 - 2014-04-18 14:37 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 14:37 - 2014-04-18 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 14:37 - 2014-04-18 14:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 14:37 - 2014-04-03 05:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-18 14:37 - 2014-04-03 05:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-18 14:37 - 2014-04-03 05:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-18 14:36 - 2014-04-18 14:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-18 14:34 - 2014-04-18 14:35 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-17 14:25 - 2014-04-17 14:25 - 00000000 _____ () C:\Windows\SysWOW64\sho53AC.tmp
2014-04-17 14:20 - 2014-04-17 14:20 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-17 14:19 - 2014-04-17 14:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-17 14:19 - 2014-04-17 14:20 - 00000000 ____D () C:\Program Files\iTunes
2014-04-17 14:19 - 2014-04-17 14:19 - 00000000 ____D () C:\Program Files\iPod
2014-04-17 14:14 - 2014-04-17 14:14 - 00000396 _____ () C:\Users\Stevef\AppData\Roaming\guitar_tabs.xml
2014-04-17 14:10 - 2014-04-17 14:16 - 148885840 _____ (Apple Inc.) C:\Users\Stevef\Downloads\iTunes64Setup (3).exe
2014-04-17 11:53 - 2014-04-17 11:53 - 00003142 _____ () C:\Windows\System32\Tasks\{FFA41107-2493-4721-A720-1A30AF41C248}
2014-04-17 11:14 - 2014-04-17 11:14 - 00000318 _____ () C:\Users\Stevef\AppData\Roaming\aps.uninstall.scan.results
2014-04-17 11:11 - 2014-04-11 19:13 - 01079839 _____ (AnyProtect.com) C:\Users\Stevef\AppData\Local\AnyProtectScannerSetup.exe
2014-04-17 11:06 - 2014-04-17 11:06 - 20914176 _____ () C:\Users\Stevef\Downloads\uPlayer.msi
2014-04-17 11:04 - 2014-04-17 11:48 - 00006425 _____ () C:\szfixila.log
2014-04-17 11:04 - 2014-04-17 11:48 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Fixila
2014-04-16 10:21 - 2014-04-22 06:34 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-09 07:11 - 2014-03-30 17:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-09 07:11 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-09 07:11 - 2014-03-30 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 07:11 - 2014-03-30 15:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 07:10 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-09 07:10 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-09 07:10 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-09 07:10 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-09 07:10 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-09 07:10 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:10 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:10 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:10 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:10 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:10 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:10 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-09 07:10 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-09 07:10 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-09 07:10 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-09 07:10 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:10 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-06 13:29 - 2014-04-06 13:30 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\BOSS-TONE-STUDIO-for-ME-80
2014-04-06 13:29 - 2014-04-06 13:29 - 00001053 _____ () C:\Users\Public\Desktop\BOSS TONE STUDIO for ME-80.lnk
2014-04-06 13:29 - 2014-04-06 13:29 - 00000000 ____D () C:\Program Files (x86)\BOSS TONE STUDIO for ME-80
2014-04-06 13:06 - 2014-04-06 13:06 - 00000000 ____D () C:\Program Files\RdDrv001
2014-04-06 13:06 - 2013-08-22 23:47 - 00714560 _____ (Roland Corporation) C:\Windows\System32\RDDP1142.EXE
2014-04-06 13:06 - 2013-08-22 23:47 - 00637952 _____ () C:\Windows\System32\RDCP1142.CPL
2014-04-06 13:06 - 2013-08-22 23:47 - 00202880 _____ (Roland Corporation) C:\Windows\System32\Drivers\RDWM1142.sys
2014-04-06 13:06 - 2013-08-22 23:47 - 00116736 _____ (Roland Corporation) C:\Windows\System32\RDAS1142.DLL
2014-04-06 13:06 - 2013-08-22 23:47 - 00102400 _____ (Roland Corporation) C:\Windows\SysWOW64\RDAW1142.DLL
2014-04-06 13:06 - 2013-08-22 23:47 - 00017920 _____ () C:\Windows\System32\RDCI1142.DLL
2014-04-06 13:06 - 2012-12-28 01:58 - 00275456 _____ (Roland Corporation) C:\Windows\SysWOW64\RDAH1142.DAT
2014-04-05 15:06 - 2014-04-05 15:06 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

==================== One Month Modified Files and Folders =======

2014-04-24 12:47 - 2014-04-22 07:13 - 00000000 ____D () C:\FRST
2014-04-23 11:10 - 2010-11-02 11:47 - 00664894 _____ () C:\Windows\PFRO.log
2014-04-23 10:59 - 2011-01-30 22:57 - 00000000 ____D () C:\users\Stevef
2014-04-23 10:59 - 2010-11-02 11:25 - 01518721 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 10:59 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-04-23 10:55 - 2014-04-23 10:55 - 00797552 _____ (Reimage®) C:\Users\Stevef\Downloads\ReimageRepair.exe
2014-04-23 10:52 - 2011-07-23 13:22 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Spotify
2014-04-23 10:49 - 2014-04-23 10:49 - 00004166 _____ () C:\Users\Stevef\Desktop\fixlist.txt
2014-04-23 10:45 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 10:45 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 10:42 - 2014-04-18 14:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-23 10:38 - 2014-01-22 08:42 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-04-23 10:37 - 2011-02-01 18:39 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\.oit
2014-04-23 10:36 - 2014-04-18 15:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-23 10:36 - 2014-02-26 14:38 - 00008020 _____ () C:\Windows\setupact.log
2014-04-23 10:36 - 2011-07-23 15:04 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-23 10:36 - 2011-07-23 14:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-23 10:36 - 2010-11-02 11:40 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 10:36 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 10:34 - 2014-04-18 15:50 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Avg2014
2014-04-23 10:32 - 2011-07-23 15:25 - 00000000 ___HD () C:\$AVG
2014-04-23 10:32 - 2010-11-02 11:40 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 07:28 - 2014-04-23 07:28 - 00000000 _____ () C:\Windows\SysWOW64\shoE84D.tmp
2014-04-23 07:16 - 2014-04-23 07:16 - 00072008 _____ () C:\Users\Stevef\Desktop\FRST 2.txt
2014-04-23 07:15 - 2014-04-23 07:15 - 00037202 _____ () C:\Users\Stevef\Desktop\Addition.txt
2014-04-23 07:04 - 2013-02-13 20:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-23 06:24 - 2014-04-23 06:20 - 00037202 _____ () C:\Users\Stevef\Downloads\Addition.txt
2014-04-23 06:24 - 2014-04-23 06:17 - 00072008 _____ () C:\Users\Stevef\Downloads\FRST.txt
2014-04-23 06:15 - 2014-04-23 06:15 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64 (1).exe
2014-04-22 12:31 - 2014-04-22 12:31 - 00004064 _____ () C:\{3E059BB4-3892-44D8-B4D5-3E6C27148212}
2014-04-22 12:28 - 2014-04-22 12:28 - 00003312 _____ () C:\{37E7ECCB-0FAF-4BF3-8007-E1ACFC9F7592}
2014-04-22 12:11 - 2011-07-23 13:22 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Spotify
2014-04-22 07:38 - 2014-04-22 07:38 - 00000000 ____D () C:\Users\Stevef\Desktop\TDSSKiller
2014-04-22 07:37 - 2014-04-22 07:37 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller (1).zip
2014-04-22 07:33 - 2014-04-22 07:33 - 04142142 _____ () C:\Users\Stevef\Downloads\tdsskiller.zip
2014-04-22 07:31 - 2014-04-22 07:31 - 00000630 _____ () C:\Users\Stevef\Desktop\Search.txt
2014-04-22 07:21 - 2014-04-22 07:14 - 00000630 _____ () C:\Users\Stevef\Downloads\Search.txt
2014-04-22 07:12 - 2014-04-22 07:12 - 02061312 _____ (Farbar) C:\Users\Stevef\Downloads\FRST64.exe
2014-04-22 07:11 - 2013-11-21 12:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-22 06:34 - 2014-04-16 10:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 19:04 - 2014-04-21 19:04 - 00000000 _____ () C:\Windows\SysWOW64\shoE210.tmp
2014-04-21 07:59 - 2014-04-21 07:59 - 00000000 __SHD () C:\found.000
2014-04-20 14:00 - 2014-04-20 14:00 - 00019236 _____ () C:\Users\Stevef\Downloads\hijackthis.log
2014-04-20 14:00 - 2014-04-20 14:00 - 00019236 _____ () C:\Users\Stevef\Desktop\hijackthis.log
2014-04-20 13:59 - 2014-04-20 13:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Stevef\Downloads\HiJackThis.exe
2014-04-20 13:56 - 2009-07-13 21:13 - 00783400 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-20 12:11 - 2014-04-20 12:11 - 00262144 _____ () C:\Windows\Minidump\042014-99684-01.dmp
2014-04-20 12:11 - 2012-08-19 19:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-19 14:04 - 2014-04-19 14:04 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-04-19 14:01 - 2014-04-19 14:01 - 00002616 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_180152.txt
2014-04-19 13:56 - 2014-04-19 13:56 - 00003577 _____ () C:\Users\Stevef\Desktop\RKreport[0]_D_04192014_175654.txt
2014-04-19 13:56 - 2014-04-19 13:49 - 00000000 ____D () C:\Users\Stevef\Desktop\RK_Quarantine
2014-04-19 13:55 - 2014-04-19 13:55 - 00003430 _____ () C:\Users\Stevef\Desktop\RKreport[0]_S_04192014_175529.txt
2014-04-19 13:48 - 2014-04-19 13:48 - 03972608 _____ () C:\Users\Stevef\Downloads\RogueKiller.exe
2014-04-19 12:40 - 2010-11-02 12:01 - 00002148 _____ () C:\Windows\System32\ServiceFilter.ini
2014-04-19 12:30 - 2014-04-19 12:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-19 12:29 - 2014-04-19 12:29 - 00019618 _____ () C:\Windows\System32\.crusader
2014-04-19 12:09 - 2014-04-19 12:05 - 10971424 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro_x64.exe
2014-04-19 12:04 - 2014-04-19 12:02 - 10094400 _____ (SurfRight B.V.) C:\Users\Stevef\Downloads\HitmanPro.exe
2014-04-18 16:34 - 2013-01-22 19:02 - 00000000 ____D () C:\Program Files (x86)\VideoConverter
2014-04-18 15:56 - 2014-04-18 15:56 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\AVG2014
2014-04-18 15:55 - 2014-04-18 15:55 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\TuneUp Software
2014-04-18 15:50 - 2014-04-18 15:50 - 00000000 ____D () C:\Users\Stevef\AppData\Local\MFAData
2014-04-18 15:49 - 2014-04-18 15:49 - 04462440 _____ (AVG Technologies) C:\Users\Stevef\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-04-18 15:01 - 2010-11-02 12:01 - 00003506 _____ () C:\Windows\System32\AutoRunFilter.ini
2014-04-18 14:56 - 2013-01-31 11:36 - 00000000 ____D () C:\ProgramData\Wincert
2014-04-18 14:37 - 2014-04-18 14:37 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 14:37 - 2014-04-18 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 14:37 - 2014-04-18 14:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 14:37 - 2014-04-18 14:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-18 14:35 - 2014-04-18 14:34 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Stevef\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-18 13:47 - 2009-07-13 21:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-17 14:25 - 2014-04-17 14:25 - 00000000 _____ () C:\Windows\SysWOW64\sho53AC.tmp
2014-04-17 14:23 - 2011-03-02 19:17 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\TuneUpMedia
2014-04-17 14:20 - 2014-04-17 14:20 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-17 14:20 - 2014-04-17 14:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-17 14:20 - 2014-04-17 14:19 - 00000000 ____D () C:\Program Files\iTunes
2014-04-17 14:20 - 2011-02-01 18:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-17 14:19 - 2014-04-17 14:19 - 00000000 ____D () C:\Program Files\iPod
2014-04-17 14:16 - 2014-04-17 14:10 - 148885840 _____ (Apple Inc.) C:\Users\Stevef\Downloads\iTunes64Setup (3).exe
2014-04-17 14:14 - 2014-04-17 14:14 - 00000396 _____ () C:\Users\Stevef\AppData\Roaming\guitar_tabs.xml
2014-04-17 12:25 - 2013-04-15 08:57 - 00000000 ____D () C:\Users\Stevef\AppData\Local\CrashDumps
2014-04-17 12:02 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-17 11:55 - 2011-02-01 18:54 - 00000000 ____D () C:\Users\Stevef\AppData\Local\Apple
2014-04-17 11:53 - 2014-04-17 11:53 - 00003142 _____ () C:\Windows\System32\Tasks\{FFA41107-2493-4721-A720-1A30AF41C248}
2014-04-17 11:48 - 2014-04-17 11:04 - 00006425 _____ () C:\szfixila.log
2014-04-17 11:48 - 2014-04-17 11:04 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Fixila
2014-04-17 11:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\sysprep
2014-04-17 11:14 - 2014-04-17 11:14 - 00000318 _____ () C:\Users\Stevef\AppData\Roaming\aps.uninstall.scan.results
2014-04-17 11:13 - 2013-02-13 20:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-17 11:13 - 2013-02-13 20:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-17 11:13 - 2011-05-19 07:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-17 11:06 - 2014-04-17 11:06 - 20914176 _____ () C:\Users\Stevef\Downloads\uPlayer.msi
2014-04-17 11:03 - 2013-01-22 09:43 - 00000000 _____ () C:\end
2014-04-17 10:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2014-04-16 11:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-16 10:21 - 2013-01-23 07:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-16 10:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-11 19:13 - 2014-04-17 11:11 - 01079839 _____ (AnyProtect.com) C:\Users\Stevef\AppData\Local\AnyProtectScannerSetup.exe
2014-04-10 13:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 07:54 - 2013-08-18 20:08 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-09 07:52 - 2011-02-02 14:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-09 07:21 - 2014-02-25 15:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-07 18:39 - 2011-09-07 17:53 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\OffbeatEngine
2014-04-06 13:30 - 2014-04-06 13:29 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\BOSS-TONE-STUDIO-for-ME-80
2014-04-06 13:29 - 2014-04-06 13:29 - 00001053 _____ () C:\Users\Public\Desktop\BOSS TONE STUDIO for ME-80.lnk
2014-04-06 13:29 - 2014-04-06 13:29 - 00000000 ____D () C:\Program Files (x86)\BOSS TONE STUDIO for ME-80
2014-04-06 13:06 - 2014-04-06 13:06 - 00000000 ____D () C:\Program Files\RdDrv001
2014-04-05 15:06 - 2014-04-05 15:06 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-05 15:06 - 2011-02-01 18:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-03 05:51 - 2014-04-18 14:37 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 05:51 - 2014-04-18 14:37 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-03 05:50 - 2014-04-18 14:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-02 15:18 - 2013-06-24 15:19 - 00072192 _____ () C:\Users\Stevef\Desktop\QZ0613.xls
2014-04-01 16:02 - 2013-05-21 15:19 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-03-30 17:16 - 2014-04-09 07:11 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-30 17:13 - 2014-04-09 07:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-30 16:13 - 2014-04-09 07:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 15:57 - 2014-04-09 07:11 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-26 07:21 - 2011-01-31 04:19 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\SoftGrid Client
2014-03-26 05:33 - 2013-11-21 12:19 - 00000000 ____D () C:\Users\Stevef\AppData\Roaming\Skype
2014-03-25 08:38 - 2012-08-29 17:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-25 08:38 - 2012-08-29 17:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-25 08:38 - 2009-07-13 20:45 - 00436072 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-25 08:20 - 2013-11-21 12:18 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Stevef\AppData\Local\Temp\HitmanPro.exe
C:\Users\Stevef\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Stevef\AppData\Local\Temp\SCC.dll
C:\Users\Stevef\AppData\Local\Temp\SymCCIS.dll
C:\Users\Stevef\AppData\Local\Temp\SymcPCCUInstaller.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-04-23 10:30:47
Restore point made on: 2014-04-23 10:33:37

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3884.55 MB
Available physical RAM: 3296.59 MB
Total Pagefile: 3882.7 MB
Available Pagefile: 3290.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:2.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:300.26 GB) NTFS
Drive f: (STORE N GO) (Removable) (Total:3.72 GB) (Free:1.05 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=328 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2014-04-21 13:02

==================== End Of Log ============================



#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 April 2014 - 04:09 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Try to boot into windows now


Proud Member of UNITE & TB
 

#13 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 25 April 2014 - 09:13 AM

I can use my computer again - thank you.

 

I also am not hearing the background noises (radio) anymore so hopefully that has been taken care of as well.

 

 

 

Here are the results of the Fix:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by SYSTEM at 2014-04-25 10:37:36 Run:2
Running from F:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
*****************
 
Could not find C:\Windows\System32\rpcss.dll.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
==== End of Fixlog ====


#14 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 26 April 2014 - 07:47 AM

OK! :)

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#15 sfleischmann

sfleischmann

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 April 2014 - 04:25 PM

Here are the result of the Malwarebytes Scan:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 4/27/2014 4:05:46 PM, SYSTEM, STEVEF-PC, Protection, Malware Protection, Starting, 
Protection, 4/27/2014 4:05:46 PM, SYSTEM, STEVEF-PC, Protection, Malware Protection, Started, 
Protection, 4/27/2014 4:05:46 PM, SYSTEM, STEVEF-PC, Protection, Malicious Website Protection, Starting, 
Protection, 4/27/2014 4:06:01 PM, SYSTEM, STEVEF-PC, Protection, Malicious Website Protection, Started, 
Update, 4/27/2014 4:48:24 PM, SYSTEM, STEVEF-PC, Scheduler, Malware Database, 2014.4.26.3, 2014.4.27.5, 
Protection, 4/27/2014 4:48:26 PM, SYSTEM, STEVEF-PC, Protection, Refresh, Starting, 
Protection, 4/27/2014 4:48:26 PM, SYSTEM, STEVEF-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 4/27/2014 4:48:27 PM, SYSTEM, STEVEF-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 4/27/2014 4:48:51 PM, SYSTEM, STEVEF-PC, Protection, Refresh, Success, 
Protection, 4/27/2014 4:48:51 PM, SYSTEM, STEVEF-PC, Protection, Malicious Website Protection, Starting, 
Protection, 4/27/2014 4:48:52 PM, SYSTEM, STEVEF-PC, Protection, Malicious Website Protection, Started, 
 
(end)
 
Here are the results of the ESET Scan
 
C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win64/Patched.H trojan
C:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.BA potentially unwanted application
C:\Users\Stevef\AppData\Local\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Stevef\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q\Safari Packages\uninstaller.exe a variant of Win32/InstallCore.AZ potentially unwanted application
C:\Users\Stevef\Downloads\VideoConverterSetup.exe a variant of Win32/InstallCore.BA potentially unwanted application
 

Related Topics




Also tagged with one or more of these keywords: malware, adware, virus, radio

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users