Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by l (administrator) on PURPLE on 30-06-2014 08:23:49
Running from C:\Users\l\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-27] (Google Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [gStart] => C:\Garmin\gStart.exe
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
https://search.yahoo...p={searchTerms}HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://www.yahoo.co...t&type=avastbclHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
https://www.yahoo.co...t&type=avastbclStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://speedial.com/...=2026722248&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/...0TR&pc=HPDTDFJSSearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://speedial.com/...=2026722248&ir=SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo...p={searchTerms}SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo...p={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/...0TR&pc=HPDTDFJSSearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo...p={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage:
https://www.yahoo.co...t&type=avastbclCHR StartupUrls: "
https://www.yahoo.co...&type=avastbcl"CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html"
CHR DefaultSearchProvider: "name": "Speedial"
CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-04] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-04] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [61016 2014-06-09] (StdLib)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-30 08:23 - 2014-06-30 08:24 - 00017809 _____ () C:\Users\l\Desktop\FRST.txt
2014-06-30 08:22 - 2014-06-30 08:23 - 00000000 ____D () C:\FRST
2014-06-30 08:21 - 2014-06-30 08:21 - 02083328 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-06-26 11:13 - 2014-06-29 09:02 - 00000099 _____ () C:\windows\SysWOW64\REMOTEDEVICE.INI
2014-06-20 16:36 - 2014-06-20 16:36 - 00099434 _____ () C:\Users\l\Documents\lori_tcdatabasebackup.tcx
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\Documents\My Garmin
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\AppData\Roaming\GARMIN
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\ProgramData\GARMIN
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files\DIFX
2014-06-20 11:31 - 2014-06-20 11:31 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 11:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-20 11:31 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-20 11:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-17 16:55 - 2014-06-17 16:55 - 00000000 ____D () C:\Users\l\AppData\Roaming\WebApp
2014-06-17 14:51 - 2014-06-17 14:51 - 00000000 ____D () C:\Users\l\AppData\Local\Cyberlink
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Downloads\Norton_Removal_Tool (1).exe
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Desktop\Norton_Removal_Tool.exe
2014-06-15 22:07 - 2014-06-15 22:07 - 00000000 ____D () C:\Users\l\AppData\Local\HP Quick Start
2014-06-14 08:03 - 2014-06-14 08:03 - 00000000 ____D () C:\Users\l\AppData\Local\Adobe
2014-06-13 06:43 - 2014-06-13 06:43 - 00003208 _____ () C:\Users\l\Desktop\AdwCleaner[S0].txt
2014-06-11 11:06 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 11:06 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 11:06 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 11:06 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 11:06 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 11:06 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 11:06 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 11:06 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 11:06 - 2014-05-23 17:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-11 11:06 - 2014-05-03 00:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 11:06 - 2014-05-02 22:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-11 11:05 - 2014-04-29 17:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-11 11:05 - 2014-04-29 17:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-11 11:05 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-11 11:05 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-11 11:05 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-11 11:05 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-11 11:05 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-11 11:00 - 2014-06-13 06:39 - 00000000 ____D () C:\AdwCleaner
2014-06-11 11:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-11 10:59 - 2014-06-11 10:59 - 01333465 _____ () C:\Users\l\Desktop\AdwCleaner.exe
2014-06-11 10:57 - 2014-06-11 10:57 - 00002198 _____ () C:\Users\l\Desktop\JRT.txt
2014-06-11 10:50 - 2014-06-11 10:50 - 01016261 _____ (Thisisu) C:\Users\l\Desktop\JRT.exe
2014-06-11 10:36 - 2014-04-03 06:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 10:36 - 2014-03-06 19:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 10:36 - 2014-03-06 19:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-10 13:33 - 2014-06-10 13:33 - 00625664 _____ () C:\Users\l\Desktop\dds.scr
2014-06-10 09:37 - 2014-06-09 12:24 - 00061016 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-10 08:46 - 2014-06-10 08:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 08:46 - 2014-06-10 08:46 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 08:45 - 2014-06-14 11:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-10 08:45 - 2014-06-10 08:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-10 08:37 - 2014-06-10 08:37 - 00001464 _____ () C:\Users\l\Desktop\Norton Security Scan.LNK
2014-06-10 08:36 - 2014-06-13 07:02 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-10 08:36 - 2014-06-10 08:36 - 00000046 _____ () C:\Users\l\AppData\Roaming\WB.CFG
2014-06-09 09:20 - 2014-06-11 10:51 - 00000000 ____D () C:\windows\ERUNT
2014-06-09 09:20 - 2014-06-09 09:20 - 00000848 _____ () C:\DelFix.txt
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\Documents\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\AppData\Roaming\CyberLink
==================== One Month Modified Files and Folders =======
2014-06-30 08:24 - 2014-06-30 08:23 - 00017809 _____ () C:\Users\l\Desktop\FRST.txt
2014-06-30 08:23 - 2014-06-30 08:22 - 00000000 ____D () C:\FRST
2014-06-30 08:23 - 2014-04-30 16:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-30 08:23 - 2014-04-30 16:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-30 08:21 - 2014-06-30 08:21 - 02083328 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-06-30 08:19 - 2013-03-22 12:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
2014-06-30 08:18 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-06-30 08:16 - 2013-07-17 12:49 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-06-30 08:16 - 2013-07-17 12:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-06-29 09:02 - 2014-06-26 11:13 - 00000099 _____ () C:\windows\SysWOW64\REMOTEDEVICE.INI
2014-06-28 13:26 - 2014-04-19 10:14 - 01646997 _____ () C:\windows\WindowsUpdate.log
2014-06-28 13:22 - 2014-04-27 09:23 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 22:34 - 2014-04-19 10:13 - 00000000 ____D () C:\Users\l
2014-06-26 17:58 - 2014-05-22 08:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
2014-06-26 11:14 - 2012-07-26 02:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-25 22:22 - 2014-04-27 09:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 05:52 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-06-24 16:09 - 2014-04-19 10:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
2014-06-24 15:59 - 2014-05-04 16:20 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-24 15:55 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-23 09:06 - 2012-08-10 18:49 - 00241354 _____ () C:\windows\PFRO.log
2014-06-23 09:05 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-06-20 22:17 - 2014-04-27 09:23 - 00003874 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 22:17 - 2014-04-27 09:23 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:36 - 2014-06-20 16:36 - 00099434 _____ () C:\Users\l\Documents\lori_tcdatabasebackup.tcx
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\Documents\My Garmin
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\AppData\Roaming\GARMIN
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\ProgramData\GARMIN
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files\DIFX
2014-06-20 11:31 - 2014-06-20 11:31 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 11:28 - 2013-07-17 12:46 - 00000000 ____D () C:\ProgramData\Norton
2014-06-20 11:18 - 2014-05-26 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-20 10:11 - 2014-04-20 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-18 10:39 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-06-17 16:55 - 2014-06-17 16:55 - 00000000 ____D () C:\Users\l\AppData\Roaming\WebApp
2014-06-17 14:51 - 2014-06-17 14:51 - 00000000 ____D () C:\Users\l\AppData\Local\Cyberlink
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Downloads\Norton_Removal_Tool (1).exe
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Desktop\Norton_Removal_Tool.exe
2014-06-15 22:07 - 2014-06-15 22:07 - 00000000 ____D () C:\Users\l\AppData\Local\HP Quick Start
2014-06-14 11:20 - 2014-06-10 08:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-14 08:03 - 2014-06-14 08:03 - 00000000 ____D () C:\Users\l\AppData\Local\Adobe
2014-06-14 08:03 - 2014-04-19 10:15 - 00000000 ____D () C:\Users\l\AppData\Roaming\Adobe
2014-06-14 07:47 - 2014-04-30 16:40 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 09:01 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-06-13 07:02 - 2014-06-10 08:36 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-13 06:43 - 2014-06-13 06:43 - 00003208 _____ () C:\Users\l\Desktop\AdwCleaner[S0].txt
2014-06-13 06:39 - 2014-06-11 11:00 - 00000000 ____D () C:\AdwCleaner
2014-06-12 03:03 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-06-12 03:02 - 2014-04-20 18:10 - 00000000 ____D () C:\windows\system32\MRT
2014-06-12 03:00 - 2014-04-20 18:10 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-11 10:59 - 2014-06-11 10:59 - 01333465 _____ () C:\Users\l\Desktop\AdwCleaner.exe
2014-06-11 10:57 - 2014-06-11 10:57 - 00002198 _____ () C:\Users\l\Desktop\JRT.txt
2014-06-11 10:51 - 2014-06-09 09:20 - 00000000 ____D () C:\windows\ERUNT
2014-06-11 10:50 - 2014-06-11 10:50 - 01016261 _____ (Thisisu) C:\Users\l\Desktop\JRT.exe
2014-06-11 10:47 - 2014-04-27 09:41 - 00230400 ___SH () C:\Users\l\Desktop\Thumbs.db
2014-06-10 17:37 - 2012-07-26 00:26 - 00000230 _____ () C:\windows\win.ini
2014-06-10 13:33 - 2014-06-10 13:33 - 00625664 _____ () C:\Users\l\Desktop\dds.scr
2014-06-10 08:46 - 2014-06-10 08:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 08:46 - 2014-06-10 08:46 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 08:45 - 2014-06-10 08:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-10 08:37 - 2014-06-10 08:37 - 00001464 _____ () C:\Users\l\Desktop\Norton Security Scan.LNK
2014-06-10 08:36 - 2014-06-10 08:36 - 00000046 _____ () C:\Users\l\AppData\Roaming\WB.CFG
2014-06-09 12:24 - 2014-06-10 09:37 - 00061016 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-09 09:20 - 2014-06-09 09:20 - 00000848 _____ () C:\DelFix.txt
2014-06-09 08:34 - 2014-04-30 16:27 - 00000000 ____D () C:\windows\erdnt
2014-06-03 09:36 - 2014-04-19 10:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
2014-06-02 22:30 - 2014-04-27 09:28 - 00000000 ____D () C:\Users\l\AppData\Local\Microsoft Help
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\Documents\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\AppData\Roaming\CyberLink
2014-06-02 15:57 - 2013-07-17 12:41 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-31 00:16 - 2012-07-26 03:14 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 00:16 - 2012-07-26 03:14 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\l\AppData\Local\temp\BackupSetup.exe
C:\Users\l\AppData\Local\temp\mbam-setup.exe
C:\Users\l\AppData\Local\temp\ntdll_dump.dll
C:\Users\l\AppData\Local\temp\Quarantine.exe
C:\Users\l\AppData\Local\temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-23 07:19
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by l at 2014-06-30 08:24:14
Running from C:\Users\l\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.5901 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2509 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3724 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2524 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.4930 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Greener Web (HKLM\...\Greener Web) (Version: 2014.06.10.125401 - Greener Web) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.1 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
09-06-2014 14:20:18 End of disinfection
18-06-2014 16:07:59 Scheduled Checkpoint
20-06-2014 21:38:00 Removed Garmin Training Center
28-06-2014 14:59:25 Scheduled Checkpoint
==================== Hosts content: ==========================
2012-07-26 00:26 - 2014-05-28 08:11 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {10D4323D-4C7C-4010-8844-B48021AA3E20} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)
Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2CA39437-F2BF-479F-9969-4D9925A7E54A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {3D60A443-BC36-41BC-896B-49D33511DF94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN22C1H152 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {3DB32E1A-08B9-4B73-930F-2B9195E87896} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {542A5A1B-299D-4E06-A305-C7D9FDF0015B} - \UpdaterEX No Task File <==== ATTENTION
Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {799825FE-73A5-480E-AD0A-4B45DFBAE5D2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-20] (Microsoft Corporation)
Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE052C15-93AC-4008-84B0-2B187495236D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {AFCBAEA8-DA09-4B78-AB10-C108A970AE56} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C53FC9F0-7ECC-4017-81B3-D5EFE1C525BE} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {C5A0688E-F6E1-439F-9D86-82A903D42E42} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {CB9023C9-0D6C-4EA4-9487-0ACEC8935D09} - \Speedial No Task File <==== ATTENTION
Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-05-04 16:15 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2014-06-20 10:10 - 2014-06-20 10:10 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-10 13:25 - 2013-01-10 13:25 - 00364544 _____ () C:\windows\system32\BsExtendFunc.dll
2013-01-10 15:30 - 2013-01-10 15:30 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00055296 _____ () C:\windows\system32\BlueSoleilCSps.dll
2014-06-24 07:53 - 2014-06-24 07:53 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062400\algo.dll
2014-06-30 08:22 - 2014-06-30 08:22 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14063000\algo.dll
2013-01-10 15:30 - 2013-01-10 15:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00055296 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2013-03-22 12:06 - 2013-03-22 12:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 12:53 - 2011-07-05 12:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-31 19:04 - 2013-01-31 19:04 - 00080120 _____ () C:\windows\SYSTEM32\BsProfilefunc.dll
2013-01-10 13:25 - 2013-01-10 13:25 - 00364544 _____ () C:\windows\SYSTEM32\BsExtendFunc.dll
2014-05-04 16:19 - 2014-05-04 16:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-17 12:33 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-07-17 12:27 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\windows\mod_frst.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2014 08:28:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (06/28/2014 09:59:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/27/2014 04:51:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (06/27/2014 04:50:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (06/26/2014 06:08:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/26/2014 05:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
Exception code: 0xe06d7363
Fault offset: 0x00010f22
Faulting process id: 0xf78
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
Error: (06/26/2014 08:46:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (06/26/2014 07:59:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (06/26/2014 07:59:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (06/25/2014 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
Exception code: 0xe06d7363
Fault offset: 0x00010f22
Faulting process id: 0xaf0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
System errors:
=============
Error: (06/30/2014 08:24:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Error: (06/30/2014 08:23:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053
Microsoft Office Sessions:
=========================
Error: (06/29/2014 08:28:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (06/28/2014 09:59:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/27/2014 04:51:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (06/27/2014 04:50:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (06/26/2014 06:08:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/26/2014 05:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16921537fc9dcKERNELBASE.dll6.2.9200.16864531d2be6e06d736300010f22f7801cf91921c795963C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNELBASE.dll71cb561a-fd85-11e3-be85-0c84dc3bd976
Error: (06/26/2014 08:46:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (06/26/2014 07:59:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (06/26/2014 07:59:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (06/25/2014 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16921537fc9dcKERNELBASE.dll6.2.9200.16864531d2be6e06d736300010f22af001cf90eed868fcb0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNELBASE.dll1d4087df-fce2-11e3-be85-0c84dc3bd976
CodeIntegrity Errors:
===================================
Date: 2014-05-17 08:12:37.871
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-05-17 08:12:37.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-30 16:32:03.045
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 12207.45 MB
Available physical RAM: 10568.03 MB
Total Pagefile: 12607.45 MB
Available Pagefile: 10854.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1843.67 GB) (Free:1795.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)
Partition: GPT Partition Type.
==================== End Of Log ============================