Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by JW (administrator) on CHTI on 13-11-2013 18:49:19
Running from D:\FRST
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
() E:\software no install required\Install_Restoration.exe
() C:\Users\JW\AppData\Local\Temp\ICReinstall_Install_Restoration.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [vmware-tray] - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [129584 2009-10-22] (VMware, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2039240 2010-06-01] (COMODO)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-22] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
MountPoints2: M - M:\LaunchU3.exe -a
MountPoints2: {10bfbb61-d3a9-11de-9c91-005056c00008} - M:\LaunchU3.exe -a
HKU\Administrator.000\...\Run: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
HKU\Administrator.000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
HKU\Administrator.000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\DW\...\Run: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
HKU\DW\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
HKU\DW\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2010-02-22] (Hewlett-Packard Company)
HKU\DW\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\KJW\...\Run: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
HKU\KJW\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
Startup: C:\Users\JW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\JW\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\JW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
Startup: C:\Users\KJW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification de cadeaux MSN.lnk
ShortcutTarget: Outil de notification de cadeaux MSN.lnk -> C:\Users\JW\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe (No File)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60EDFCC02B57CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9 12 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default
FF Homepage: hxxp://news.bbc.co.uk
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: British English Dictionary - C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: Dictionnaires français - C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org
FF Extension: Dictionnaire français «Classique» - C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\Extensions\fr-FR@dictionaries.addons.mozilla.org
FF Extension: Flagfox - C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: noscript - C:\Users\JW\AppData\Roaming\Mozilla\Firefox\Profiles\zi7zx1tm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1778480 2010-06-01] (COMODO)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [113200 2009-10-22] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [334384 2009-10-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-22] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [395824 2009-10-22] (VMware, Inc.)
S3 ufad-ws60; "C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [224240 2010-06-04] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [30112 2010-06-01] (COMODO)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2009-10-22] (VMware, Inc.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [75944 2010-06-01] (COMODO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [39704 2007-01-24] (Belcarra Technologies)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-10-29] ()
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2009-10-22] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-22] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2009-10-22] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2009-10-22] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [14896 2009-10-22] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2009-10-22] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [853936 2009-10-22] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
R2 WinFLdrv; C:\Windows\System32\WinFLdrv.sys [17984 2009-11-21] ()
R2 WinVd32; C:\Windows\system32\WinVd32.sys [180224 2009-11-21] ()
U3 ahrmqqeg; C:\Windows\System32\Drivers\ahrmqqeg.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-11 22:24 - 2013-11-11 22:24 - 00001138 _____ C:\Users\JW\Desktop\Continue Restoration Installation.lnk
2013-11-11 21:52 - 2013-11-11 21:52 - 00000000 ____D C:\Users\JW\AppData\Local\Microsoft_Corporation
2013-11-11 20:18 - 2013-11-11 20:18 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 20:18 - 2013-11-11 20:18 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-10 04:23 - 2013-11-10 04:23 - 00000000 ____D C:\FRST
2013-10-20 20:26 - 2013-11-09 21:54 - 00000000 ____D C:\Program Files\File Recovery
2013-10-20 20:26 - 2013-10-20 20:26 - 00001176 _____ C:\Users\JW\Desktop\Undelete 360.lnk
2013-10-20 13:12 - 2013-11-09 21:56 - 00000000 ____D C:\Users\JW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva
2013-10-20 13:12 - 2013-11-09 21:56 - 00000000 ____D C:\Program Files\Recuva

==================== One Month Modified Files and Folders =======

2013-11-13 18:45 - 2013-01-12 18:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 16:44 - 2009-10-27 19:16 - 01772987 _____ C:\Windows\WindowsUpdate.log
2013-11-11 22:24 - 2013-11-11 22:24 - 00001138 _____ C:\Users\JW\Desktop\Continue Restoration Installation.lnk
2013-11-11 21:52 - 2013-11-11 21:52 - 00000000 ____D C:\Users\JW\AppData\Local\Microsoft_Corporation
2013-11-11 21:37 - 2009-12-10 11:22 - 00000000 ____D C:\Users\DW\AppData\Local\Mozilla
2013-11-11 21:33 - 2007-07-16 18:37 - 00000000 ____D C:\Users\KJW\AppData\Roaming\Skype
2013-11-11 20:18 - 2013-11-11 20:18 - 00001908 _____ C:\Windows\diagwrn.xml
2013-11-11 20:18 - 2013-11-11 20:18 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-11 20:18 - 2009-07-14 05:39 - 00000611 _____ C:\Windows\setupact.log
2013-11-11 20:18 - 2009-07-14 05:39 - 00000000 _____ C:\Windows\setuperr.log
2013-11-10 21:42 - 2007-07-16 17:39 - 00000000 ____D C:\Users\JW\AppData\Roaming\Skype
2013-11-10 19:52 - 2009-11-21 19:03 - 00001569 _____ C:\Sys_LogWin.log
2013-11-10 19:52 - 2009-11-21 19:03 - 00000000 __SHD C:\Users\JW\AppData\Roaming\.#
2013-11-10 19:44 - 2009-07-14 05:34 - 00020864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 19:44 - 2009-07-14 05:34 - 00020864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 19:38 - 2011-05-07 14:35 - 00000000 ____D C:\Users\JW\AppData\Roaming\Dropbox
2013-11-10 19:36 - 2009-11-28 17:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-10 19:36 - 2009-11-01 15:06 - 00000000 ____D C:\ProgramData\VMware
2013-11-10 19:36 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 04:23 - 2013-11-10 04:23 - 00000000 ____D C:\FRST
2013-11-09 21:57 - 2009-10-30 17:22 - 00000000 ____D C:\Users\Administrator.000
2013-11-09 21:57 - 2009-10-30 17:16 - 00000000 ____D C:\Users\DW
2013-11-09 21:57 - 2009-10-30 17:13 - 00000000 ____D C:\Users\KJW
2013-11-09 21:57 - 2009-10-27 18:27 - 00000000 ____D C:\Users\JW
2013-11-09 21:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2013-11-09 21:56 - 2013-10-20 13:12 - 00000000 ____D C:\Users\JW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva
2013-11-09 21:56 - 2013-10-20 13:12 - 00000000 ____D C:\Program Files\Recuva
2013-11-09 21:56 - 2013-10-11 20:02 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-11-09 21:56 - 2013-10-01 19:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-09 21:56 - 2013-04-30 17:14 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-09 21:56 - 2013-01-26 16:33 - 00000000 ___RD C:\Program Files\Skype
2013-11-09 21:56 - 2012-05-02 17:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-09 21:56 - 2012-04-19 18:07 - 00000000 ____D C:\Users\JW\AppData\Roaming\AVG2012
2013-11-09 21:56 - 2012-04-19 18:04 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-11-09 21:56 - 2009-10-30 16:09 - 00000000 ____D C:\ProgramData\Skype
2013-11-09 21:56 - 2009-10-28 17:01 - 00000000 ____D C:\Users\JW\AppData\Roaming\uTorrent
2013-11-09 21:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-11-09 21:56 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-09 21:55 - 2009-10-30 17:14 - 00000000 ____D C:\Users\KJW\AppData\Local\Mozilla
2013-11-09 21:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-09 21:54 - 2013-10-20 20:26 - 00000000 ____D C:\Program Files\File Recovery
2013-11-09 21:54 - 2009-10-27 18:37 - 00000000 ____D C:\Users\JW\AppData\Local\Mozilla
2013-11-09 14:07 - 2009-10-28 11:51 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-10-31 08:02 - 2013-08-13 21:06 - 00000000 ____D C:\Windows\system32\MRT
2013-10-21 20:58 - 2009-10-28 13:01 - 00000000 ____D C:\Program Files\PeerBlock
2013-10-20 20:26 - 2013-10-20 20:26 - 00001176 _____ C:\Users\JW\Desktop\Undelete 360.lnk
2013-10-18 17:07 - 2010-01-31 22:58 - 00000000 ____D C:\Users\DW\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\JW\AppData\Local\Temp\adobe_installer.exe
C:\Users\JW\AppData\Local\Temp\ApnIC.dll
C:\Users\JW\AppData\Local\Temp\ApnStub.exe
C:\Users\JW\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\JW\AppData\Local\Temp\AskSLib.dll
C:\Users\JW\AppData\Local\Temp\asktoolbar.exe
C:\Users\JW\AppData\Local\Temp\bassmod.dll
C:\Users\JW\AppData\Local\Temp\BunndleOfferManager.dll
C:\Users\JW\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\JW\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\JW\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\JW\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\JW\AppData\Local\Temp\hsk393C.tmp.exe
C:\Users\JW\AppData\Local\Temp\ICReinstall_Install_Restoration.exe
C:\Users\JW\AppData\Local\Temp\nos_uninstall_Adobe.dll
C:\Users\JW\AppData\Local\Temp\OCSetupHlp.dll
C:\Users\JW\AppData\Local\Temp\setup_v3.0.5517.exe
C:\Users\JW\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JW\AppData\Local\Temp\_is4069.exe
C:\Users\JW\AppData\Local\Temp\_is6B25.exe
C:\Users\JW\AppData\Local\Temp\_isB74F.exe
C:\Users\JW\AppData\Local\Temp\_isDCA1.exe
C:\Users\KJW\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 18:23

==================== End Of Log ============================