Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Links get hijacked, Trojan, insane amount of pop ups... [Solved]


  • This topic is locked This topic is locked

#1
hank_venture

hank_venture

    Member

  • Member
  • PipPip
  • 19 posts
So the first thing is clicking links from google search or other sites will get redirected to lnksdata.com , crackle.com, those are the ones I remember...Its infected all my browsers including chrome and firefox. Last night I was watching a youtube video in chrome and I looked in the corner and adblock had blocked literally over 2000 pop ups....thats just the ones that don't get through....get a lot of embedded ads on websites.

I did a complete scan with Avast and Malwayre Bytes, they found a Trojan and some other stuff but didn't help the link hijacking or pop ups... I tried to use OTL several times, it crashes as soon as it starts checking Firefox settings (I'm on Windows 8)...tried downloading OTL again from a different site and gives me the same problem...Thanks in advance for all your help, I have to use my cell phone for everything online because I'm afraid of getting hacked or worse.

Edited by hank_venture, 25 July 2013 - 06:59 PM.

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi and welcome.

Lets give it a try. You will need a flash drive.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#3
hank_venture

hank_venture

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you for the prompt reply.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013
Ran by SYSTEM on 25-07-2013 20:50:02
Running from D:\
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [PC Optimizer Pro] - C:\Program Files\PC Optimizer Pro\StartApps.exe [434968 2013-05-10] (Xportsoft Technologies)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2236080 2013-06-27] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\Jacob\...\Run: [Pokki] - C:\WINDOWS\system32\rundll32.exe [51712 2012-07-25] (Microsoft Corporation)
HKU\Jacob\...\Run: [Spotify Web Helper] - C:\Users\Jacob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-02-03] (Spotify Ltd)
HKU\Jacob\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18643048 2013-02-28] (Skype Technologies S.A.)
HKU\Jacob\...\Run: [Akamai NetSession Interface] - C:\Users\Jacob\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\Jacob\...\Run: [GoogleChromeAutoLaunch_BE49B27017FD712DF1E70FE7861589BC] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_0057cbec48a2d7cf\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 Remote Solver for Flow Simulation 2011; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [110344 2011-07-11] (Mentor Graphics Corporation)
S2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-05-16] ()
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-26] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 stdflt; C:\Windows\SysWow64\DRIVERS\stdflt.sys [15336 2009-07-23] (ST Microelectronics)
S2 TurboB; C:\Windows\system32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S0 stdflt; system32\DRIVERS\stdflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 20:49 - 2013-07-25 20:49 - 00000000 ____D C:\FRST
2013-07-25 20:48 - 2013-07-25 20:48 - 00000000 _____ C:\Recovery.txt
2013-07-25 16:35 - 2013-07-25 16:35 - 03416108 _____ C:\Users\Jacob\Downloads\A Fight Song.wav
2013-07-21 20:15 - 2013-07-21 20:16 - 05251116 _____ C:\Users\Jacob\Downloads\20130721_135835.wav
2013-07-21 20:14 - 2013-07-21 20:14 - 00852012 _____ C:\Users\Jacob\Downloads\20130721_185336.wav
2013-07-21 20:13 - 2013-07-21 20:13 - 02981932 _____ C:\Users\Jacob\Downloads\20130514_203736.wav
2013-07-20 20:57 - 2013-07-20 20:58 - 00000000 ____D C:\Users\Jacob\Downloads\Troy Stetina - Speed Mechanics for Lead guitar
2013-07-20 10:13 - 2013-07-20 10:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL (1).exe
2013-07-17 18:24 - 2013-07-17 18:25 - 08273964 _____ C:\Users\Jacob\Downloads\Strike the Ground P1.wav
2013-07-16 21:37 - 2013-07-16 21:37 - 06807596 _____ C:\Users\Jacob\Downloads\Song2.wav
2013-07-16 20:48 - 2013-07-16 20:49 - 08560684 _____ C:\Users\Jacob\Downloads\Song1.wav
2013-07-14 17:05 - 2013-07-14 17:06 - 00262144 _____ C:\Windows\Minidump\071413-76328-01.dmp
2013-07-14 17:05 - 2013-07-14 17:05 - 00520416 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-13 22:58 - 2013-05-30 15:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-13 22:56 - 2013-06-01 01:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 22:56 - 2013-06-01 01:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-13 22:56 - 2013-04-11 14:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 22:56 - 2013-04-11 14:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-13 22:55 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 22:55 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 22:55 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 22:55 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 22:55 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 22:55 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 22:55 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 22:55 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 22:55 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-13 22:55 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-13 22:55 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-13 22:55 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-13 22:55 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-13 22:55 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-13 22:55 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-13 22:55 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-13 22:55 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-13 22:54 - 2013-05-03 22:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-13 22:54 - 2013-05-03 20:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 20:13 - 2013-07-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL.exe
2013-07-10 17:48 - 2013-07-10 17:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 17:48 - 2013-07-10 17:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 20:15 - 2013-07-09 20:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-09 20:15 - 2013-07-09 20:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-07 21:46 - 2013-07-07 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-07 21:08 - 2013-05-15 14:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-07-06 19:35 - 2013-07-06 19:35 - 06953496 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight (1).exe
2013-07-05 14:48 - 2013-07-05 15:04 - 06602902 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight.exe
2013-07-01 17:18 - 2013-07-14 17:05 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:18 - 2013-07-01 17:18 - 00262144 _____ C:\Windows\Minidump\070113-75296-01.dmp
2013-07-01 17:17 - 2013-07-14 17:05 - 564690292 _____ C:\Windows\MEMORY.DMP
2013-07-01 17:07 - 2013-07-01 18:09 - 00000000 ____D C:\Users\Jacob\Downloads\The.Purge.2013.WEBRip.R6.XViD.AC3 - W00D
2013-06-28 19:33 - 2013-06-28 19:34 - 04374572 _____ C:\Users\Jacob\Downloads\20130628_195044.wav
2013-06-28 13:51 - 2013-06-28 13:51 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-26 23:46 - 2013-06-26 23:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgwfpa.sys
2013-06-26 19:16 - 2013-06-28 13:51 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 19:16 - 2013-06-28 13:51 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum

==================== One Month Modified Files and Folders =======

2013-07-25 20:49 - 2013-07-25 20:49 - 00000000 ____D C:\FRST
2013-07-25 20:48 - 2013-07-25 20:48 - 00000000 _____ C:\Recovery.txt
2013-07-25 20:48 - 2010-09-02 12:02 - 00000000 __SHD C:\Recovery
2013-07-25 19:47 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-07-25 19:31 - 2013-06-01 09:39 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\vlc
2013-07-25 19:25 - 2012-12-16 03:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 19:03 - 2013-06-07 19:21 - 00000282 _____ C:\Windows\Tasks\TopArcadeHits.job
2013-07-25 19:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru
2013-07-25 18:48 - 2013-01-01 21:26 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 16:51 - 2013-01-26 19:07 - 00000000 ____D C:\ProgramData\MFAData
2013-07-25 16:35 - 2013-07-25 16:35 - 03416108 _____ C:\Users\Jacob\Downloads\A Fight Song.wav
2013-07-22 19:48 - 2013-01-01 21:26 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-22 16:41 - 2013-01-27 18:05 - 00000564 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2013-07-21 21:43 - 2013-04-13 11:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-21 21:41 - 2012-12-16 01:44 - 00000000 ____D C:\Users\Jacob\AppData\Local\Pokki
2013-07-21 21:40 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 20:16 - 2013-07-21 20:15 - 05251116 _____ C:\Users\Jacob\Downloads\20130721_135835.wav
2013-07-21 20:14 - 2013-07-21 20:14 - 00852012 _____ C:\Users\Jacob\Downloads\20130721_185336.wav
2013-07-21 20:13 - 2013-07-21 20:13 - 02981932 _____ C:\Users\Jacob\Downloads\20130514_203736.wav
2013-07-20 20:58 - 2013-07-20 20:57 - 00000000 ____D C:\Users\Jacob\Downloads\Troy Stetina - Speed Mechanics for Lead guitar
2013-07-20 10:13 - 2013-07-20 10:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL (1).exe
2013-07-19 21:09 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\ELAM
2013-07-17 21:22 - 2012-12-16 00:22 - 00386048 ___SH C:\Users\Jacob\Desktop\Thumbs.db
2013-07-17 18:25 - 2013-07-17 18:24 - 08273964 _____ C:\Users\Jacob\Downloads\Strike the Ground P1.wav
2013-07-16 21:37 - 2013-07-16 21:37 - 06807596 _____ C:\Users\Jacob\Downloads\Song2.wav
2013-07-16 20:49 - 2013-07-16 20:48 - 08560684 _____ C:\Users\Jacob\Downloads\Song1.wav
2013-07-15 22:41 - 2012-07-25 23:28 - 00848230 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-14 17:06 - 2013-07-14 17:05 - 00262144 _____ C:\Windows\Minidump\071413-76328-01.dmp
2013-07-14 17:05 - 2013-07-14 17:05 - 00520416 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-14 17:05 - 2013-07-01 17:18 - 00000000 ____D C:\Windows\Minidump
2013-07-14 17:05 - 2013-07-01 17:17 - 564690292 _____ C:\Windows\MEMORY.DMP
2013-07-14 16:03 - 2013-03-31 18:25 - 01767201 _____ C:\Windows\WindowsUpdate.log
2013-07-14 12:13 - 2012-07-25 23:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 12:13 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\oobe
2013-07-13 20:13 - 2013-07-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL.exe
2013-07-13 11:52 - 2013-01-01 21:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 19:43 - 2013-01-01 21:26 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 19:43 - 2013-01-01 21:26 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 21:19 - 2012-07-25 21:37 - 00000000 ____D C:\Windows\servicing
2013-07-10 17:54 - 2012-12-16 03:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 17:53 - 2012-12-16 11:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 17:48 - 2013-07-10 17:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 17:48 - 2013-07-10 17:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 20:15 - 2013-07-09 20:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-09 20:15 - 2013-07-09 20:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-09 20:08 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-09 20:08 - 2012-07-25 21:26 - 00000167 _____ C:\Windows\win.ini
2013-07-09 16:22 - 2013-03-27 21:04 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-09 16:16 - 2013-06-15 19:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-07 21:46 - 2013-07-07 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-07 21:07 - 2013-01-31 15:05 - 00000000 _____ C:\END
2013-07-06 19:35 - 2013-07-06 19:35 - 06953496 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight (1).exe
2013-07-06 18:26 - 2012-12-16 01:24 - 00000000 ____D C:\Program Files\PeerBlock
2013-07-05 15:04 - 2013-07-05 14:48 - 06602902 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight.exe
2013-07-04 22:56 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-04 22:51 - 2012-09-09 16:24 - 00063488 ___SH C:\Users\Jacob\Downloads\Thumbs.db
2013-07-01 18:09 - 2013-07-01 17:07 - 00000000 ____D C:\Users\Jacob\Downloads\The.Purge.2013.WEBRip.R6.XViD.AC3 - W00D
2013-07-01 18:08 - 2012-12-16 00:59 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\uTorrent
2013-07-01 17:18 - 2013-07-01 17:18 - 00262144 _____ C:\Windows\Minidump\070113-75296-01.dmp
2013-06-28 19:34 - 2013-06-28 19:33 - 04374572 _____ C:\Users\Jacob\Downloads\20130628_195044.wav
2013-06-28 13:51 - 2013-06-28 13:51 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 13:51 - 2013-06-26 19:16 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 13:51 - 2013-06-26 19:16 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 13:51 - 2013-06-15 19:17 - 00378944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-28 13:51 - 2013-06-15 19:16 - 01030952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-28 13:51 - 2013-06-15 19:16 - 00189936 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 20:43 - 2013-03-27 21:04 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-27 20:43 - 2013-03-27 21:04 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-27 20:43 - 2013-03-27 21:04 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-27 14:04 - 2012-07-26 00:14 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 14:04 - 2012-07-26 00:14 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 23:46 - 2013-06-26 23:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgwfpa.sys

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-05 22:17:41
Restore point made on: 2013-07-09 20:07:23
Restore point made on: 2013-07-14 12:00:57
Restore point made on: 2013-07-21 20:30:23

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3892.52 MB
Available physical RAM: 3212.46 MB
Total Pagefile: 3892.52 MB
Available Pagefile: 3218.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:56.26 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Removable) (Total:14.9 GB) (Free:13.54 GB) FAT32 (Disk=1 Partition=1)
Drive f: (MetalEdge 9-07) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72284663)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-07-20 03:03

==================== End Of Log ============================
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
You are using two antivirus.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.

I would suggest you remove AVG and keep AVAST.

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file here.
  • 0

#5
hank_venture

hank_venture

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I downloaded the software from the link and ran the exectutable. Crashed twice so I restarted the computer and re ran it...crashed again.
It says Avast Rootkit stopped working. I attahched a screen shot. Thank you.


rootkit.PNG
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Lets try these programs:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#7
hank_venture

hank_venture

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you for the help so far =)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 8 Pro x64
Ran by Jacob on Sat 07/27/2013 at 22:26:18.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
Pokki REG_EXPAND_SZ C:\WINDOWS\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E318FC5B-9B67-481D-B503-5C94B8B2C5E7}



~~~ Files

Failed to delete: [File] C:\eula.1028.txt
Failed to delete: [File] C:\eula.1031.txt
Failed to delete: [File] C:\eula.1033.txt
Failed to delete: [File] C:\eula.1036.txt
Failed to delete: [File] C:\eula.1040.txt
Failed to delete: [File] C:\eula.1041.txt
Failed to delete: [File] C:\eula.1042.txt
Failed to delete: [File] C:\eula.2052.txt
Failed to delete: [File] C:\install.res.1028.dll
Failed to delete: [File] C:\install.res.1031.dll
Failed to delete: [File] C:\install.res.1033.dll
Failed to delete: [File] C:\install.res.1036.dll
Failed to delete: [File] C:\install.res.1040.dll
Failed to delete: [File] C:\install.res.1041.dll
Failed to delete: [File] C:\install.res.1042.dll
Failed to delete: [File] C:\install.res.2052.dll
Failed to delete: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"



~~~ FireFox

Successfully deleted: [File] C:\Users\Jacob\AppData\Roaming\mozilla\firefox\profiles\f90sm973.default\invalidprefs.js
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{7d4f1959-3f72-49d5-8e59-f02f8aa6815d}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7d4f1959-3f72-49d5-8e59-f02f8aa6815d}
Successfully deleted the following from C:\Users\Jacob\AppData\Roaming\mozilla\firefox\profiles\f90sm973.default\prefs.js

user_pref("extensions.crossrider.bic", "13be9bf1bfcc8617b06f15ad86797363");
Emptied folder: C:\Users\Jacob\AppData\Roaming\mozilla\firefox\profiles\f90sm973.default\minidumps [45 files]



~~~ Chrome

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/27/2013 at 22:35:40.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v2.306 - Logfile created 07/27/2013 at 22:37:35
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8 Pro (64 bits)
# User : Jacob - JACOB-PC
# Boot Mode : Normal
# Running from : C:\Users\Jacob\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1038 octets] - [27/07/2013 21:51:08]
AdwCleaner[S3].txt - [848 octets] - [27/07/2013 22:37:35]

########## EOF - C:\AdwCleaner[S3].txt - [907 octets] ##########





Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.26.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Jacob :: JACOB-PC [administrator]

7/27/2013 10:44:03 PM
mbam-log-2013-07-27 (22-44-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244033
Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingc...download/rkill/

A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply

After running Rkill, please run aswMBR.exe. Then run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#9
hank_venture

hank_venture

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello there. I followed your procedure last night and ended up with the same error. So right now I very carefully repeated the procedure starting with the instruction you posted on 27 July 2013 - 04:43 PM. After rkill I ran first Malwayre bytes then Adwcleaner with avast disabled. I got the same antirootkit message from aswmbr =(
I also get a dialog box upon restart that says "there ware a problem starting C:\program files(x86)\conduit\ct3298573\plugins\tbverifier.dll the specfified module could not be found" "

Here is the most recent rkill log

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 07/29/2013 06:14:14 PM in x64 mode.
Windows Version: Windows 8 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* WinDefend => "%ProgramFiles%\Windows Defender\MsMpEng.exe" [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 07/29/2013 06:17:25 PM
Execution time: 0 hours(s), 3 minute(s), and 10 seconds(s)
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Please run FRST in Normal ode as follows:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

Advertisements


#11
hank_venture

hank_venture

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Jacob at 2013-07-31 19:15:07
Running from C:\Users\Jacob\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


µTorrent (x32 Version: 3.2.3.28705)
7-Zip 9.22beta (x32)
Accelerometer (x32 Version: 1.06.08.17)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Akamai NetSession Interface (HKCU)
AutoCAD MEP 2013 Language Pack - English (Version: 7.0.50.0)
Autodesk Content Service (x32 Version: 3.0.84.0)
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82)
Autodesk Download Manager (x32 Version: 2.0.6.0)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
Autodesk Material Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bullzip PDF Printer 9.5.0.1579 (Version: 9.5.0.1579)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32 Version: 3.1.1)
Canon MG3100 series MP Drivers
Canon MG3100 series On-screen Manual (x32)
Canon MP Navigator EX 5.0 (x32)
Canon Quick Menu (x32 Version: 2.1.0)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell System Detect (HKCU Version: 3.3.2.1)
getsav-in (x32 Version: 1.1368387917)
Google Chrome (x32 Version: 28.0.1500.72)
Google Drive (x32 Version: 1.10.4769.632)
Google Update Helper (x32 Version: 1.3.21.153)
IDT Audio (x32 Version: 1.0.6267.0)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MATLAB R2012b (Version: 8.0)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32)
Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 20.0.1)
MPC-HC 1.6.7.7114 (9eb64ec) (x32 Version: 1.6.7.7114)
oCAD MEP 2013 - English (Version: 7.0.50.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Pokki (HKCU Version: 0.263.13.319)
Pokki Download Helper (HKCU Version: 1.3.1.282)
R-Wipe&Clean 9.8 (x32)
Secure Download Manager (x32 Version: 3.1.0)
Skype Click to Call (x32 Version: 6.10.13089)
Skype™ 6.3 (x32 Version: 6.3.105)
SolidWorks 2011 x64 Edition SP05 (Version: 19.150.91)
SolidWorks 2011 x64 Edition SP05 (x32 Version: 19.5.0.91)
SolidWorks eDrawings 2011 x64 Edition SP05 (Version: 11.5.111)
SolidWorks Flow Simulation 2011 SP05 x64 Edition (Version: 19.50.92)
Spotify (HKCU Version: 0.8.5.1333.g822e0de8)
TakeOwnershipEx (x32 Version: 1.2.0.1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Updater By SweetPacks 2.0.0.586 (Version: 2.0.0.586)
VIO Player version 1.0.1 (x32 Version: 1.0.1)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.6 (x32 Version: 2.0.6)
WAV To MP3 Converter version 1.0 r1 (x32 Version: 1.0 r1)
Windows 7 Codec Pack 4.0.6 (x32 Version: 4.0.6)
WModem Driver Installer (x32 Version: 2.0.6.13)

==================== Restore Points =========================

14-07-2013 19:59:32 Windows Update
22-07-2013 04:29:36 Scheduled Checkpoint
27-07-2013 03:40:36 Removed AVG 2013

==================== Hosts content: ==========================

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {1442481C-EE64-40D7-97CE-4CB42ED1EE1F} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2234159068-2688919450-3802922479-1000
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {360EC3E3-F2EB-404E-9EBD-251F6EF52084} - System32\Tasks\MATLAB R2012b Startup Accelerator => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {491B4BCC-39A6-49C4-B411-D62377D6CDBB} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {4A4AEA56-A18A-4A1E-B3AC-1E7B1139DD1B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)
Task: {698A3C79-018A-4D9F-AE56-C79748C530BA} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {6A40AE5A-8526-4528-8C46-93B14508A0CC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-25] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-19] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {7F946EF2-334B-444E-A015-3BDDD1956036} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {92D81485-8C00-4063-B8C8-1168F8C60DEB} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {9823366E-A2FC-4B74-8B62-47A3AC88E747} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A050D47B-FC50-4C8A-83AC-B596C7151081} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {A551438B-D725-4414-80AE-DBCC115E6583} - System32\Tasks\TopArcadeHits => C:\Users\Jacob\AppData\Local\TopArcadeHits\updater.exe No File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A91A6B2C-CC3D-4DB8-B1B4-9A4156435503} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {AFAD0A85-71A8-4C81-9218-EA1CD51DE937} - System32\Tasks\Shutdown => C:\Windows\System32\shutdown.exe [2012-07-25] (Microsoft Corporation)
Task: {B0D2C0D6-D89A-41B6-A238-8BF418D91922} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1776531-15E3-449C-A47C-1EC1738C6F94} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-19] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\TopArcadeHits.job => C:\Users\Jacob\AppData\Local\TopArcadeHits\updater.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ST Micro Accelerometer
Description: ST Micro Accelerometer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ST Microelectronics
Service: Acceler
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 07:04:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0x10fc
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5

Error: (07/29/2013 05:25:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: twinui.dll, version: 6.2.9200.16604, time stamp: 0x5184a60b
Exception code: 0xc0000005
Fault offset: 0x00000000000a812a
Faulting process id: 0x7bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (07/28/2013 10:43:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0xcf4
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5

Error: (07/28/2013 04:54:39 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fb0

Start Time: 01ce8bed98a7e463

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 060fcd50-f7e1-11e2-bf17-b8ac6f6c93ca

Faulting package full name:

Faulting package-relative application ID:

Error: (07/27/2013 03:46:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Jacob-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/27/2013 00:10:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0x968
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5

Error: (07/26/2013 09:03:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0x12b4
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5

Error: (07/26/2013 09:02:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0x1848
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5

Error: (07/25/2013 09:18:52 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (07/25/2013 09:17:50 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)


System errors:
=============
Error: (07/31/2013 02:59:13 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\drivers\Acceler.sys

Error: (07/31/2013 02:59:09 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/31/2013 02:45:27 AM) (Source: DCOM) (User: Jacob-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/29/2013 06:55:52 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\drivers\Acceler.sys

Error: (07/29/2013 06:55:48 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/29/2013 05:53:45 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\drivers\Acceler.sys

Error: (07/29/2013 05:53:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/29/2013 05:24:46 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\drivers\Acceler.sys

Error: (07/29/2013 05:24:40 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/29/2013 01:22:25 AM) (Source: DCOM) (User: Jacob-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


Microsoft Office Sessions:
=========================
Error: (07/29/2013 07:04:35 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f8110fc01ce8cc8fbda4512C:\Users\Jacob\Downloads\aswMBR.exeC:\WINDOWS\SYSTEM32\ntdll.dll618c6493-f8bc-11e2-bf1a-b8ac6f6c93ca

Error: (07/29/2013 05:25:53 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.166045184a60bc000000500000000000a812a7bc01ce8cbb4839e4f2C:\WINDOWS\Explorer.EXEC:\Windows\System32\twinui.dll97aba14a-f8ae-11e2-bf18-b8ac6f6c93ca

Error: (07/28/2013 10:43:10 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f81cf401ce8c1e5af4f2deC:\Users\Jacob\Downloads\aswMBR.exeC:\WINDOWS\SYSTEM32\ntdll.dllc01bb104-f811-11e2-bf17-b8ac6f6c93ca

Error: (07/28/2013 04:54:39 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628fb001ce8bed98a7e4630C:\WINDOWS\Explorer.EXE060fcd50-f7e1-11e2-bf17-b8ac6f6c93ca

Error: (07/27/2013 03:46:41 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Jacob-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023174

Error: (07/27/2013 00:10:19 AM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f8196801ce8a98360b46cfC:\Users\Jacob\Downloads\aswMBR.exeC:\WINDOWS\SYSTEM32\ntdll.dll97e2afcd-f68b-11e2-bf12-b8ac6f6c93ca

Error: (07/26/2013 09:03:00 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f8112b401ce8a7dfb58c093C:\Users\Jacob\Downloads\aswMBR.exeC:\WINDOWS\SYSTEM32\ntdll.dll6ce65764-f671-11e2-bf11-b8ac6f6c93ca

Error: (07/26/2013 09:02:12 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f81184801ce8a7dfce16751C:\Users\Jacob\Downloads\aswMBR.exeC:\WINDOWS\SYSTEM32\ntdll.dll502a051f-f671-11e2-bf11-b8ac6f6c93ca

Error: (07/25/2013 09:18:52 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (07/25/2013 09:17:50 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3892.52 MB
Available physical RAM: 2157.73 MB
Total Pagefile: 7860.52 MB
Available Pagefile: 5617.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:52.37 GB) NTFS (Disk=0 Partition=2)
Drive d: (MetalEdge 9-07) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72284663)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================























Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Jacob (administrator) on 31-07-2013 19:13:15
Running from C:\Users\Jacob\Desktop
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_0057cbec48a2d7cf\STacSV64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_0057cbec48a2d7cf\AESTSr64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Pokki) C:\Users\Jacob\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Pokki) C:\Users\Jacob\AppData\Local\Pokki\Engine\pokki.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Pokki) C:\Users\Jacob\AppData\Local\Pokki\Engine\pokki.exe
(Pokki) C:\Users\Jacob\AppData\Local\Pokki\Engine\pokki.exe
(Pokki) C:\Users\Jacob\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKCU\...\Run: [Pokki] - C:\WINDOWS\system32\rundll32.exe [51712 2012-07-25] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Jacob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-02-03] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18643048 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jacob\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_BE49B27017FD712DF1E70FE7861589BC] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)
HKCU\...\Run: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] - C:\WINDOWS\SysWOW64\Rundll32.exe [48640 2012-07-25] (Microsoft Corporation)
MountPoints2: {1b21d49c-6f0f-11e2-be93-00190e0ca9e7} - "E:\TL-Bootstrap.exe"
MountPoints2: {3caa154e-5e0c-11e2-be7c-00190e0ca9e7} - "E:\TL-Bootstrap.exe"
MountPoints2: {6036845f-73b7-11e2-be9a-00190e0ca9e7} - "E:\MotorolaDeviceManagerSetup.exe" -a
MountPoints2: {c276619a-4753-11e2-be65-806e6f6e6963} - "D:\shellexe.exe" MetalEdgePDF.pdf
MountPoints2: {e1c2628e-8d35-11e2-bebf-00190e0ca9e7} - "E:\HTC_Sync_Manager_PC.exe"
MountPoints2: {e1c2628f-8d35-11e2-bebf-00190e0ca9e7} - "F:\TL-Bootstrap.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: RWCPuBlocker Class - {445A58D3-5310-455A-BF8B-B10639E713D5} - C:\Program Files (x86)\R-Wipe&Clean\RwcPub64.dll (R-tools Technologies, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RWCPuBlocker Class - {445A58D3-5310-455A-BF8B-B10639E713D5} - C:\Program Files (x86)\R-Wipe&Clean\RwcPub32.dll (R-tools Technologies, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper - C:\Users\Jacob\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF SearchPlugin: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\searchplugins\bingp.xml
FF Extension: No Name - C:\Users\Jacob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: TopArcadeHits - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
FF Extension: adblockpopups - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\Extensions\[email protected]
FF Extension: artur.dubovoy - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\Extensions\[email protected]
FF Extension: SQLiteManager - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\f90sm973.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Wajam) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Pokki Download Helper) - C:\Users\Jacob\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (AdBlock) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (avast! Online Security) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: () - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (Fiery Music) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon\1_0
CHR Extension: (Skype Click to Call) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0
CHR Extension: (Amazing Coupons) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Jacob\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_0057cbec48a2d7cf\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Remote Solver for Flow Simulation 2011; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [110344 2011-07-11] (Mentor Graphics Corporation)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 stdflt; C:\Windows\SysWow64\DRIVERS\stdflt.sys [15336 2009-07-23] (ST Microelectronics)
R2 TurboB; C:\Windows\system32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S0 stdflt; system32\DRIVERS\stdflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 18:53 - 2013-07-29 18:54 - 00001166 _____ C:\AdwCleaner[S6].txt
2013-07-29 17:52 - 2013-07-29 17:53 - 00001105 _____ C:\AdwCleaner[S5].txt
2013-07-29 17:49 - 2013-07-29 17:49 - 00002545 _____ C:\Users\Jacob\Desktop\JRT.txt
2013-07-28 21:44 - 2013-07-31 01:57 - 00000000 ____D C:\Users\Jacob\Desktop\TAKE THE HILL
2013-07-28 16:48 - 2013-07-28 16:49 - 00001034 _____ C:\AdwCleaner[S4].txt
2013-07-28 13:38 - 2013-07-29 18:17 - 00002322 _____ C:\Users\Jacob\Desktop\Rkill.txt
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Jacob\Desktop\rkill
2013-07-27 22:37 - 2013-07-27 22:38 - 00000975 _____ C:\AdwCleaner[S3].txt
2013-07-27 22:26 - 2013-07-27 22:26 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-27 21:55 - 2013-07-31 18:47 - 00000000 ____D C:\Users\Jacob\Desktop\geekstogo
2013-07-27 21:51 - 2013-07-27 21:52 - 00001038 _____ C:\AdwCleaner[S2].txt
2013-07-26 22:12 - 2004-08-20 00:00 - 49109804 _____ C:\Users\Jacob\Desktop\GHOST.WAV
2013-07-26 21:18 - 2013-06-01 04:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-07-26 21:18 - 2013-06-01 04:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-07-26 21:18 - 2013-06-01 04:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-07-26 21:18 - 2013-06-01 04:33 - 02233600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-07-26 21:18 - 2013-06-01 04:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-07-26 21:18 - 2013-06-01 04:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-07-26 21:18 - 2013-06-01 04:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-07-26 21:18 - 2013-06-01 04:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-07-26 21:18 - 2013-06-01 03:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-07-26 21:18 - 2013-06-01 02:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-07-26 21:18 - 2013-06-01 02:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-07-26 21:18 - 2013-06-01 02:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-07-26 21:18 - 2013-06-01 02:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-07-26 21:18 - 2013-06-01 02:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-07-26 21:18 - 2013-06-01 02:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-07-26 21:18 - 2013-06-01 02:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-07-26 21:18 - 2013-06-01 02:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-07-26 21:18 - 2013-06-01 02:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-07-26 21:18 - 2013-06-01 02:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-07-26 21:18 - 2013-06-01 02:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-07-26 21:18 - 2013-06-01 02:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-07-26 21:18 - 2013-06-01 02:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-07-26 21:18 - 2013-06-01 02:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-07-26 21:18 - 2013-06-01 02:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-07-26 21:18 - 2013-06-01 02:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-07-26 21:18 - 2013-06-01 02:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-07-26 21:18 - 2013-06-01 02:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-07-26 21:18 - 2013-06-01 02:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-07-26 21:18 - 2013-05-31 20:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-07-26 21:18 - 2013-05-24 15:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-07-26 21:18 - 2013-05-24 15:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-07-26 21:18 - 2013-05-24 15:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-07-26 21:18 - 2013-05-24 15:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-07-26 21:18 - 2013-05-19 17:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-07-26 21:17 - 2013-06-16 15:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-07-26 21:03 - 2013-07-26 21:03 - 00000489 _____ C:\Users\Jacob\Desktop\aswMBR.txt
2013-07-26 20:56 - 2013-07-26 20:58 - 04745728 _____ (AVAST Software) C:\Users\Jacob\Downloads\aswMBR.exe
2013-07-26 20:51 - 2013-07-26 20:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-07-25 21:49 - 2013-07-25 21:49 - 00000000 ____D C:\FRST
2013-07-25 17:35 - 2013-07-25 17:35 - 03416108 _____ C:\Users\Jacob\Downloads\A Fight Song.wav
2013-07-21 21:15 - 2013-07-21 21:16 - 05251116 _____ C:\Users\Jacob\Downloads\20130721_135835.wav
2013-07-21 21:14 - 2013-07-21 21:14 - 00852012 _____ C:\Users\Jacob\Downloads\20130721_185336.wav
2013-07-21 21:13 - 2013-07-21 21:13 - 02981932 _____ C:\Users\Jacob\Downloads\20130514_203736.wav
2013-07-20 21:57 - 2013-07-20 21:58 - 00000000 ____D C:\Users\Jacob\Downloads\Troy Stetina - Speed Mechanics for Lead guitar
2013-07-20 11:13 - 2013-07-20 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL (1).exe
2013-07-17 19:24 - 2013-07-17 19:25 - 08273964 _____ C:\Users\Jacob\Downloads\Strike the Ground P1.wav
2013-07-16 22:37 - 2013-07-16 22:37 - 06807596 _____ C:\Users\Jacob\Downloads\Song2.wav
2013-07-16 21:48 - 2013-07-16 21:49 - 08560684 _____ C:\Users\Jacob\Downloads\Song1.wav
2013-07-14 18:05 - 2013-07-14 18:06 - 00262144 _____ C:\WINDOWS\Minidump\071413-76328-01.dmp
2013-07-14 18:05 - 2013-07-14 18:05 - 00520416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-13 23:58 - 2013-05-30 16:14 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-13 23:56 - 2013-06-01 02:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2013-07-13 23:56 - 2013-06-01 02:21 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-13 23:56 - 2013-04-11 15:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2013-07-13 23:56 - 2013-04-11 15:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-13 23:55 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-07-13 23:55 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-07-13 23:55 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-07-13 23:55 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-07-13 23:55 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-07-13 23:55 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-07-13 23:55 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-07-13 23:55 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-07-13 23:55 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-13 23:55 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-13 23:55 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-13 23:55 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-13 23:55 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-13 23:55 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-13 23:55 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-13 23:55 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-13 23:55 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-13 23:54 - 2013-05-03 23:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-13 23:54 - 2013-05-03 21:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2013-07-13 21:13 - 2013-07-13 21:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL.exe
2013-07-10 18:48 - 2013-07-10 18:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 18:48 - 2013-07-10 18:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 21:15 - 2013-07-09 21:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-09 21:15 - 2013-07-09 21:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-07 22:46 - 2013-07-07 22:46 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-07 22:08 - 2013-05-15 15:35 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2013-07-06 20:35 - 2013-07-06 20:35 - 06953496 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight (1).exe
2013-07-05 15:48 - 2013-07-05 16:04 - 06602902 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight.exe
2013-07-01 18:18 - 2013-07-14 18:05 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-01 18:18 - 2013-07-01 18:18 - 00262144 _____ C:\WINDOWS\Minidump\070113-75296-01.dmp
2013-07-01 18:17 - 2013-07-14 18:05 - 564690292 _____ C:\WINDOWS\MEMORY.DMP
2013-07-01 18:07 - 2013-07-01 19:09 - 00000000 ____D C:\Users\Jacob\Downloads\The.Purge.2013.WEBRip.R6.XViD.AC3 - W00D
107

==================== One Month Modified Files and Folders =======

2013-07-31 19:11 - 2013-06-01 10:39 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\vlc
2013-07-31 19:11 - 2012-12-16 13:21 - 00000000 ____D C:\Users\Jacob\Desktop\Documents\Outlook Files
2013-07-31 19:00 - 2012-07-26 01:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-31 18:48 - 2013-01-01 22:26 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 18:47 - 2013-07-31 18:47 - 01781589 _____ (Farbar) C:\Users\Jacob\Desktop\FRST64.exe
2013-07-31 18:47 - 2013-07-27 21:55 - 00000000 ____D C:\Users\Jacob\Desktop\geekstogo
2013-07-31 18:26 - 2012-12-16 04:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-31 18:02 - 2012-12-16 02:44 - 00000000 ____D C:\Users\Jacob\AppData\Local\Pokki
2013-07-31 03:05 - 2012-07-26 00:28 - 00848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-31 03:02 - 2013-01-27 19:05 - 00000564 _____ C:\WINDOWS\Tasks\MATLAB R2012b Startup Accelerator.job
2013-07-31 03:01 - 2013-01-01 22:26 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 02:59 - 2012-07-26 00:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-31 02:02 - 2013-06-07 20:21 - 00000282 _____ C:\WINDOWS\Tasks\TopArcadeHits.job
2013-07-31 01:57 - 2013-07-28 21:44 - 00000000 ____D C:\Users\Jacob\Desktop\TAKE THE HILL
2013-07-29 18:54 - 2013-07-29 18:53 - 00001166 _____ C:\AdwCleaner[S6].txt
2013-07-29 18:17 - 2013-07-28 13:38 - 00002322 _____ C:\Users\Jacob\Desktop\Rkill.txt
2013-07-29 18:10 - 2012-12-16 01:03 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2234159068-2688919450-3802922479-1000
2013-07-29 17:53 - 2013-07-29 17:52 - 00001105 _____ C:\AdwCleaner[S5].txt
2013-07-29 17:53 - 2012-07-25 22:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-07-29 17:49 - 2013-07-29 17:49 - 00002545 _____ C:\Users\Jacob\Desktop\JRT.txt
2013-07-29 01:04 - 2013-03-31 19:25 - 01229467 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-28 23:59 - 2011-05-28 23:30 - 00000000 ____D C:\Users\Jacob\Desktop\Documents\Words
2013-07-28 16:49 - 2013-07-28 16:48 - 00001034 _____ C:\AdwCleaner[S4].txt
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Jacob\Desktop\rkill
2013-07-27 23:40 - 2012-12-16 02:37 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\R-Wipe&Clean
2013-07-27 23:01 - 2012-12-16 01:22 - 00419840 ___SH C:\Users\Jacob\Desktop\Thumbs.db
2013-07-27 22:38 - 2013-07-27 22:37 - 00000975 _____ C:\AdwCleaner[S3].txt
2013-07-27 22:26 - 2013-07-27 22:26 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-27 22:18 - 2012-12-16 00:39 - 00041734 _____ C:\WINDOWS\PFRO.log
2013-07-27 21:52 - 2013-07-27 21:51 - 00001038 _____ C:\AdwCleaner[S2].txt
2013-07-27 00:13 - 2013-04-13 18:25 - 00001314 _____ C:\Users\Jacob\Desktop\Inland Empire (2006) - Shortcut.lnk
2013-07-26 21:12 - 2012-07-26 01:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-26 21:03 - 2013-07-26 21:03 - 00000489 _____ C:\Users\Jacob\Desktop\aswMBR.txt
2013-07-26 20:58 - 2013-07-26 20:56 - 04745728 _____ (AVAST Software) C:\Users\Jacob\Downloads\aswMBR.exe
2013-07-26 20:57 - 2011-05-28 23:11 - 00000000 ___RD C:\Users\Jacob\Virtual Machines
2013-07-26 20:54 - 2013-04-11 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 20:53 - 2013-07-26 20:51 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-07-26 20:52 - 2013-05-12 12:08 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\BSplayer
2013-07-26 20:52 - 2013-05-12 12:08 - 00000000 ____D C:\Program Files (x86)\Webteh
2013-07-26 20:44 - 2013-01-26 20:07 - 00000000 ____D C:\ProgramData\MFAData
2013-07-26 20:42 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-07-26 20:20 - 2012-12-16 04:55 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\TakeOwnershipEx
2013-07-25 21:49 - 2013-07-25 21:49 - 00000000 ____D C:\FRST
2013-07-25 21:48 - 2010-09-02 13:02 - 00000000 __SHD C:\Recovery
2013-07-25 17:35 - 2013-07-25 17:35 - 03416108 _____ C:\Users\Jacob\Downloads\A Fight Song.wav
2013-07-21 22:43 - 2013-04-13 12:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-21 21:16 - 2013-07-21 21:15 - 05251116 _____ C:\Users\Jacob\Downloads\20130721_135835.wav
2013-07-21 21:14 - 2013-07-21 21:14 - 00852012 _____ C:\Users\Jacob\Downloads\20130721_185336.wav
2013-07-21 21:13 - 2013-07-21 21:13 - 02981932 _____ C:\Users\Jacob\Downloads\20130514_203736.wav
2013-07-20 21:58 - 2013-07-20 21:57 - 00000000 ____D C:\Users\Jacob\Downloads\Troy Stetina - Speed Mechanics for Lead guitar
2013-07-20 11:13 - 2013-07-20 11:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL (1).exe
2013-07-19 22:09 - 2012-07-25 22:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-07-17 19:25 - 2013-07-17 19:24 - 08273964 _____ C:\Users\Jacob\Downloads\Strike the Ground P1.wav
2013-07-16 22:37 - 2013-07-16 22:37 - 06807596 _____ C:\Users\Jacob\Downloads\Song2.wav
2013-07-16 21:49 - 2013-07-16 21:48 - 08560684 _____ C:\Users\Jacob\Downloads\Song1.wav
2013-07-14 18:06 - 2013-07-14 18:05 - 00262144 _____ C:\WINDOWS\Minidump\071413-76328-01.dmp
2013-07-14 18:05 - 2013-07-14 18:05 - 00520416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 18:05 - 2013-07-01 18:18 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-14 18:05 - 2013-07-01 18:17 - 564690292 _____ C:\WINDOWS\MEMORY.DMP
2013-07-14 13:13 - 2012-07-26 00:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 13:13 - 2012-07-25 22:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-07-13 21:13 - 2013-07-13 21:13 - 00602112 _____ (OldTimer Tools) C:\Users\Jacob\Downloads\OTL.exe
2013-07-13 12:52 - 2013-01-01 22:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 20:43 - 2013-01-01 22:26 - 00003886 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 20:43 - 2013-01-01 22:26 - 00003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 22:19 - 2012-07-25 22:37 - 00000000 ____D C:\WINDOWS\servicing
2013-07-10 18:54 - 2012-12-16 04:22 - 78185248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-10 18:53 - 2012-12-16 12:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:48 - 2013-07-10 18:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 18:48 - 2013-07-10 18:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 21:15 - 2013-07-09 21:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-09 21:15 - 2013-07-09 21:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-09 21:08 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-09 21:08 - 2012-07-25 22:26 - 00000167 _____ C:\WINDOWS\win.ini
2013-07-09 17:16 - 2013-06-15 20:16 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-07-07 22:46 - 2013-07-07 22:46 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-07-06 20:35 - 2013-07-06 20:35 - 06953496 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight (1).exe
2013-07-06 19:26 - 2012-12-16 02:24 - 00000000 ____D C:\Program Files\PeerBlock
2013-07-05 16:04 - 2013-07-05 15:48 - 06602902 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Silverlight.exe
2013-07-04 23:51 - 2012-09-09 17:24 - 00063488 ___SH C:\Users\Jacob\Downloads\Thumbs.db
2013-07-01 19:09 - 2013-07-01 18:07 - 00000000 ____D C:\Users\Jacob\Downloads\The.Purge.2013.WEBRip.R6.XViD.AC3 - W00D
2013-07-01 19:08 - 2012-12-16 01:59 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\uTorrent
2013-07-01 18:18 - 2013-07-01 18:18 - 00262144 _____ C:\WINDOWS\Minidump\070113-75296-01.dmp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-31 01:00

==================== End Of Log ============================














Farbar Service Scanner Version: 26-07-2013
Ran by Jacob (administrator) on 31-07-2013 at 20:16:09
Running from "C:\Users\Jacob\Desktop"
Microsoft Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****












Thank you for your time.
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Lets check the integrity of the system.

Press the Windows key+Run. At the Run line copy and paste the following command and click OK:

SFC /Scannow

Let me know the outcome.
  • 0

#13
hank_venture

hank_venture

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
uh oh....I copy pasted SFC /Scannow , and a ms/dos window and flashed briefly. Restarted and tried again with same outcome.
  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Lets use then the command prompt and see. Open an administrator command prompt (Start -> type CMD and press CTRL+SHIFT+ENTER. Copy and paste the following command on the prompt and press Enter:

SFC /Scannow

Once finished, type Exit and press Enter to return to Windows. Let me know the outcome.
  • 0

#15
hank_venture

hank_venture

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello. I have posted a screen shots of the results.


SFC.JPG
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP