Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Infected with SomotoBetterInstaller

  1. #1
    Junior Member
    Join Date
    Apr 2014
    Posts
    8

    Default Infected with SomotoBetterInstaller

    Hi, Ive recently detected SomotoBetterInstaller using sypbot. Im using windows 8 so Im unable to use ERUNT. Below are the logs I'm supposed to include. I apologize in advance if I missed out any steps.

    DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
    Run by Fye at 3:13:03 on 2014-04-04
    Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.3884.2167 [GMT 8:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\nvvsvc.exe
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\WINDOWS\system32\nvvsvc.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    C:\WINDOWS\SysWOW64\NLSSRV32.EXE
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\taskhostex.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\WINDOWS\system32\taskeng.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\BitComet\tools\BitCometService.exe
    C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
    C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uSearch Bar = www.google.com
    uSearch Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
    uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    mWinlogon: Userinit = userinit.exe,
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
    uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{C0736182-6671-467B-9921-29689C12F85E} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{C0736182-6671-467B-9921-29689C12F85E}\8454C4050275946494 : DHCPNameServer = 8.8.8.8
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= c:\windows\syswow64\nvinit.dll, c:\progra~2\nvidia~1\nvstre~1\rxinput.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Fye\AppData\Roaming\Mozilla\Firefox\Profiles\cix9b48u.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
    FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
    FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdisFlt;Avast! Firewall Driver;C:\WINDOWS\System32\Drivers\aswNdisFlt.sys [2014-4-3 445304]
    R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\Drivers\aswRvrt.sys [2014-4-3 65776]
    R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\Drivers\aswVmm.sys [2014-4-3 208928]
    R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2013-5-27 30496]
    R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2013-7-12 56336]
    R1 aswKbd;aswKbd;C:\WINDOWS\System32\Drivers\aswKbd.sys [2014-4-3 28184]
    R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2014-4-3 1039096]
    R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2014-4-3 423240]
    R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
    R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2014-4-3 79184]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-3 50344]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-3 109048]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-4 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-4 857912]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-4-30 230408]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-4-30 70152]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-5 14984480]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-3 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-3 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-3 171416]
    R3 aswStm;aswStm;C:\WINDOWS\System32\Drivers\aswStm.sys [2014-4-3 84816]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
    R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-5-23 632352]
    R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\WINDOWS\System32\Drivers\dtscsibus.sys [2013-6-3 29696]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\Drivers\HECIx64.sys [2009-9-18 56344]
    R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2014-4-4 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2014-4-4 119512]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2014-4-4 63192]
    R3 NETJME;JMicron Ethernet Adapter NDIS6.30 Driver (Amd64 Bits);C:\WINDOWS\System32\Drivers\NETJME.sys [2012-7-6 137728]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\Drivers\nvvad64v.sys [2013-8-5 39712]
    S3 androidusb;ADB Interface Driver;C:\WINDOWS\System32\Drivers\androidusb.sys [2010-4-29 32768]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\WINDOWS\System32\Drivers\nmwcdnsucx64.sys [2013-1-23 12800]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\WINDOWS\System32\Drivers\nmwcdnsux64.sys [2013-1-23 171008]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\System32\Drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\System32\Drivers\ssadmdm.sys [2011-5-13 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\WINDOWS\System32\Drivers\ssadserd.sys [2011-5-13 146920]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
    S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    S3 WUDFWpdComp;WUDFWpdComp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    .
    =============== Created Last 30 ================
    .
    2014-04-03 18:48:07 -------- d-----w- C:\AdwCleaner
    2014-04-03 18:40:40 -------- d-----w- C:\FRST
    2014-04-03 17:06:29 119512 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    2014-04-03 17:06:06 88280 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    2014-04-03 17:06:06 63192 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
    2014-04-03 17:06:06 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
    2014-04-03 17:06:06 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-04-03 17:06:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-02 18:18:52 -------- d-----w- C:\WINDOWS\System32\MRT
    2014-04-02 18:14:09 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C288467-8166-4C37-8EEF-DCBBF243ADFF}\offreg.dll
    2014-04-02 18:13:52 -------- d-----w- C:\Program Files\CCleaner
    2014-04-02 18:08:21 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
    2014-04-02 18:03:59 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-04-02 18:03:57 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-04-02 18:01:07 33280 ----a-w- C:\WINDOWS\System32\drivers\usbser.sys
    2014-04-02 18:01:05 576512 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
    2014-04-02 18:01:04 1160192 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
    2014-04-02 18:01:03 888832 ----a-w- C:\WINDOWS\System32\nshwfp.dll
    2014-04-02 18:01:03 723968 ----a-w- C:\WINDOWS\System32\BFE.DLL
    2014-04-02 18:01:03 702464 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
    2014-04-02 18:01:03 381952 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
    2014-04-02 18:01:03 245248 ----a-w- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
    2014-04-02 18:01:02 96600 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
    2014-04-02 18:00:25 1845248 ----a-w- C:\WINDOWS\System32\msxml3.dll
    2014-04-02 18:00:24 1419264 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
    2014-04-02 17:59:37 62976 ----a-w- C:\WINDOWS\System32\imagehlp.dll
    2014-04-02 17:59:37 59392 ----a-w- C:\WINDOWS\SysWow64\imagehlp.dll
    2014-04-02 17:59:27 652288 ----a-w- C:\WINDOWS\System32\comctl32.dll
    2014-04-02 17:59:26 541696 ----a-w- C:\WINDOWS\SysWow64\comctl32.dll
    2014-04-02 17:59:03 2232664 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
    2014-04-02 17:59:02 411880 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
    2014-04-02 17:59:02 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
    2014-04-02 17:59:01 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2014-04-02 17:59:01 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2014-04-02 17:57:59 40448 ----a-w- C:\WINDOWS\System32\wuapp.exe
    2014-04-02 17:57:59 35328 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
    2014-04-02 17:57:52 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
    2014-04-02 17:57:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2014-04-02 17:57:35 1300992 ----a-w- C:\WINDOWS\System32\gdi32.dll
    2014-04-02 17:57:34 1022976 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
    2014-04-02 17:57:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-02 17:35:27 43152 ----a-w- C:\WINDOWS\avastSS.scr
    2014-04-02 17:34:47 445304 ----a-w- C:\WINDOWS\System32\drivers\aswNdisFlt.sys
    2014-04-02 17:28:52 -------- d-----w- C:\Users\Fye\AppData\Roaming\AVAST Software
    2014-04-02 17:27:33 93568 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
    2014-04-02 17:27:33 84816 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
    2014-04-02 17:27:33 79184 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    2014-04-02 17:27:33 65776 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
    2014-04-02 17:27:33 28184 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
    2014-04-02 17:27:33 208928 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
    2014-04-02 17:27:33 1039096 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
    2014-04-02 17:26:53 -------- d-----w- C:\Program Files\AVAST Software
    2014-04-02 16:02:14 -------- dc----w- C:\Users\Fye\AppData\Local\MigWiz
    2014-04-02 15:59:39 144896 ----a-w- C:\WINDOWS\System32\tssdisai.dll
    2014-04-02 15:59:27 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
    2014-04-02 15:59:27 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
    2014-04-02 15:59:17 312320 ----a-w- C:\WINDOWS\System32\msieftp.dll
    2014-04-02 15:59:17 273408 ----a-w- C:\WINDOWS\SysWow64\msieftp.dll
    2014-03-23 08:47:54 -------- d-----w- C:\Users\Fye\AppData\Local\ElevatedDiagnostics
    2014-03-22 07:52:34 -------- d-----w- C:\Users\Fye\AppData\Roaming\iMobie
    2014-03-22 07:52:34 -------- d-----w- C:\Users\Fye\AppData\Local\iMobie_Inc
    2014-03-22 07:45:15 -------- d-----w- C:\Program Files (x86)\Sharepod
    2014-03-22 06:45:18 -------- d-----w- C:\Program Files\iPod
    2014-03-22 06:45:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-22 06:45:17 -------- d-----w- C:\Program Files\iTunes
    2014-03-22 06:45:17 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-03-20 04:06:33 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
    .
    ==================== Find3M ====================
    .
    2014-03-04 22:52:34 78304 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-04 22:52:34 694240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2014-01-16 00:42:40 608032 ----a-w- C:\SecurityScanner.dll
    .
    ============= FINISH: 3:14:31.01 ===============

    Thank you,

    jeyf
    Attached Files Attached Files

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi and welcome

    I can see you have already used tools we use to help diagnose, I would like to see the logs

    The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    C:\AdwCleaner\AdwCleaner[R0].txt <-- the number in brackets can be different please look for your latest log


    Farbar Recovery Scan Tool
    FRST.txt and Addition.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Apr 2014
    Posts
    8

    Default

    hi,

    the problem I'm having now is,once I log'd in it will automatically change to a white flickering screen,and the only thing i could do is where it will sometimes goes back to the login page. will try to upload the logs asap. thanks!

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    hate to think what that might be related to, try safe mode with networking?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Apr 2014
    Posts
    8

    Default

    Malware

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 05/04/2014
    Scan Time: 02:30:45
    Logfile: MAM.txt
    Administrator: Yes

    Version: 2.00.0.1000
    Malware Database: v2014.04.04.05
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Fye

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 282464
    Time Elapsed: 12 min, 52 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ADW

    # AdwCleaner v3.023 - Report created 04/04/2014 at 02:50:52
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 8 Pro (64 bits)
    # Username : Fye - FYE-PC
    # Running from : C:\Users\Fye\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
    Folder Deleted : C:\Users\Fye\AppData\Local\webplayer
    Folder Deleted : C:\Users\Fye\AppData\Roaming\PerformerSoft
    Folder Deleted : C:\Users\Fye\Documents\Optimizer Pro
    File Deleted : C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16519


    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Fye\AppData\Roaming\Mozilla\Firefox\Profiles\cix9b48u.default\prefs.js ]


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4220 octets] - [04/04/2014 02:48:09]
    AdwCleaner[S0].txt - [4003 octets] - [04/04/2014 02:50:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4063 octets] ##########

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by Fye (administrator) on FYE-PC on 05-04-2014 02:23:33
    Running from C:\Users\Fye\Downloads
    Windows 8 Pro (X64) OS Language: English(UK)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\NLSSRV32.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    (www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
    (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
    (www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MsoSync.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
    (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    (Farbar) C:\Users\Fye\Downloads\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-03] (AVAST Software)
    HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\Run: [BitComet] - C:\Program Files\BitComet\BitComet.exe [20529920 2013-02-19] (www.BitComet.com)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\Run: [DAEMON Tools Ultra Agent] - C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3123744 2013-05-23] (Disc Soft Ltd)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\Run: [] - [X]
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\MountPoints2: {4e07268c-cc64-11e2-be71-1c4bd6188f6b} - "F:\setup.exe"
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\MountPoints2: {94deb0e7-d120-11e2-be71-1c4bd6188f6b} - "G:\autorun.exe"
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitComet] - C:\Program Files\BitComet\BitComet.exe [20529920 2013-02-19] (www.BitComet.com)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Ultra Agent] - C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3123744 2013-05-23] (Disc Soft Ltd)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] - [X]
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4e07268c-cc64-11e2-be71-1c4bd6188f6b} - "F:\setup.exe"
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {94deb0e7-d120-11e2-be71-1c4bd6188f6b} - "G:\autorun.exe"
    AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [266448 2013-05-13] (NVIDIA Corporation)
    AppInit_DLLs: , C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
    AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [214448 2013-05-13] (NVIDIA Corporation)
    AppInit_DLLs-x32: , c:\progra~2\nvidia~1\nvstre~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB3E0DB1BA529CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB,en-US;q=0.7,en;q=0.3
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Fye\AppData\Roaming\Mozilla\Firefox\Profiles\cix9b48u.default
    FF NewTab: about:blank
    FF SelectedSearchEngine: Google
    FF Homepage: about:home
    FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-03]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}
    CHR DefaultNewTabURL:
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Extension: (Google Docs) - C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-27]
    CHR Extension: (Google Drive) - C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-27]
    CHR Extension: (YouTube) - C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-27]
    CHR Extension: (Google Search) - C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-27]
    CHR Extension: (avast! Online Security) - C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-03]
    CHR Extension: (Google Wallet) - C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
    CHR Extension: (Gmail) - C:\Users\Fye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-27]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-03]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-03] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-03] (AVAST Software)
    R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-05-23] (Disc Soft Ltd)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-03] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-03] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-03] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-03] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-03] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-03] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-03] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-03] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-03] ()
    R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2013-06-03] (Disc Soft Ltd)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-05] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
    R3 MTsensor; C:\Windows\system32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
    R3 NETJME; C:\Windows\system32\DRIVERS\NETJME.sys [137728 2012-07-06] (JMicron Technology Corp.)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-15] (NVIDIA Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
    S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    S3 Andbus; \SystemRoot\System32\drivers\lgandbus64.sys [X]
    S3 AndDiag; \SystemRoot\system32\DRIVERS\lganddiag64.sys [X]
    S3 ANDModem; \SystemRoot\system32\DRIVERS\lgandmodem64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-05 02:22 - 2014-04-05 02:23 - 02157056 _____ (Farbar) C:\Users\Fye\Downloads\FRST64(1).exe
    2014-04-04 03:21 - 2014-04-04 03:21 - 00002632 _____ () C:\Users\Fye\Desktop\attach21.zip
    2014-04-04 03:20 - 2014-04-04 03:20 - 00008056 _____ () C:\Users\Fye\Desktop\attach21.txt
    2014-04-04 03:14 - 2014-04-04 03:14 - 00021420 _____ () C:\Users\Fye\Desktop\dds.txt
    2014-04-04 03:14 - 2014-04-04 03:14 - 00008056 _____ () C:\Users\Fye\Desktop\attach.txt
    2014-04-04 03:12 - 2014-04-04 03:13 - 04745728 _____ (AVAST Software) C:\Users\Fye\Downloads\aswMBR.exe
    2014-04-04 03:12 - 2014-04-04 03:12 - 00688992 ____R (Swearware) C:\Users\Fye\Downloads\dds.scr
    2014-04-04 02:48 - 2014-04-04 02:50 - 00000000 ____D () C:\AdwCleaner
    2014-04-04 02:47 - 2014-04-04 02:47 - 01426178 _____ () C:\Users\Fye\Downloads\AdwCleaner.exe
    2014-04-04 02:46 - 2014-04-04 02:48 - 00000232 _____ () C:\Users\Fye\Downloads\Search.txt
    2014-04-04 02:45 - 2014-04-04 02:45 - 00102124 _____ () C:\Users\Fye\Downloads\Shortcut.txt
    2014-04-04 02:42 - 2014-04-04 02:45 - 00043036 _____ () C:\Users\Fye\Downloads\Addition.txt
    2014-04-04 02:40 - 2014-04-05 02:23 - 00020651 _____ () C:\Users\Fye\Downloads\FRST.txt
    2014-04-04 02:40 - 2014-04-05 02:23 - 00000000 ____D () C:\FRST
    2014-04-04 02:39 - 2014-04-04 02:40 - 02157056 _____ (Farbar) C:\Users\Fye\Downloads\FRST64.exe
    2014-04-04 01:47 - 2014-04-04 02:53 - 00001534 _____ () C:\WINDOWS\PFRO.log
    2014-04-04 01:06 - 2014-04-05 02:17 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-04 01:06 - 2014-04-04 01:06 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-04 01:06 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-04-04 01:06 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-04-04 01:06 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-04-04 01:04 - 2014-04-04 01:05 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Fye\Downloads\mbam-setup-2.0.0.1000.exe
    2014-04-04 01:00 - 2014-04-04 01:00 - 00000000 ____D () C:\Users\Fye\Documents\Outlook Files
    2014-04-03 02:19 - 2014-04-03 02:19 - 00093408 _____ () C:\Users\Fye\Documents\cc_20140403_021942.reg
    2014-04-03 02:18 - 2014-04-03 02:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-04-03 02:14 - 2014-04-03 02:14 - 00002768 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2014-04-03 02:14 - 2014-04-03 02:14 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-04-03 02:13 - 2014-04-03 02:14 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-03 02:12 - 2014-04-03 02:13 - 04787368 _____ (Piriform Ltd) C:\Users\Fye\Downloads\ccsetup412.exe
    2014-04-03 02:09 - 2013-06-01 19:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2014-04-03 02:09 - 2013-06-01 19:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2014-04-03 02:09 - 2013-06-01 19:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2014-04-03 02:09 - 2013-06-01 19:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2014-04-03 02:09 - 2013-06-01 19:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
    2014-04-03 02:09 - 2013-06-01 19:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2014-04-03 02:09 - 2013-06-01 19:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
    2014-04-03 02:09 - 2013-06-01 18:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2014-04-03 02:09 - 2013-06-01 17:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
    2014-04-03 02:09 - 2013-06-01 17:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2014-04-03 02:09 - 2013-06-01 17:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2014-04-03 02:09 - 2013-06-01 17:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2014-04-03 02:09 - 2013-06-01 17:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
    2014-04-03 02:09 - 2013-06-01 17:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2014-04-03 02:09 - 2013-06-01 17:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
    2014-04-03 02:09 - 2013-06-01 17:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2014-04-03 02:09 - 2013-06-01 17:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2014-04-03 02:09 - 2013-06-01 17:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
    2014-04-03 02:09 - 2013-06-01 17:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
    2014-04-03 02:09 - 2013-06-01 17:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2014-04-03 02:09 - 2013-06-01 17:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2014-04-03 02:09 - 2013-06-01 17:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2014-04-03 02:09 - 2013-06-01 17:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2014-04-03 02:09 - 2013-06-01 17:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2014-04-03 02:09 - 2013-06-01 17:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
    2014-04-03 02:09 - 2013-06-01 17:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2014-04-03 02:09 - 2013-06-01 17:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
    2014-04-03 02:09 - 2013-06-01 11:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
    2014-04-03 02:09 - 2013-05-25 06:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2014-04-03 02:09 - 2013-05-25 06:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2014-04-03 02:09 - 2013-05-25 06:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2014-04-03 02:09 - 2013-05-25 06:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2014-04-03 02:09 - 2013-04-09 13:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2014-04-03 02:09 - 2013-04-09 13:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2014-04-03 02:09 - 2013-04-09 13:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2014-04-03 02:09 - 2013-04-09 12:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2014-04-03 02:09 - 2013-04-09 10:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2014-04-03 02:09 - 2013-04-09 10:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
    2014-04-03 02:09 - 2013-04-09 07:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2014-04-03 02:09 - 2013-04-09 07:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2014-04-03 02:08 - 2013-06-17 06:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2014-04-03 02:06 - 2013-08-16 13:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2014-04-03 02:06 - 2013-08-16 13:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
    2014-04-03 02:06 - 2013-08-16 13:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
    2014-04-03 02:06 - 2013-08-16 13:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2014-04-03 02:06 - 2013-08-16 13:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
    2014-04-03 02:06 - 2013-08-16 13:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
    2014-04-03 02:06 - 2013-08-16 13:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2014-04-03 02:06 - 2013-08-16 06:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-04-03 02:06 - 2013-08-16 06:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
    2014-04-03 02:06 - 2013-08-16 06:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
    2014-04-03 02:06 - 2013-08-16 06:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2014-04-03 02:06 - 2013-08-16 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-04-03 02:06 - 2013-08-16 06:43 - 00083968 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
    2014-04-03 02:06 - 2013-08-16 06:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
    2014-04-03 02:06 - 2013-08-16 06:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
    2014-04-03 02:01 - 2013-10-10 19:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2014-04-03 02:01 - 2013-10-10 17:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2014-04-03 02:01 - 2013-10-10 17:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2014-04-03 02:01 - 2013-09-04 11:11 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2014-04-03 02:01 - 2013-08-29 11:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2014-04-03 02:01 - 2013-06-11 03:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2014-04-03 02:01 - 2013-06-11 03:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2014-04-03 02:01 - 2013-06-11 03:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2014-04-03 02:01 - 2013-06-11 03:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2014-04-03 02:00 - 2013-12-05 07:43 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2014-04-03 02:00 - 2013-12-05 07:37 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2014-04-03 01:59 - 2013-11-01 13:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-04-03 01:59 - 2013-10-19 13:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
    2014-04-03 01:59 - 2013-10-19 12:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
    2014-04-03 01:59 - 2013-07-06 08:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2014-04-03 01:59 - 2013-07-04 10:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2014-04-03 01:59 - 2013-03-02 17:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-04-03 01:58 - 2014-04-03 01:58 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-04-03 01:58 - 2014-04-03 01:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
    2014-04-03 01:58 - 2013-10-09 09:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-04-03 01:58 - 2013-10-09 06:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-04-03 01:58 - 2013-10-09 06:30 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-04-03 01:58 - 2013-10-09 06:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-04-03 01:58 - 2013-10-09 06:27 - 03279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-04-03 01:58 - 2013-10-09 06:27 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-04-03 01:58 - 2013-10-09 06:27 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-04-03 01:58 - 2013-10-09 06:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-04-03 01:58 - 2013-10-09 06:27 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2014-04-03 01:58 - 2013-10-09 06:27 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-04-03 01:58 - 2013-10-09 06:27 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-04-03 01:58 - 2013-10-05 14:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2014-04-03 01:58 - 2013-10-04 06:09 - 00385528 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-04-03 01:58 - 2013-10-02 10:50 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2014-04-03 01:58 - 2013-09-28 13:48 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2014-04-03 01:58 - 2013-09-28 11:58 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2014-04-03 01:58 - 2013-09-25 06:18 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2014-04-03 01:58 - 2013-09-19 15:32 - 01455448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2014-04-03 01:58 - 2013-09-14 06:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
    2014-04-03 01:58 - 2013-09-14 06:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2014-04-03 01:58 - 2013-08-30 13:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2014-04-03 01:58 - 2013-08-30 13:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2014-04-03 01:58 - 2013-08-30 07:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2014-04-03 01:58 - 2013-08-30 07:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2014-04-03 01:58 - 2013-08-16 13:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-04-03 01:58 - 2013-08-16 13:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-04-03 01:58 - 2013-08-16 06:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2014-04-03 01:58 - 2013-03-02 10:45 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe
    2014-04-03 01:58 - 2013-03-02 10:45 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe
    2014-04-03 01:57 - 2014-04-03 02:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-04-03 01:57 - 2014-04-03 01:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-03 01:57 - 2013-10-09 06:30 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-04-03 01:57 - 2013-10-09 06:28 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-04-03 01:57 - 2013-10-03 07:25 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2014-04-03 01:57 - 2013-10-02 06:22 - 01022976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2014-04-03 01:57 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2014-04-03 01:54 - 2014-04-03 01:56 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Fye\Downloads\spybot-2.2.exe
    2014-04-03 01:35 - 2014-04-03 01:35 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-04-03 01:34 - 2014-04-03 01:34 - 00445304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
    2014-04-03 01:28 - 2014-04-03 01:28 - 00000000 ____D () C:\Users\Fye\AppData\Roaming\AVAST Software
    2014-04-03 01:27 - 2014-04-05 02:09 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2014-04-03 01:27 - 2014-04-03 01:36 - 00001974 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
    2014-04-03 01:27 - 2014-04-03 01:35 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-04-03 01:27 - 2014-04-03 01:35 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-04-03 01:27 - 2014-04-03 01:35 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-04-03 01:27 - 2014-04-03 01:35 - 00208928 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-04-03 01:27 - 2014-04-03 01:35 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2014-04-03 01:27 - 2014-04-03 01:35 - 00084816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2014-04-03 01:27 - 2014-04-03 01:35 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-04-03 01:27 - 2014-04-03 01:35 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-04-03 01:27 - 2014-04-03 01:35 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2014-04-03 01:27 - 2014-04-03 01:27 - 00002034 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
    2014-04-03 01:26 - 2014-04-03 01:26 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-04-03 00:34 - 2014-02-17 15:17 - 00000426 _____ () C:\AVScanner.ini
    2014-04-03 00:02 - 2014-04-03 02:21 - 00000000 ___DC () C:\Users\Fye\AppData\Local\MigWiz
    2014-04-02 23:59 - 2013-11-01 13:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
    2014-04-02 23:59 - 2013-11-01 11:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
    2014-04-02 23:59 - 2013-08-07 13:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
    2014-04-02 23:59 - 2012-12-13 12:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2014-04-02 23:59 - 2012-12-13 11:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2014-04-02 21:13 - 2014-04-05 02:11 - 00004942 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for FYE-PC-Fye Fye-PC
    2014-03-23 16:47 - 2014-03-23 16:47 - 00003194 _____ () C:\WINDOWS\System32\Tasks\{9652C5AB-D01B-4455-B00F-6C0A58EC5381}
    2014-03-22 15:52 - 2014-03-22 15:52 - 00000000 ____D () C:\Users\Fye\AppData\Roaming\iMobie
    2014-03-22 15:52 - 2014-03-22 15:52 - 00000000 ____D () C:\Users\Fye\AppData\Local\iMobie_Inc
    2014-03-22 15:51 - 2014-03-22 15:52 - 14846944 _____ (iMobie Inc. ) C:\Users\Fye\Downloads\phonetrans-setup.exe
    2014-03-22 15:47 - 2014-03-22 15:47 - 00000000 ____D () C:\Users\Fye\AppData\Local\Macroplant,_LLC
    2014-03-22 15:47 - 2014-03-22 15:47 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-03-22 15:45 - 2014-03-22 15:45 - 00000000 ____D () C:\Program Files (x86)\Sharepod
    2014-03-22 15:44 - 2014-03-22 15:44 - 05966416 _____ (Macroplant LLC ) C:\Users\Fye\Downloads\Sharepod_Setup_4011.exe
    2014-03-22 14:46 - 2014-03-22 14:46 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\iTunes
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\iPod
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-03-22 13:33 - 2014-03-22 13:37 - 70638408 _____ (Apple Inc.) C:\Users\Fye\Downloads\iCloudSetup.exe
    2014-03-21 02:32 - 2014-03-21 02:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2014-04-05 02:24 - 2013-03-27 02:02 - 00000000 ____D () C:\Users\Fye\AppData\Roaming\BitComet
    2014-04-05 02:23 - 2014-04-05 02:22 - 02157056 _____ (Farbar) C:\Users\Fye\Downloads\FRST64(1).exe
    2014-04-05 02:23 - 2014-04-04 02:40 - 00020651 _____ () C:\Users\Fye\Downloads\FRST.txt
    2014-04-05 02:23 - 2014-04-04 02:40 - 00000000 ____D () C:\FRST
    2014-04-05 02:17 - 2014-04-04 01:06 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-05 02:11 - 2014-04-02 21:13 - 00004942 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for FYE-PC-Fye Fye-PC
    2014-04-05 02:11 - 2013-03-07 01:42 - 01347478 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-04-05 02:09 - 2014-04-03 01:27 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2014-04-05 02:08 - 2013-03-27 02:16 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-05 02:08 - 2012-07-26 15:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-04-05 02:00 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-04-04 10:44 - 2012-07-26 13:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-04-04 10:43 - 2013-03-27 02:16 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-04 10:28 - 2013-05-18 09:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-04-04 07:52 - 2012-07-26 15:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-04-04 03:21 - 2014-04-04 03:21 - 00002632 _____ () C:\Users\Fye\Desktop\attach21.zip
    2014-04-04 03:20 - 2014-04-04 03:20 - 00008056 _____ () C:\Users\Fye\Desktop\attach21.txt
    2014-04-04 03:14 - 2014-04-04 03:14 - 00021420 _____ () C:\Users\Fye\Desktop\dds.txt
    2014-04-04 03:14 - 2014-04-04 03:14 - 00008056 _____ () C:\Users\Fye\Desktop\attach.txt
    2014-04-04 03:13 - 2014-04-04 03:12 - 04745728 _____ (AVAST Software) C:\Users\Fye\Downloads\aswMBR.exe
    2014-04-04 03:12 - 2014-04-04 03:12 - 00688992 ____R (Swearware) C:\Users\Fye\Downloads\dds.scr
    2014-04-04 02:53 - 2014-04-04 01:47 - 00001534 _____ () C:\WINDOWS\PFRO.log
    2014-04-04 02:50 - 2014-04-04 02:48 - 00000000 ____D () C:\AdwCleaner
    2014-04-04 02:48 - 2014-04-04 02:46 - 00000232 _____ () C:\Users\Fye\Downloads\Search.txt
    2014-04-04 02:47 - 2014-04-04 02:47 - 01426178 _____ () C:\Users\Fye\Downloads\AdwCleaner.exe
    2014-04-04 02:45 - 2014-04-04 02:45 - 00102124 _____ () C:\Users\Fye\Downloads\Shortcut.txt
    2014-04-04 02:45 - 2014-04-04 02:42 - 00043036 _____ () C:\Users\Fye\Downloads\Addition.txt
    2014-04-04 02:40 - 2014-04-04 02:39 - 02157056 _____ (Farbar) C:\Users\Fye\Downloads\FRST64.exe
    2014-04-04 01:49 - 2013-04-29 01:57 - 00000000 ____D () C:\Users\Fye\AppData\Roaming\Apple Computer
    2014-04-04 01:06 - 2014-04-04 01:06 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-04 01:05 - 2014-04-04 01:04 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Fye\Downloads\mbam-setup-2.0.0.1000.exe
    2014-04-04 01:00 - 2014-04-04 01:00 - 00000000 ____D () C:\Users\Fye\Documents\Outlook Files
    2014-04-03 06:20 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\rescache
    2014-04-03 03:02 - 2012-07-26 17:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-04-03 03:02 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-04-03 03:02 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
    2014-04-03 03:02 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
    2014-04-03 03:02 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
    2014-04-03 02:26 - 2013-03-26 07:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-03 02:26 - 2010-08-07 22:38 - 00000000 ____D () C:\Users\Fye\Tracing
    2014-04-03 02:25 - 2014-04-03 02:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-04-03 02:21 - 2014-04-03 00:02 - 00000000 ___DC () C:\Users\Fye\AppData\Local\MigWiz
    2014-04-03 02:21 - 2013-07-13 00:33 - 00000000 ____D () C:\Users\Fye\AppData\Local\CrashDumps
    2014-04-03 02:21 - 2013-03-06 16:08 - 00000000 ____D () C:\WINDOWS\Panther
    2014-04-03 02:19 - 2014-04-03 02:19 - 00093408 _____ () C:\Users\Fye\Documents\cc_20140403_021942.reg
    2014-04-03 02:18 - 2012-07-26 13:26 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-04-03 02:14 - 2014-04-03 02:14 - 00002768 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2014-04-03 02:14 - 2014-04-03 02:14 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-04-03 02:14 - 2014-04-03 02:13 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-03 02:13 - 2014-04-03 02:12 - 04787368 _____ (Piriform Ltd) C:\Users\Fye\Downloads\ccsetup412.exe
    2014-04-03 02:03 - 2014-04-03 01:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-04-03 01:58 - 2014-04-03 01:58 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-04-03 01:58 - 2014-04-03 01:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
    2014-04-03 01:58 - 2014-04-03 01:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-03 01:56 - 2014-04-03 01:54 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Fye\Downloads\spybot-2.2.exe
    2014-04-03 01:36 - 2014-04-03 01:27 - 00001974 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
    2014-04-03 01:35 - 2014-04-03 01:35 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-04-03 01:35 - 2014-04-03 01:27 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-04-03 01:35 - 2014-04-03 01:27 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-04-03 01:35 - 2014-04-03 01:27 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-04-03 01:35 - 2014-04-03 01:27 - 00208928 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-04-03 01:35 - 2014-04-03 01:27 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2014-04-03 01:35 - 2014-04-03 01:27 - 00084816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2014-04-03 01:35 - 2014-04-03 01:27 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-04-03 01:35 - 2014-04-03 01:27 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-04-03 01:35 - 2014-04-03 01:27 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2014-04-03 01:34 - 2014-04-03 01:34 - 00445304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
    2014-04-03 01:34 - 2013-03-29 21:57 - 00000000 ____D () C:\Users\Fye\Desktop\Fin206
    2014-04-03 01:28 - 2014-04-03 01:28 - 00000000 ____D () C:\Users\Fye\AppData\Roaming\AVAST Software
    2014-04-03 01:27 - 2014-04-03 01:27 - 00002034 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
    2014-04-03 01:27 - 2013-07-11 02:39 - 00000000 ____D () C:\Users\Fye\AppData\Roaming\vlc
    2014-04-03 01:26 - 2014-04-03 01:26 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-04-03 01:26 - 2013-03-27 02:13 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-04-03 00:45 - 2012-07-26 13:37 - 00000000 ____D () C:\WINDOWS\servicing
    2014-04-03 00:43 - 2012-07-26 13:26 - 00000167 _____ () C:\WINDOWS\win.ini
    2014-04-03 00:36 - 2012-07-26 13:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-04-03 00:31 - 2014-01-07 22:38 - 00000000 ____D () C:\ProgramData\MFAData
    2014-04-01 23:02 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
    2014-03-29 14:32 - 2013-03-07 01:56 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1030194540-516387514-213074493-1002
    2014-03-24 02:36 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-03-23 16:47 - 2014-03-23 16:47 - 00003194 _____ () C:\WINDOWS\System32\Tasks\{9652C5AB-D01B-4455-B00F-6C0A58EC5381}
    2014-03-22 15:52 - 2014-03-22 15:52 - 00000000 ____D () C:\Users\Fye\AppData\Roaming\iMobie
    2014-03-22 15:52 - 2014-03-22 15:52 - 00000000 ____D () C:\Users\Fye\AppData\Local\iMobie_Inc
    2014-03-22 15:52 - 2014-03-22 15:51 - 14846944 _____ (iMobie Inc. ) C:\Users\Fye\Downloads\phonetrans-setup.exe
    2014-03-22 15:47 - 2014-03-22 15:47 - 00000000 ____D () C:\Users\Fye\AppData\Local\Macroplant,_LLC
    2014-03-22 15:47 - 2014-03-22 15:47 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-03-22 15:45 - 2014-03-22 15:45 - 00000000 ____D () C:\Program Files (x86)\Sharepod
    2014-03-22 15:44 - 2014-03-22 15:44 - 05966416 _____ (Macroplant LLC ) C:\Users\Fye\Downloads\Sharepod_Setup_4011.exe
    2014-03-22 14:46 - 2014-03-22 14:46 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\iTunes
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\iPod
    2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-03-22 14:42 - 2013-04-29 01:53 - 00000000 ____D () C:\ProgramData\Apple
    2014-03-22 14:22 - 2013-03-07 01:34 - 00000000 ____D () C:\Users\Fye\AppData\Local\Apple Computer
    2014-03-22 13:40 - 2013-05-17 04:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-22 13:39 - 2013-04-29 01:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-03-22 13:37 - 2014-03-22 13:33 - 70638408 _____ (Apple Inc.) C:\Users\Fye\Downloads\iCloudSetup.exe
    2014-03-21 02:32 - 2014-03-21 02:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-12 23:28 - 2013-05-18 09:25 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

    Files to move or delete:
    ====================
    C:\Users\Fye\genie11_setup_b128.exe


    Some content of TEMP:
    ====================
    C:\Users\Fye\AppData\Local\Temp\NOSEventMessages.dll
    C:\Users\Fye\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-29 14:33

    ==================== End Of Log ============================

  6. #6
    Junior Member
    Join Date
    Apr 2014
    Posts
    8

    Default

    Addition

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by Fye at 2014-04-04 02:44:21
    Running from C:\Users\Fye\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.6.0 - Ask.com) <==== ATTENTION
    avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
    BitComet 1.35 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.35 - CometNetwork)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
    Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
    Corel PaintShop Pro X5 (x32 Version: 15.2.0.12 - Corel Corporation) Hidden
    DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 1.1.0.0101 - Disc Soft Ltd)
    Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BED39C88-768C-4345-BF11-58436C984F2A}) (Version: - Microsoft)
    Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    FM Genie Scout 13 version 1.0 13.3.3 (HKLM-x32\...\FM Genie Scout 13_is1) (Version: 1.0 13.3.3 - )
    FM Genie Scout 14 version 1.0 14.1.4 (HKLM-x32\...\FM Genie Scout 14_is1) (Version: 1.0 14.1.4 - )
    Football Manager 2013 version 13.3.3 (HKLM-x32\...\{04BDADD5-B981-49DB-90F0-DE11F19C50B4}_is1) (Version: 13.3.3 - SEGA)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
    High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
    ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
    LG USB WML Modem Driver (HKLM-x32\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
    Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
    Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
    MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
    Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
    Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
    Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
    Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
    Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
    Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
    Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
    Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
    Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
    Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
    Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
    Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
    Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
    Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
    Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
    Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
    Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
    Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
    Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
    Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
    Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
    Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
    Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
    Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
    Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
    Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
    Nitro Pro 8 (HKLM\...\{1FE32237-FC1F-4E8B-A385-5A748C8E6FDA}) (Version: 8.5.3.14 - Nitro)
    Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
    Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
    Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
    NSS (remove only) (HKLM-x32\...\NSS) (Version: 1.0.38.15 - B-Phreaks Ltd)
    NVIDIA Control Panel 320.18 (Version: 320.18 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)
    NVIDIA Graphics Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.131.854 - NVIDIA Corporation) Hidden
    NVIDIA Optimus 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA Update 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden
    NVIDIA Update Components (Version: 7.2.17 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.1 - NVIDIA Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
    PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    PSPPContent (x32 Version: 15.2.0.12 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
    PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    Setup (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
    Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
    SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
    Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D5412C67-998B-4246-A668-AB522D9F63FE}) (Version: - Microsoft)
    Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E759A69-FA72-4B3C-BE2F-D1194764D31E}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F8580E12-045B-471B-AF74-98C977347F4E}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{686A7FD7-2496-49C8-A0BE-D8A1CF1A32ED}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA390537-AA88-450F-A240-5FB4648A124A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8D57F4A-0824-4043-89E7-3C6280B67A47}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8587E5B1-6279-4396-B9AC-20B334F4FF88}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{39E58ED8-B687-49BD-88F9-968563F51F8E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C809B1D6-BD31-4496-BCFE-4567E0854F5F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{856D47BC-036C-4692-8702-D6CCA8F428D0}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B38036CB-BAF6-41D4-8810-FD016453ABB9}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2A286156-257B-4528-9DB5-B4D4D53211BC}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{92833C80-DC88-4A22-8630-407F810EF57B}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{00A8F3D3-B596-4E04-A180-C9EB4EC87762}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F2187E8D-C68A-4655-8551-1932878A5581}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6EE51F51-57B1-4DC7-96C2-857DB7F0BE93}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0A90C645-3F9A-4CF9-BF62-2609602E3DAB}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3A48DE63-607B-4FEA-A862-B52669C4433C}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A3C746D9-41B4-4C7E-BF60-0F8C50AD5A0F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{EADF44E2-DD3F-4FAC-B17F-566956C06503}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{12087F1E-35F9-4620-9157-BD9C3CFFA2E2}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6FF949A3-1C3F-41C2-9464-933E885ECB53}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{52105DB7-F9D9-482C-8796-1461BBB69123}) (Version: - Microsoft)
    Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2837C624-A972-43CF-BCE5-0AE2EFED72E3}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{538E777B-4508-4ABF-97E2-B93C1BF1CD77}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{538E777B-4508-4ABF-97E2-B93C1BF1CD77}) (Version: - Microsoft)
    Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F16E7B82-23FE-4054-AB73-EAE53965251C}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DA8548B2-D229-4643-B6E2-989B3CFEECFB}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DA8548B2-D229-4643-B6E2-989B3CFEECFB}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DA8548B2-D229-4643-B6E2-989B3CFEECFB}) (Version: - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
    VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
    Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {152A474D-C7A7-4648-808B-ED1F863831D5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {1C37A19D-57AA-4142-8594-E78B86E6033E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {359F1296-37AC-4521-B933-B7A0A31304FC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
    Task: {51BD1764-5217-4E24-9AAB-2901B20606D0} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-fye2106@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
    Task: {56BA3EDE-66CB-44B2-BBDE-A24A4E35671D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {5CBDB4B2-8699-473C-9E59-3760A568C61A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {6484686A-6454-4A7C-A965-E5537DCE15C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {801D0EAC-4218-4671-85BB-BDA3723E70D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {8F0D2732-BB1F-47B9-A17C-4209F402DBF9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
    Task: {A61AFE3A-3EC4-404D-98DA-15FEAF5C739A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27] (Google Inc.)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {BA402181-78B5-4F9C-9467-C9BEA021752B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for FYE-PC-Fye Fye-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
    Task: {BB55ACCB-DE0A-43BA-A24E-4C256ACEC565} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-03] (AVAST Software)
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {CE63E2B8-C246-471F-A34C-DF3092A8B3B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27] (Google Inc.)
    Task: {DB08778C-E63B-42DE-93CC-6D929A5A4F5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {E88F2970-956C-4273-9D1C-B6A259C34D01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {F3D33648-7F26-48F5-A29C-DF5A21C95379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {F99C1666-F174-4972-B5D3-A64DC563B240} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-10-08 19:42 - 2012-10-08 19:42 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2013-08-05 13:18 - 2013-07-27 16:48 - 00267040 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libzmq.dll
    2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2012-07-26 17:48 - 2012-07-26 17:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2014-04-03 01:27 - 2013-12-17 16:09 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13121700\algo.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-03 01:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-04-03 01:57 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-04-03 01:57 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-04-03 01:57 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-04-03 01:57 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2012-10-08 19:42 - 2012-10-08 19:42 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
    2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
    2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
    2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
    2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
    2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
    2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
    2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
    2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
    2014-04-03 01:27 - 2014-04-03 01:27 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-03-21 02:32 - 2014-03-21 02:32 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720

    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/04/2014 02:38:10 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 02:36:14 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:49:25 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:49:20 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (04/04/2014 01:48:33 AM) (Source: NvStreamSvc) (User: )
    Description: NvStreamSvcUnregistering VAD endpoint [0]

    Error: (04/04/2014 01:48:19 AM) (Source: NvStreamSvc) (User: )
    Description: NvStreamSvcNvVAD endpoint registered successfully [0]

    Error: (04/04/2014 01:46:56 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:40:51 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:27:33 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:25:40 AM) (Source: Software Protection Platform Service) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable


    System errors:
    =============
    Error: (04/04/2014 01:47:33 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
    Description: 0xc000014d0


    Microsoft Office Sessions:
    =========================
    Error: (04/04/2014 02:38:10 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 02:36:14 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:49:25 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:49:20 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (04/04/2014 01:48:33 AM) (Source: NvStreamSvc)(User: )
    Description: NvStreamSvcUnregistering VAD endpoint [0]

    Error: (04/04/2014 01:48:19 AM) (Source: NvStreamSvc)(User: )
    Description: NvStreamSvcNvVAD endpoint registered successfully [0]

    Error: (04/04/2014 01:46:56 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:40:51 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:27:33 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (04/04/2014 01:25:40 AM) (Source: Software Protection Platform Service)(User: )
    Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please uninstall this application: BitComet


    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\Run: [] - [X]
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] - [X]
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Fye\genie11_setup_b128.exe
    C:\Users\Fye\AppData\Local\Temp\NOSEventMessages.dll
    C:\Users\Fye\AppData\Local\Temp\Quarantine.exe
    Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.6.0 - Ask.com) <==== ATTENTION
    Task: {152A474D-C7A7-4648-808B-ED1F863831D5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    CMD: ipconfig /flushdns
    Reboot:
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please post Fixlog.txt
    Also, tell me how the computer is at the moment.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Apr 2014
    Posts
    8

    Post

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by Fye at 2014-04-05 16:27:03 Run:1
    Running from C:\Users\Fye\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    HKU\S-1-5-21-1030194540-516387514-213074493-1002\...\Run: [] - [X]
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] - [X]
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Fye\genie11_setup_b128.exe
    C:\Users\Fye\AppData\Local\Temp\NOSEventMessages.dll
    C:\Users\Fye\AppData\Local\Temp\Quarantine.exe
    Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.6.0 - Ask.com) <==== ATTENTION
    Task: {152A474D-C7A7-4648-808B-ED1F863831D5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    CMD: ipconfig /flushdns
    Reboot:
    end
    *****************

    HKU\S-1-5-21-1030194540-516387514-213074493-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKU\S-1-5-21-1030194540-516387514-213074493-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
    HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    C:\Users\Fye\genie11_setup_b128.exe => Moved successfully.
    C:\Users\Fye\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
    C:\Users\Fye\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{152A474D-C7A7-4648-808B-ED1F863831D5} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{152A474D-C7A7-4648-808B-ED1F863831D5} => Key deleted successfully.
    C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
    C:\Windows => ":nlsPreferences" ADS removed successfully.
    C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog ====


    At the moment, everything seems stable. Really appreciate your help Juliet and thank you again.

  9. #9
    Junior Member
    Join Date
    Apr 2014
    Posts
    8

    Default

    Hi Juliet,

    Im still getting some flickering on the screen and I realised each time open firefox it kind of seem to have completed some download but when I checked, there is nothing being download. I ran spybot, and found that Somoto is still there. Sorry if I missed any steps from your earlier instructions.

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I may not have an answer for the screen flickering, not sure this was caused by infection.
    monitor flicker (refresh rate)
    http://windows.microsoft.com/en-us/w...#1TC=windows-7


    ***********************************
    Early this morning MBAM had a program update. Let's ensure your version is up to date.

    You can download the newest version over the top of the one you have or download and install again.

    http://www.malwarebytes.org/update/

    Please get the new version and let's run another scan.

    Please download Malwarebytes Anti-Malware to your desktop
    (If uninstalling and doing a reinstall the link is below)
    http://www.bleepingcomputer.com/down...-anti-malware/
    Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits




    Go back to the Dashboard and select Scan Now





    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.






    On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop
    Attach/Post that log

    **********************************
    I am not sure if this tool can search on a Windows 8 machine, let's give it a try. I'll be listing two options, you can use both and we'll check to see the results.


    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :folderfind
      Somoto
      :filefind
      Somoto
      :regfind
      Somoto
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    ************************************


    Double Click FRST to launch the program
    Type the following in the edit box after "Search:".
    Somoto;SomotoBetterInstaller

    Click Search button and post the log (Search.txt) it makes to your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •