Results 1 to 5 of 5
  1. #1
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default Avast/Firefox v28/Skype : URL:Mal

    Hello,

    I am not sure if I am okay or not but since Sunday night when Firefox updated itself to version 28 I have had problems with it, and also with Skype linking with it. After FF updated, I found the Mozilla Maintenance Service sitting on my PC, and I uninstalled it from Programs and Features and changed my settings to not stealth-update anymore. Anyway the next night I logged into Skype, initiated a video call, and it tried to launch about 16 separate FF windows as though it was trying to launch something. It didn't as I got an error message which said something to do with too many Active X things going on at once and got rid of all of those windows. I also got a couple of Malwarebytes blocks originating through Skype but I didn't think much of it as that does tend to happen as it is p2p. The next day I did the same, and I started getting a couple of Avast block popup messages to different places naming the same infection: URL:Mal. I caught three blocks from Avast last night of this type and one originated through Skype and the other two through Firefox. Since then I haven't used it to do much but have reverted back to IE. It also happens just after a cold boot as well, if I restart my pc for any reason nothing happens.

    I have done the required three scans and would like someone to be able to say if something did get into my machine or not... I may be slightly paranoid but I want to be safe, too...

    Many thanks in advance!


    MBAM:

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 08/04/2014
    Scan Time: 22:12:00
    Logfile: mbam0904.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.04.08.06
    Rootkit Database: v2014.03.27.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Administrator

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 421711
    Time Elapsed: 2 hr, 7 min, 58 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    SAS:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 04/09/2014 at 03:31 PM

    Application Version : 5.7.1018

    Core Rules Database Version : 11154
    Trace Rules Database Version: 8966

    Scan type : Complete Scan
    Total Scan Time : 00:25:44

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 433
    Memory threats detected : 0
    Registry items scanned : 66652
    Registry threats detected : 0
    File items scanned : 59647
    File threats detected : 4

    Adware.Tracking Cookie
    .doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


    HJT:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 19:45:49, on 09/04/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16521)

    FIREFOX: 28.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Users\ADMINI~1\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Pandaria\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Computer Hardware - Scan.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Computer Hardware - Scan.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello Karimoo,

    URL:Mal means that the domain the URL is pointing to (the Object) has been blacklisted by Avast as potentially unsafe.

    Lets take a look closer too.

    Please download Farbar Recovery Scan Tool and save it to your desktop
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. The "64" Bit Version for you.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    Thanks
    Joe
    Last edited by zep516; 04-09-2014 at 10:29 PM.

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default

    Hi Joe,

    Here are the requested scans.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
    Ran by Administrator (administrator) on MININT-BE8TO5P on 10-04-2014 16:04:59
    Running from C:\Users\Administrator\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
    HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
    HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-08] (AVAST Software)
    HKU\S-1-5-21-4217681448-743748923-3104029567-500\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Computer Hardware - Scan.co.uk
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Computer Hardware - Scan.co.uk
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8pzj9s9k.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-02]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-17]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-17]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-17]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-17]
    CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-09]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-17]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-08]

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-08] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-08] (AVAST Software)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
    R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)

    ==================== Drivers (Whitelisted) ====================

    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-08] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-08] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-08] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-08] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-08] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-08] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-08] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-08] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-08] ()
    R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [71792 2010-06-25] (Atheros Communications, Inc.)
    R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-10] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-10 16:04 - 2014-04-10 16:05 - 00012113 _____ () C:\Users\Administrator\Desktop\FRST.txt
    2014-04-10 16:04 - 2014-04-10 16:04 - 00000000 ____D () C:\FRST
    2014-04-10 16:03 - 2014-04-10 16:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2014-04-09 19:57 - 2014-04-09 19:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{384611F8-35E5-49D3-858E-0767DD28760B}
    2014-04-09 19:22 - 2014-04-09 21:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-09 19:22 - 2014-04-09 19:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-04-09 19:22 - 2014-04-09 19:22 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-04-09 15:05 - 2014-04-10 16:02 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-09 15:05 - 2014-04-09 15:05 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-04-09 15:05 - 2014-04-09 15:05 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bc982faa-4f62-49db-8161-0dc30c47007c.job
    2014-04-09 15:05 - 2014-04-09 15:05 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5e005465-08d8-4a53-8fef-875b414ffe9c.job
    2014-04-09 15:05 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
    2014-04-09 15:04 - 2014-04-09 15:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-04-09 15:04 - 2014-04-09 15:04 - 00001814 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-04-09 15:04 - 2014-04-09 15:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-04-08 22:29 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-04-08 22:29 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-08 22:29 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-08 22:29 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-04-08 22:28 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-04-08 22:28 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-04-08 22:28 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-04-08 22:28 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-04-08 22:28 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2014-04-08 22:27 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-04-08 22:27 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-04-08 22:27 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-04-08 22:27 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2014-04-08 22:27 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2014-04-08 22:27 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-04-08 22:27 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-04-08 22:27 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-04-08 22:27 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-04-08 22:27 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-04-08 22:27 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-04-08 22:27 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-04-08 21:29 - 2014-04-08 21:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-04-08 21:28 - 2014-04-08 21:28 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
    2014-04-08 21:11 - 2014-04-08 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{36C88353-77AA-4089-A908-DB72DF23FEF9}
    2014-04-08 19:57 - 2014-04-10 16:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-08 19:57 - 2014-04-08 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-08 19:57 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-08 19:57 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-07 19:21 - 2014-04-07 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{1C2433DD-C1D9-4AED-951A-44C339F1C478}
    2014-04-05 19:49 - 2014-04-05 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-05 19:19 - 2014-04-05 19:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{3EFB6CA3-96B7-4FDB-B08B-8CE6378EC121}
    2014-04-04 19:21 - 2014-04-04 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{F60BE127-2DD0-424E-A2EF-26EDAA53527C}
    2014-03-31 22:16 - 2014-03-31 22:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{F4CF12E1-E0BE-4CAD-80C3-66F4C3C363CD}
    2014-03-30 19:09 - 2014-03-30 19:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{EF2932F8-C1D4-4EE9-B32F-D850464E3C3D}
    2014-03-27 20:29 - 2014-03-27 20:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{57E196F5-16CD-47FA-AE3F-7E07A9F908DB}
    2014-03-26 20:09 - 2014-03-26 20:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{D9EF1FB5-87B3-4489-A716-F9612220FB4F}
    2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{C411D978-2CC0-4072-BD32-1893DC695CBB}
    2014-03-24 20:15 - 2014-03-24 20:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{12C5BE31-A75C-434E-91BA-31DE68EC16B4}
    2014-03-23 20:20 - 2014-03-23 20:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{680DFDF2-604F-4FC6-ABB1-94D0C07863E7}
    2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{CD6BBB3E-75FA-4438-8B31-4D813C449108}
    2014-03-19 21:33 - 2014-03-19 21:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\RenPy
    2014-03-19 21:32 - 2014-03-19 21:33 - 00000000 ____D () C:\Other
    2014-03-18 23:19 - 2014-03-18 23:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{3FCB2126-56F8-48AA-9D8E-FDC33E5C4EF6}
    2014-03-17 16:31 - 2014-03-17 16:31 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{FAE857C3-02DB-4552-85E2-9AE966080BEB}
    2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{F82FEA0B-131A-4252-B159-6B6485B09C77}
    2014-03-15 21:03 - 2014-03-15 21:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{B515C4EE-EDBF-46A3-9D4B-1BDD7D592330}
    2014-03-14 12:05 - 2014-03-14 12:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{1990781A-4540-4E17-AA9C-E078E237A1F2}
    2014-03-13 11:05 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-13 11:05 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-13 11:05 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-13 11:05 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-13 11:05 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-13 11:05 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-13 11:05 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-13 11:05 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-13 11:05 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-13 11:05 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-13 11:05 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-13 11:05 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-13 11:05 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-13 11:05 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-13 11:05 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-13 11:05 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-13 11:05 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-13 11:05 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-13 11:05 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-13 11:05 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-13 11:05 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-13 11:05 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-13 11:05 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-13 11:05 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-13 11:05 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-13 11:05 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-13 11:05 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-13 11:05 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-13 11:05 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-13 11:05 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-13 11:05 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-13 11:05 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-13 11:05 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-13 11:05 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-13 11:05 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-13 11:05 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-13 11:05 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-13 11:05 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-03-13 11:05 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-13 11:05 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-13 11:05 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-13 11:05 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-03-13 11:05 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2014-03-13 11:05 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2014-03-13 11:05 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-03-13 11:05 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-03-12 12:00 - 2014-03-12 12:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{EAC378D8-55B9-4FEF-83C0-EB0BD67EA4F3}
    2014-03-11 18:51 - 2014-04-06 20:57 - 00005953 _____ () C:\Users\Administrator\Desktop\stats.txt
    2014-03-11 11:45 - 2014-03-11 11:45 - 00001353 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
    2014-03-11 11:45 - 2014-03-11 11:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
    2014-03-11 11:45 - 2014-03-11 11:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
    2014-03-11 11:45 - 2014-02-05 10:31 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2014-03-11 11:45 - 2014-02-05 10:30 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2014-03-11 11:44 - 2014-03-11 11:44 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
    2014-03-11 11:44 - 2014-03-04 12:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2014-03-11 11:42 - 2014-03-04 15:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2014-03-11 11:42 - 2014-03-04 15:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2014-03-11 11:42 - 2014-03-04 15:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2014-03-11 11:42 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2014-03-11 11:42 - 2013-12-27 19:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2014-03-11 11:42 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2014-03-11 11:42 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2014-03-11 11:42 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2014-03-11 11:42 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2014-03-11 11:41 - 2014-03-11 11:41 - 00000000 ____D () C:\NVIDIA
    2014-03-11 11:23 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-03-11 11:23 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-03-11 11:23 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-03-11 11:23 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-03-11 11:23 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-03-11 11:23 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-03-11 11:23 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-03-11 11:23 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-03-11 11:23 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-03-11 11:23 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-03-11 11:23 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-03-11 11:23 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-03-11 11:23 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-03-11 11:23 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-03-11 11:23 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-03-11 11:23 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-03-11 11:21 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-03-11 11:21 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-03-11 10:39 - 2014-03-11 10:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{1C92067C-D480-4EC8-93A8-C705B1BDA2B1}

    ==================== One Month Modified Files and Folders =======

    2014-04-10 16:05 - 2014-04-10 16:04 - 00012113 _____ () C:\Users\Administrator\Desktop\FRST.txt
    2014-04-10 16:05 - 2012-05-18 16:59 - 01326709 _____ () C:\Windows\WindowsUpdate.log
    2014-04-10 16:04 - 2014-04-10 16:04 - 00000000 ____D () C:\FRST
    2014-04-10 16:03 - 2014-04-10 16:03 - 02157056 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2014-04-10 16:03 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-10 16:03 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-10 16:02 - 2014-04-09 15:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-10 16:02 - 2014-04-08 19:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-10 16:02 - 2012-07-11 18:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-04-10 16:00 - 2012-06-01 18:39 - 00059609 _____ () C:\Windows\setupact.log
    2014-04-10 16:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-10 15:59 - 2012-05-18 17:52 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-04-09 21:54 - 2012-06-05 20:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
    2014-04-09 21:27 - 2014-04-09 19:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-09 21:19 - 2012-06-24 10:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-04-09 20:11 - 2012-11-29 21:14 - 00000859 _____ () C:\Users\Administrator\mudlet-data
    2014-04-09 19:58 - 2014-04-09 19:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{384611F8-35E5-49D3-858E-0767DD28760B}
    2014-04-09 19:45 - 2012-08-31 16:55 - 00000000 ____D () C:\Pandaria
    2014-04-09 19:23 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-09 19:22 - 2014-04-09 19:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-04-09 19:22 - 2014-04-09 19:22 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-04-09 19:17 - 2010-11-21 04:47 - 00282398 _____ () C:\Windows\PFRO.log
    2014-04-09 15:05 - 2014-04-09 15:05 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-04-09 15:05 - 2014-04-09 15:05 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bc982faa-4f62-49db-8161-0dc30c47007c.job
    2014-04-09 15:05 - 2014-04-09 15:05 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5e005465-08d8-4a53-8fef-875b414ffe9c.job
    2014-04-09 15:05 - 2014-04-09 15:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
    2014-04-09 15:05 - 2014-04-09 15:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-04-09 15:05 - 2013-03-17 20:48 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-04-09 15:04 - 2014-04-09 15:04 - 00001814 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-04-09 15:04 - 2014-04-09 15:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-04-08 22:41 - 2013-07-13 23:15 - 00000000 ____D () C:\Windows\system32\MRT
    2014-04-08 22:41 - 2012-05-18 17:28 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-04-08 22:04 - 2012-11-17 20:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
    2014-04-08 22:02 - 2012-06-24 10:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-04-08 22:02 - 2012-05-18 18:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-04-08 22:02 - 2012-05-18 18:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-08 21:30 - 2012-06-02 17:26 - 00001978 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
    2014-04-08 21:29 - 2014-04-08 21:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-04-08 21:29 - 2014-01-13 19:58 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-04-08 21:29 - 2013-03-17 20:47 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-04-08 21:29 - 2013-03-17 20:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-04-08 21:29 - 2012-06-02 17:26 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-04-08 21:29 - 2012-06-02 17:26 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-04-08 21:29 - 2012-06-02 17:26 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-04-08 21:29 - 2012-06-02 17:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-04-08 21:29 - 2012-06-02 17:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-04-08 21:28 - 2014-04-08 21:28 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
    2014-04-08 21:28 - 2012-06-02 17:26 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2014-04-08 21:11 - 2014-04-08 21:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{36C88353-77AA-4089-A908-DB72DF23FEF9}
    2014-04-08 19:57 - 2014-04-08 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-08 19:57 - 2012-06-03 16:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-08 19:57 - 2012-06-03 16:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2014-04-08 19:57 - 2012-06-03 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-08 19:57 - 2012-06-03 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-04-07 22:22 - 2012-06-03 16:18 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-04-07 19:21 - 2014-04-07 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{1C2433DD-C1D9-4AED-951A-44C339F1C478}
    2014-04-06 20:57 - 2014-03-11 18:51 - 00005953 _____ () C:\Users\Administrator\Desktop\stats.txt
    2014-04-05 19:49 - 2014-04-05 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-05 19:19 - 2014-04-05 19:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{3EFB6CA3-96B7-4FDB-B08B-8CE6378EC121}
    2014-04-04 19:21 - 2014-04-04 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{F60BE127-2DD0-424E-A2EF-26EDAA53527C}
    2014-04-03 09:51 - 2014-04-08 19:57 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-03 09:51 - 2014-04-08 19:57 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-03 09:50 - 2012-06-03 16:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-03-31 22:16 - 2014-03-31 22:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{F4CF12E1-E0BE-4CAD-80C3-66F4C3C363CD}
    2014-03-31 02:16 - 2014-04-08 22:29 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-31 02:13 - 2014-04-08 22:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-31 01:13 - 2014-04-08 22:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-31 00:57 - 2014-04-08 22:29 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-30 19:10 - 2014-03-30 19:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{EF2932F8-C1D4-4EE9-B32F-D850464E3C3D}
    2014-03-27 20:29 - 2014-03-27 20:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{57E196F5-16CD-47FA-AE3F-7E07A9F908DB}
    2014-03-26 20:09 - 2014-03-26 20:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{D9EF1FB5-87B3-4489-A716-F9612220FB4F}
    2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{C411D978-2CC0-4072-BD32-1893DC695CBB}
    2014-03-25 21:41 - 2012-06-05 21:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
    2014-03-24 20:15 - 2014-03-24 20:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{12C5BE31-A75C-434E-91BA-31DE68EC16B4}
    2014-03-23 20:20 - 2014-03-23 20:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{680DFDF2-604F-4FC6-ABB1-94D0C07863E7}
    2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{CD6BBB3E-75FA-4438-8B31-4D813C449108}
    2014-03-19 21:33 - 2014-03-19 21:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\RenPy
    2014-03-19 21:33 - 2014-03-19 21:32 - 00000000 ____D () C:\Other
    2014-03-19 21:33 - 2012-10-14 11:03 - 00000000 ____D () C:\books
    2014-03-18 23:19 - 2014-03-18 23:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{3FCB2126-56F8-48AA-9D8E-FDC33E5C4EF6}
    2014-03-17 16:31 - 2014-03-17 16:31 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{FAE857C3-02DB-4552-85E2-9AE966080BEB}
    2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{F82FEA0B-131A-4252-B159-6B6485B09C77}
    2014-03-16 17:41 - 2012-05-18 17:01 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-16 17:39 - 2013-03-06 16:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
    2014-03-16 17:38 - 2012-05-18 17:57 - 00000000 ____D () C:\Users\Administrator\Documents\PassMark
    2014-03-16 17:38 - 2012-05-18 17:57 - 00000000 ____D () C:\ProgramData\Passmark
    2014-03-16 17:37 - 2012-05-18 17:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-03-16 17:36 - 2014-01-11 15:07 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
    2014-03-16 17:28 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-03-15 21:03 - 2014-03-15 21:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{B515C4EE-EDBF-46A3-9D4B-1BDD7D592330}
    2014-03-15 20:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-03-14 12:06 - 2014-03-14 12:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{1990781A-4540-4E17-AA9C-E078E237A1F2}
    2014-03-14 11:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-13 21:00 - 2009-07-14 05:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-13 20:59 - 2012-05-18 17:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-13 20:59 - 2012-05-18 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-03-12 12:00 - 2014-03-12 12:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{EAC378D8-55B9-4FEF-83C0-EB0BD67EA4F3}
    2014-03-11 11:45 - 2014-03-11 11:45 - 00001353 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
    2014-03-11 11:45 - 2014-03-11 11:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
    2014-03-11 11:45 - 2014-03-11 11:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
    2014-03-11 11:45 - 2012-05-18 17:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2014-03-11 11:45 - 2012-05-18 17:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-03-11 11:45 - 2012-05-18 17:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-03-11 11:44 - 2014-03-11 11:44 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
    2014-03-11 11:41 - 2014-03-11 11:41 - 00000000 ____D () C:\NVIDIA
    2014-03-11 10:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-03-11 10:39 - 2014-03-11 10:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\{1C92067C-D480-4EC8-93A8-C705B1BDA2B1}

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\drm_dyndata_7400009.dll
    C:\Users\Administrator\AppData\Local\Temp\ihalyurh.dll
    C:\Users\Administrator\AppData\Local\Temp\nv3DVStreaming.dll
    C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Administrator\AppData\Local\Temp\nvStereoApiI.dll
    C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
    C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Administrator\AppData\Local\Temp\uninstall.exe
    C:\Users\Administrator\AppData\Local\Temp\_isD074.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-31 18:03

    ==================== End Of Log ============================



    And this is Addition.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by Administrator at 2014-04-10 16:05:31
    Running from C:\Users\Administrator\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
    AstroPop Deluxe (HKLM-x32\...\Steam App 3340) (Version: - PopCap)
    avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2016 - Avast Software)
    Bejeweled Twist (HKLM-x32\...\Steam App 3560) (Version: - PopCap)
    Beta Access to the New Steam Community (HKLM-x32\...\Steam App 202351) (Version: - )
    Blitzkrieg Mod (HKLM-x32\...\Blitzkrieg) (Version: 4.7.0.0 - Blitzkrieg Mod Team)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
    Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - )
    Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version: - )
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
    Etron USB3.0 Host Controller (x32 Version: 0.98 - Etron Technology) Hidden
    GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
    Insaniquarium! Deluxe (HKLM-x32\...\Steam App 3320) (Version: - PopCap)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mudlet (remove only) (HKLM-x32\...\Mudletinst) (Version: - )
    Nero 9 Essentials (HKLM-x32\...\{ef5ad29e-b93b-4be2-9122-1c26e4513295}) (Version: - Nero AG)
    Nero BurnRights (x32 Version: 3.4.4.100 - Nero AG) Hidden
    Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
    Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
    Nero CoverDesigner (x32 Version: 4.4.6.100 - Nero AG) Hidden
    Nero CoverDesigner Help (x32 Version: 4.4.6.100 - Nero AG) Hidden
    Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden
    Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden
    Nero DiscSpeed (x32 Version: 4.99.5.105 - Nero AG) Hidden
    Nero DriveSpeed (x32 Version: 4.4.4.100 - Nero AG) Hidden
    Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
    Nero Express Help (x32 Version: 9.4.7.100 - Nero AG) Hidden
    Nero InfoTool (x32 Version: 5.99.5.105 - Nero AG) Hidden
    Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
    Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
    Nero StartSmart (x32 Version: 9.4.6.100 - Nero AG) Hidden
    Nero StartSmart Help (x32 Version: 9.4.6.100 - Nero AG) Hidden
    NeroExpress (x32 Version: 9.4.7.100 - Nero AG) Hidden
    neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
    NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
    NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
    NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
    Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - )
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - )
    Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
    Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
    Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
    Rocket Mania! Deluxe (HKLM-x32\...\Steam App 3440) (Version: - PopCap)
    SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Sims 3 - Nude Censor Remover (HKLM-x32\...\xSIMS_Censor_Remover_TS3) (Version: - )
    Sky Go Desktop (HKCU\...\4052778235.go.sky.com) (Version: - go.sky.com)
    Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
    The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    TL-PA251 Powerline Utility (HKLM-x32\...\{D9ABDFCE-F6EF-45B4-B23A-B46B2BED735D}) (Version: 1.0.2 - TP-LINK)
    TomTom HOME (HKLM-x32\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {2248194F-E1B0-435A-ABAE-2273377FCEBE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-08] (AVAST Software)
    Task: {5A3005AF-6DD9-4878-AAA7-03291036F01A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-08] (Adobe Systems Incorporated)
    Task: {9172308D-7F3C-4B54-889F-3DA9C4187710} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-09] (Google Inc.)
    Task: {EB0D6113-F7CC-4634-AB4A-C6C75D7C1B88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-09] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5e005465-08d8-4a53-8fef-875b414ffe9c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bc982faa-4f62-49db-8161-0dc30c47007c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-05-24 14:01 - 2012-05-11 08:46 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
    2012-05-24 14:01 - 2012-05-11 08:46 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
    2012-05-18 17:52 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-04-09 19:20 - 2014-04-09 19:20 - 02192384 _____ () C:\Program Files\AVAST Software\Avast\defs\14040902\algo.dll
    2014-04-10 16:02 - 2014-04-10 16:02 - 02193408 _____ () C:\Program Files\AVAST Software\Avast\defs\14041000\algo.dll
    2013-10-28 16:06 - 2013-10-28 16:06 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2012-05-21 14:08 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/10/2014 04:01:27 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/10/2014 03:58:42 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/09/2014 07:19:25 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/09/2014 03:10:32 PM) (Source: SignInAssistant) (User: )
    Description: StartService failed with hr = 0x8007043c

    Error: (04/09/2014 03:04:01 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/08/2014 10:37:02 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

    Error: (04/08/2014 10:17:30 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/08/2014 10:15:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

    Error: (04/08/2014 07:39:33 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/07/2014 07:11:43 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Service Host service failed to start due to the following error:
    %%1069

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Service Host service failed to start due to the following error:
    %%1069

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Service Host service failed to start due to the following error:
    %%1069

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Service Host service failed to start due to the following error:
    %%1069

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Service Host service failed to start due to the following error:
    %%1069

    Error: (04/10/2014 03:59:02 PM) (Source: Service Control Manager) (User: )
    Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


    Microsoft Office Sessions:
    =========================
    Error: (04/10/2014 04:01:27 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/10/2014 03:58:42 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/09/2014 07:19:25 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/09/2014 03:10:32 PM) (Source: SignInAssistant)(User: )
    Description: StartService failed with hr = 0x8007043c

    Error: (04/09/2014 03:04:01 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/08/2014 10:37:02 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

    Error: (04/08/2014 10:17:30 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/08/2014 10:15:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

    Error: (04/08/2014 07:39:33 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/07/2014 07:11:43 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Percentage of memory in use: 29%
    Total physical RAM: 8154.24 MB
    Available physical RAM: 5719.12 MB
    Total Pagefile: 16306.66 MB
    Available Pagefile: 13645.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OSDisk) (Fixed) (Total:465.46 GB) (Free:271.57 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AC74567D)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

    Hope this is okay!

    Many thanks, Lindsey.

  5. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello Lindsey,

    Your log is clean, and your Malwarebytes log was clean. I also see that you may have ran ESET on line scan too. So your looking ok here.

    Are you having any issues Malware related ?

    Thanks
    Joe

  6. The Following User Says Thank You to zep516 For This Useful Post:


  7. #5
    Member
    Join Date
    Mar 2010
    Posts
    21
    Points
    1

    Default

    Hey Joe,

    I did try to run ESET early on, but I couldn't get it to actually work. Said something about already having a scanner active, so I disabled my Avast shields and it still didn't work.

    I haven't had any issues since Tuesday which was the day I got all those blocks on Avast and the night before which was when Skype and FF seemed to be trying to install a plugin or something similar, without asking me to. Since then I also updated the Avast program and since then nothing's been happening..

    If I am clean and all is well, then a massive thanks to you for taking the time to help me out, when it happened it was rather scary to me to watch so thanks for making a worried person not so worried!

    Many thanks again,

    Lindsey