Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Help] Computer Infection possible Rootkit


  • This topic is locked This topic is locked
3 replies to this topic

#1 purelysam

purelysam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 10 January 2014 - 02:34 PM

Hey.. So basically I've stumbled across something god awful. It's basically eatten and corrupted my files. I first noticed this playing CS when my computer informed me that I couldn't play public servers due to my files. Then Everything started crashing and closing. I ran an malware bytes scan that came up clean, but the malwarebytes rootkit scanner wouldn't download due to corruption? I want to know whether a format is the only way to go or if I can save my system. I am suspecting a rootkit.

Any help would be much appreciated.

Cheers

Sam

Here are my processes:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by Sam (administrator) on SAM-PC on 11-01-2014 05:21:52
Running from C:\Users\Sam\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\Sam\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Electronic Arts) D:\Origin\Origin.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-09] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-07] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442200 2013-10-17] (Razer Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-08] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20685680 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Sam\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-19] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-19] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKCU\...\Run: [uTorrent] - C:\Users\Sam\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2013-10-22] (BitTorrent Inc.)
HKCU\...\Run: [EADM] - D:\Origin\Origin.exe [3551576 2013-11-23] (Electronic Arts)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-11-13] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {11111111-1111-1111-1111-110411151154} -  No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\e1358dsb.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Flash Video Downloader - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\e1358dsb.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: Adblock Plus - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\e1358dsb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-13] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-10] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [117464 2014-01-11] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-10-14] (Razer Inc)
R0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [340520 2008-10-31] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2008-10-31] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2008-10-31] (Silicon Image, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-11 05:21 - 2014-01-11 05:21 - 00015236 _____ C:\Users\Sam\Desktop\FRST.txt
2014-01-11 05:21 - 2014-01-11 05:21 - 00000000 ____D C:\FRST
2014-01-11 05:19 - 2014-01-11 05:19 - 01932166 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
2014-01-11 05:07 - 2014-01-11 05:07 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-11 05:07 - 2014-01-11 05:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-11 05:06 - 2014-01-11 05:08 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-11 05:06 - 2014-01-11 05:06 - 00000000 ____D C:\Users\Sam\Desktop\mbar
2014-01-11 03:47 - 2014-01-11 03:48 - 00000000 ____D C:\AdwCleaner
2014-01-11 03:42 - 2014-01-11 03:42 - 01233962 _____ C:\Users\Sam\Desktop\AdwCleaner.exe
2014-01-10 23:40 - 2014-01-11 00:06 - 00001011 _____ C:\Users\UpdatusUser\Desktop\SpeedFan.lnk
2014-01-10 23:40 - 2014-01-11 00:06 - 00001011 _____ C:\Users\Sam\Desktop\SpeedFan.lnk
2014-01-10 23:40 - 2014-01-11 00:06 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2014-01-10 23:40 - 2014-01-11 00:06 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-10 23:40 - 2014-01-10 23:40 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-01-10 23:37 - 2014-01-10 23:38 - 02143832 _____ C:\Users\Sam\Desktop\instsf449.exe
2014-01-09 21:50 - 2014-01-09 21:53 - 00002462 _____ C:\Users\Sam\Desktop\Rkill.txt
2014-01-09 21:49 - 2014-01-09 21:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sam\Desktop\rkill.exe
2014-01-09 21:31 - 2014-01-09 21:31 - 00032713 _____ C:\ComboFix.txt
2014-01-09 21:26 - 2011-06-26 16:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-09 21:26 - 2010-11-08 03:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-09 21:26 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-09 21:26 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-09 21:26 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-09 21:26 - 2000-08-31 10:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-09 21:26 - 2000-08-31 10:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-09 21:26 - 2000-08-31 10:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-09 21:24 - 2014-01-09 21:31 - 00000000 ____D C:\Qoobox
2014-01-09 21:24 - 2014-01-09 21:30 - 00000000 ____D C:\Windows\erdnt
2014-01-09 21:22 - 2014-01-09 21:23 - 05162489 ____R (Swearware) C:\Users\Sam\Desktop\ComboFix.exe
2014-01-09 15:49 - 2014-01-09 15:49 - 00292664 _____ C:\Windows\Minidump\010914-7269-01.dmp
2014-01-09 15:45 - 2014-01-09 15:45 - 00292680 _____ C:\Windows\Minidump\010914-5850-01.dmp
2014-01-09 13:49 - 2014-01-09 15:49 - 00000000 ____D C:\Windows\Minidump
2014-01-07 19:28 - 2014-01-07 19:33 - 00000000 ____D C:\Users\Sam\Desktop\NINJA (2009) 720p BRRip x264 [Dual-Audio] [Hindi-Eng] By Mafiaking TeamTNT Exclusive
2014-01-07 19:26 - 2014-01-09 13:58 - 00000000 ____D C:\Users\Sam\Desktop\Ninja.Shadow.of.A.Tear.2013.HDRip.XviD-AQOS
2014-01-07 19:21 - 2014-01-09 13:58 - 00000000 ____D C:\Users\Sam\Desktop\Jackass Presents Bad Grandpa (2013) DVDRip XviD-MAXSPEED
2014-01-07 03:55 - 2014-01-07 04:06 - 00000000 ____D C:\Users\Sam\Desktop\The Crow (1994)
2014-01-06 18:10 - 2014-01-06 18:10 - 00000000 ____D C:\Users\Sam\Documents\Square Enix
2014-01-05 23:47 - 2014-01-06 01:01 - 1446138378 ____R C:\Users\Sam\Desktop\Xrumer 7.0.12 Elite and Hrefer 3.8 RUSSIAN WINDOWS.rar
2014-01-05 02:50 - 2014-01-05 03:09 - 00000000 ____D C:\Users\Sam\Desktop\The.Art.of.Getting.By.2011.LIMITED.DVDRip.XviD-AMIABLE
2014-01-05 02:41 - 2014-01-05 02:50 - 00000000 ____D C:\Users\Sam\Desktop\High.School.2010.LIMITED.DVDRip.XviD-DEPRiVED
2014-01-05 01:58 - 2014-01-05 02:27 - 00000000 ____D C:\Users\Sam\Desktop\Rush (2013)
2014-01-04 04:11 - 2014-01-04 21:03 - 00000090 _____ C:\Users\Sam\Desktop\passwords.txt
2013-12-31 15:56 - 2014-01-05 17:00 - 00000000 ____D C:\Users\Sam\AppData\Roaming\tor
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2013-12-28 19:14 - 2013-12-29 23:27 - 00034874 _____ C:\Windows\DirectX.log
2013-12-23 02:14 - 2013-12-23 02:14 - 00061440 _____ (Gary's Hood) C:\Users\Sam\Desktop\rsclient.exe
2013-12-23 00:39 - 2013-12-23 00:41 - 26807670 _____ C:\Users\Sam\Desktop\lb2785636532.avi
2013-12-20 20:08 - 2013-12-20 20:08 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-20 20:07 - 2013-12-16 12:51 - 232806732 _____ C:\Users\Sam\Desktop\ps4573564271.avi
2013-12-20 17:21 - 2013-12-20 17:55 - 206789642 _____ C:\Users\Sam\Desktop\ps4573564271.rar
2013-12-20 17:21 - 2013-12-20 17:24 - 67936488 _____ C:\Users\Sam\Desktop\cv739252.avi
2013-12-18 23:17 - 2013-12-18 23:35 - 00000000 ____D C:\Users\Sam\Desktop\State of Emergency (2010)
2013-12-18 00:03 - 2013-12-18 00:05 - 00000000 ____D C:\Users\Sam\Desktop\The Crazy Ones S01E01 HDTV x264-2HD[ettv]
2013-12-17 16:25 - 2013-12-17 16:33 - 114932002 _____ C:\Users\Sam\Desktop\ip0476574456.avi
2013-12-17 16:25 - 2013-12-17 16:28 - 16225904 _____ C:\Users\Sam\Desktop\ba9784356436.avi
2013-12-17 15:25 - 2014-01-09 21:37 - 00040686 _____ C:\Windows\PFRO.log
2013-12-17 15:25 - 2013-12-17 15:25 - 05080608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-17 11:54 - 2013-12-17 11:55 - 09921150 _____ C:\Users\Sam\Desktop\mov.avi
2013-12-17 11:45 - 2013-12-17 11:48 - 00000000 ____D C:\Users\Sam\Desktop\New folder
2013-12-16 01:00 - 2014-01-11 03:49 - 00001848 _____ C:\Windows\setupact.log
2013-12-16 01:00 - 2013-12-16 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 21:15 - 2013-12-15 21:15 - 00114424 _____ C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-15 21:12 - 2013-12-15 21:15 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-15 21:12 - 2013-12-15 21:12 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-15 21:12 - 2013-12-15 21:12 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 21:11 - 2013-12-15 21:11 - 04618136 _____ (Piriform Ltd) C:\Users\Sam\Desktop\ccsetup408.exe
2013-12-15 20:42 - 2013-11-16 08:20 - 00000000 ____D C:\Users\Sam\Desktop\Tor Browser
2013-12-15 15:15 - 2013-12-15 15:30 - 00000000 ____D C:\Users\Sam\Desktop\[ www.Torrenting.com ] - The.Comedy.Central.Roast.of.Donald.Trump.HDTV.XviD-FQM

==================== One Month Modified Files and Folders =======

2014-01-11 05:21 - 2014-01-11 05:21 - 00015236 _____ C:\Users\Sam\Desktop\FRST.txt
2014-01-11 05:21 - 2014-01-11 05:21 - 00000000 ____D C:\FRST
2014-01-11 05:21 - 2013-11-13 15:17 - 00000000 ____D C:\Users\Sam\AppData\Local\PMB Files
2014-01-11 05:21 - 2013-09-19 21:52 - 00000000 ____D C:\Users\Sam\AppData\Roaming\uTorrent
2014-01-11 05:19 - 2014-01-11 05:19 - 01932166 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
2014-01-11 05:08 - 2014-01-11 05:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-11 05:07 - 2014-01-11 05:07 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-11 05:07 - 2014-01-11 05:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-11 05:06 - 2014-01-11 05:06 - 00000000 ____D C:\Users\Sam\Desktop\mbar
2014-01-11 05:03 - 2013-09-18 17:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 04:49 - 2013-09-18 16:51 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Skype
2014-01-11 04:07 - 2013-09-18 14:16 - 01556157 _____ C:\Windows\WindowsUpdate.log
2014-01-11 03:55 - 2009-07-14 15:13 - 00791570 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 03:55 - 2009-07-14 14:45 - 00010480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 03:55 - 2009-07-14 14:45 - 00010480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 03:51 - 2013-09-27 15:35 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Spotify
2014-01-11 03:50 - 2013-09-19 20:14 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2014-01-11 03:49 - 2013-12-16 01:00 - 00001848 _____ C:\Windows\setupact.log
2014-01-11 03:49 - 2013-09-18 16:44 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-11 03:49 - 2013-09-18 16:32 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-11 03:49 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 03:48 - 2014-01-11 03:47 - 00000000 ____D C:\AdwCleaner
2014-01-11 03:42 - 2014-01-11 03:42 - 01233962 _____ C:\Users\Sam\Desktop\AdwCleaner.exe
2014-01-11 00:06 - 2014-01-10 23:40 - 00001011 _____ C:\Users\UpdatusUser\Desktop\SpeedFan.lnk
2014-01-11 00:06 - 2014-01-10 23:40 - 00001011 _____ C:\Users\Sam\Desktop\SpeedFan.lnk
2014-01-11 00:06 - 2014-01-10 23:40 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2014-01-11 00:06 - 2014-01-10 23:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-10 23:40 - 2014-01-10 23:40 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-01-10 23:38 - 2014-01-10 23:37 - 02143832 _____ C:\Users\Sam\Desktop\instsf449.exe
2014-01-09 21:53 - 2014-01-09 21:50 - 00002462 _____ C:\Users\Sam\Desktop\Rkill.txt
2014-01-09 21:50 - 2013-09-19 22:05 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-01-09 21:49 - 2014-01-09 21:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sam\Desktop\rkill.exe
2014-01-09 21:37 - 2013-12-17 15:25 - 00040686 _____ C:\Windows\PFRO.log
2014-01-09 21:31 - 2014-01-09 21:31 - 00032713 _____ C:\ComboFix.txt
2014-01-09 21:31 - 2014-01-09 21:24 - 00000000 ____D C:\Qoobox
2014-01-09 21:30 - 2014-01-09 21:24 - 00000000 ____D C:\Windows\erdnt
2014-01-09 21:30 - 2009-07-14 12:34 - 00000215 _____ C:\Windows\system.ini
2014-01-09 21:23 - 2014-01-09 21:22 - 05162489 ____R (Swearware) C:\Users\Sam\Desktop\ComboFix.exe
2014-01-09 15:49 - 2014-01-09 15:49 - 00292664 _____ C:\Windows\Minidump\010914-7269-01.dmp
2014-01-09 15:49 - 2014-01-09 13:49 - 00000000 ____D C:\Windows\Minidump
2014-01-09 15:45 - 2014-01-09 15:45 - 00292680 _____ C:\Windows\Minidump\010914-5850-01.dmp
2014-01-09 13:59 - 2013-09-18 14:15 - 00000000 ____D C:\Users\Sam
2014-01-09 13:58 - 2014-01-07 19:26 - 00000000 ____D C:\Users\Sam\Desktop\Ninja.Shadow.of.A.Tear.2013.HDRip.XviD-AQOS
2014-01-09 13:58 - 2014-01-07 19:21 - 00000000 ____D C:\Users\Sam\Desktop\Jackass Presents Bad Grandpa (2013) DVDRip XviD-MAXSPEED
2014-01-09 13:58 - 2013-11-20 11:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2014-01-09 13:58 - 2013-11-13 15:17 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-09 13:58 - 2013-11-13 11:18 - 00000000 ____D C:\Users\Sam\AppData\Local\NVIDIA
2014-01-09 13:58 - 2013-11-13 11:16 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-09 13:58 - 2013-11-13 11:16 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-09 13:58 - 2013-11-13 11:16 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-01-09 13:58 - 2013-09-19 20:14 - 00000000 ____D C:\Windows\AutoKMS
2014-01-09 13:58 - 2013-09-19 19:51 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-09 13:58 - 2013-09-18 16:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-09 13:58 - 2013-09-18 16:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-09 13:58 - 2013-09-18 16:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-09 13:58 - 2013-09-18 16:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-09 13:58 - 2013-09-18 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2014-01-09 13:58 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2014-01-09 13:58 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2014-01-09 13:58 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-09 13:58 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-09 13:57 - 2013-09-19 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-09 13:49 - 2013-09-19 08:08 - 00000000 ____D C:\Windows\Panther
2014-01-09 01:55 - 2013-09-19 19:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-08 17:09 - 2013-11-13 11:19 - 00000000 ____D C:\Users\Sam\AppData\Local\NVIDIA Corporation
2014-01-07 19:33 - 2014-01-07 19:28 - 00000000 ____D C:\Users\Sam\Desktop\NINJA (2009) 720p BRRip x264 [Dual-Audio] [Hindi-Eng] By Mafiaking TeamTNT Exclusive
2014-01-07 04:06 - 2014-01-07 03:55 - 00000000 ____D C:\Users\Sam\Desktop\The Crow (1994)
2014-01-06 18:10 - 2014-01-06 18:10 - 00000000 ____D C:\Users\Sam\Documents\Square Enix
2014-01-06 01:01 - 2014-01-05 23:47 - 1446138378 ____R C:\Users\Sam\Desktop\Xrumer 7.0.12 Elite and Hrefer 3.8 RUSSIAN WINDOWS.rar
2014-01-05 17:00 - 2013-12-31 15:56 - 00000000 ____D C:\Users\Sam\AppData\Roaming\tor
2014-01-05 03:09 - 2014-01-05 02:50 - 00000000 ____D C:\Users\Sam\Desktop\The.Art.of.Getting.By.2011.LIMITED.DVDRip.XviD-AMIABLE
2014-01-05 02:50 - 2014-01-05 02:41 - 00000000 ____D C:\Users\Sam\Desktop\High.School.2010.LIMITED.DVDRip.XviD-DEPRiVED
2014-01-05 02:27 - 2014-01-05 01:58 - 00000000 ____D C:\Users\Sam\Desktop\Rush (2013)
2014-01-04 21:03 - 2014-01-04 04:11 - 00000090 _____ C:\Users\Sam\Desktop\passwords.txt
2013-12-31 15:55 - 2013-09-27 15:36 - 00000000 ____D C:\Users\Sam\AppData\Local\Spotify
2013-12-29 23:28 - 2013-09-20 07:33 - 00000000 ____D C:\Users\Sam\Documents\My Games
2013-12-29 23:27 - 2013-12-28 19:14 - 00034874 _____ C:\Windows\DirectX.log
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2013-12-23 02:14 - 2013-12-23 02:14 - 00061440 _____ (Gary's Hood) C:\Users\Sam\Desktop\rsclient.exe
2013-12-23 00:41 - 2013-12-23 00:39 - 26807670 _____ C:\Users\Sam\Desktop\lb2785636532.avi
2013-12-20 20:09 - 2013-09-18 16:33 - 00000000 ____D C:\Users\Sam\AppData\Roaming\vlc
2013-12-20 20:08 - 2013-12-20 20:08 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-20 17:55 - 2013-12-20 17:21 - 206789642 _____ C:\Users\Sam\Desktop\ps4573564271.rar
2013-12-20 17:24 - 2013-12-20 17:21 - 67936488 _____ C:\Users\Sam\Desktop\cv739252.avi
2013-12-18 23:35 - 2013-12-18 23:17 - 00000000 ____D C:\Users\Sam\Desktop\State of Emergency (2010)
2013-12-18 00:05 - 2013-12-18 00:03 - 00000000 ____D C:\Users\Sam\Desktop\The Crazy Ones S01E01 HDTV x264-2HD[ettv]
2013-12-17 16:33 - 2013-12-17 16:25 - 114932002 _____ C:\Users\Sam\Desktop\ip0476574456.avi
2013-12-17 16:28 - 2013-12-17 16:25 - 16225904 _____ C:\Users\Sam\Desktop\ba9784356436.avi
2013-12-17 15:25 - 2013-12-17 15:25 - 05080608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-17 15:25 - 2013-09-18 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-17 11:55 - 2013-12-17 11:54 - 09921150 _____ C:\Users\Sam\Desktop\mov.avi
2013-12-17 11:48 - 2013-12-17 11:45 - 00000000 ____D C:\Users\Sam\Desktop\New folder
2013-12-16 12:51 - 2013-12-20 20:07 - 232806732 _____ C:\Users\Sam\Desktop\ps4573564271.avi
2013-12-16 01:00 - 2013-12-16 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 21:44 - 2013-10-11 02:34 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2013-12-15 21:15 - 2013-12-15 21:15 - 00114424 _____ C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-15 21:15 - 2013-12-15 21:12 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-15 21:14 - 2013-10-10 02:53 - 00000000 ____D C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite
2013-12-15 21:14 - 2013-09-30 00:08 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Media Player Classic
2013-12-15 21:12 - 2013-12-15 21:12 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-15 21:12 - 2013-12-15 21:12 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 21:11 - 2013-12-15 21:11 - 04618136 _____ (Piriform Ltd) C:\Users\Sam\Desktop\ccsetup408.exe
2013-12-15 15:30 - 2013-12-15 15:15 - 00000000 ____D C:\Users\Sam\Desktop\[ www.Torrenting.com ] - The.Comedy.Central.Roast.of.Donald.Trump.HDTV.XviD-FQM
2013-12-12 22:49 - 2013-11-16 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Sam\AppData\Local\Temp\Quarantine.exe
C:\Users\Sam\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Sam\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-01-09 00:14

==================== End Of Log ============================

Here's my addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014
Ran by Sam at 2014-01-11 05:22:03
Running from C:\Users\Sam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS6 (x32 Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Age of Empires II HD © Microsoft Studios version 1 (x32 Version: 1 - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Assassins Creed IV Black Flag (x32 Version: 1 - )
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Castlevania: Lords of Shadow - Ultimate Edition (x32 Version:  - MercurySteam - Climax Studios)
CCleaner (Version: 4.08 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4291 - CDBurnerXP)
Cheat Engine 6.3 (x32 Version:  - Cheat Engine)
Command and Conquer: Red Alert 3 (x32 Version:  - EA Los Angeles)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
DAEMON Tools Lite (x32 Version: 4.47.1.0337 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32 Version:  - Microsoft)
Dishonored (x32 Version: 1.0 - Bethesda Softworks)
Dota 2 (x32 Version:  - Valve)
Dust: An Elysian Tail (x32 Version:  - Humble Hearts LLC)
File Shredder 2.5 (Version:  - Pow Tools)
Flight Simulator X (x32 Version:  - )
Flight Simulator X Service Pack 1 (x32 Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (x32 Version: 9.0.0.1323 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 40 (64-bit) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Just Cause 2 (x32 Version:  - Avalanche)
K-Lite Codec Pack 10.0.5 Full (x32 Version: 10.0.5 - )
Left 4 Dead 2 (x32 Version:  - Valve)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MapleStory (x32 Version:  - )
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Metro 2033 (x32 Version:  - 4A Games)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
Nexon Game Manager (x32 Version:  - )
NVIDIA 3D Vision Controller Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)
Origin (x32 Version: 9.3.10.4710 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (x32 Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
RAD Video Tools (x32 Version:  - )
Razer Synapse 2.0 (x32 Version: 1.15.4 - Razer Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.65.1025.2012 - Realtek)
Saints Row IV (x32 Version: 1 - )
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Skype™ 6.7 (x32 Version: 6.7.102 - Skype Technologies S.A.)
Sleeping Dogs™ (x32 Version:  - United Front Games)
Sniper Ghost Warrior 2 (x32 Version:  - City Interactive)
Spec Ops: The Line (x32 Version:  - Yager)
SpeedFan (remove only) (x32 Version:  - )
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
TeamViewer 8 (x32 Version: 8.0.17292 - TeamViewer)
The Binding of Isaac (x32 Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
Tom Clancy's Splinter Cell® Blacklist™ (x32 Version: 1.01 - Ubisoft)
TumblRipper (x32 Version: 2.04 - TumblRipper)
Undelete 360 (x32 Version:  - File Recovery Ltd.)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2752078) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760257) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817309) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827228) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827235) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2810016) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2817625) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2767859) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2752097) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2825633) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2752018) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2817631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2827218) 32-Bit Edition (x32 Version:  - Microsoft)
Uplay (x32 Version: 4.0 - Ubisoft)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

08-01-2014 15:50:34 Windows Update
08-01-2014 16:04:26 Windows Update
08-01-2014 17:26:01 Windows Update
09-01-2014 03:56:32 Restore Operation
09-01-2014 06:01:30 Windows Update

==================== Hosts content: ==========================

2009-07-14 12:34 - 2014-01-09 21:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {090D5DD3-1A78-467D-A6BE-0C243B156071} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File
Task: {386802CB-2E9D-42C5-83C5-BFC9454075BD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {5B16A043-0DF9-4861-8FB7-BD087E92AA63} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A72872D-66F5-4994-B915-3BC42280481A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {7E656061-222F-401C-9F3B-FD3759359990} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {94514EFC-EC94-4D41-ADC7-2431A8F29015} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {96B03FBE-C7E0-4CB0-97F9-9FEF3B669371} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6628B29-71CB-4759-8D1A-D825BA5199AA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File
Task: {D3B6CA44-14EC-4316-A1A3-AD218B939049} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-09-19] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-13 06:02 - 2013-09-13 06:02 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-09 15:49 - 2013-12-13 08:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-09 15:49 - 2013-11-05 11:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-08-21 14:18 - 2013-12-13 08:04 - 00716800 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-09-06 12:55 - 2014-01-08 07:00 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-08-07 11:31 - 2013-12-13 08:04 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 09:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 09:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 09:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-17 11:23 - 2013-09-13 06:02 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-12 13:16 - 2013-11-23 19:31 - 00064000 _____ () D:\Origin\tufao.dll
2013-09-19 14:47 - 2013-04-11 15:29 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-18 16:34 - 2013-09-13 04:00 - 01231360 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-55.dll
2013-09-18 16:34 - 2013-09-13 04:00 - 07457792 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-55.dll
2013-09-18 16:34 - 2013-09-13 04:00 - 00249856 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll
2013-09-18 16:34 - 2013-09-13 04:00 - 00217600 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll
2013-09-18 16:34 - 2013-09-13 04:00 - 03502080 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
2013-09-18 16:34 - 2013-09-13 04:00 - 00386048 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
2013-09-18 16:34 - 2013-09-13 04:00 - 00212992 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-3.dll
2013-09-18 16:34 - 2013-09-13 04:00 - 00120320 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avresample-lav-1.dll
2013-11-16 12:29 - 2013-12-12 22:49 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 08:03 - 2013-12-11 08:03 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2014 01:19:57 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Spotify because of this error.

Program: Spotify
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (01/11/2014 01:19:57 AM) (Source: Application Error) (User: )
Description: Faulting application name: spotify.exe, version: 0.9.6.81, time stamp: 0x52977895
Faulting module name: spotify.exe, version: 0.9.6.81, time stamp: 0x52977895
Exception code: 0xc000001d
Fault offset: 0x00575c71
Faulting process id: 0x9c8
Faulting application start time: 0xspotify.exe0
Faulting application path: spotify.exe1
Faulting module path: spotify.exe2
Report Id: spotify.exe3

Error: (01/11/2014 01:01:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 1.70.0.0, time stamp: 0x512fc04c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000004d
Faulting process id: 0x820
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (01/11/2014 00:00:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_NlaSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: nlasvc.dll, version: 6.1.7601.17964, time stamp: 0x506c7976
Exception code: 0xc0000005
Fault offset: 0x000000000000182f
Faulting process id: 0x51c
Faulting application start time: 0xsvchost.exe_NlaSvc0
Faulting application path: svchost.exe_NlaSvc1
Faulting module path: svchost.exe_NlaSvc2
Report Id: svchost.exe_NlaSvc3

Error: (01/10/2014 11:08:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x521bba5d
Faulting module name: nvd3dum.dll, version: 9.18.13.3165, time stamp: 0x52676a41
Exception code: 0xc0000005
Fault offset: 0x000d28d6
Faulting process id: 0x1a28
Faulting application start time: 0xcsgo.exe0
Faulting application path: csgo.exe1
Faulting module path: csgo.exe2
Report Id: csgo.exe3

Error: (01/10/2014 11:02:39 PM) (Source: Application Hang) (User: )
Description: The program spotify.exe version 0.9.6.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 878

Start Time: 01cf0d31510b01b7

Termination Time: 16

Application Path: C:\Users\Sam\AppData\Roaming\Spotify\spotify.exe

Report Id:

Error: (01/09/2014 10:15:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x521bba5d
Faulting module name: scaleformui.dll, version: 0.0.0.0, time stamp: 0x52b821ee
Exception code: 0xc0000005
Fault offset: 0x000af8fd
Faulting process id: 0x380
Faulting application start time: 0xcsgo.exe0
Faulting application path: csgo.exe1
Faulting module path: csgo.exe2
Report Id: csgo.exe3

Error: (01/09/2014 09:43:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x521bba5d
Faulting module name: studiorender.dll, version: 0.0.0.0, time stamp: 0x52b820a4
Exception code: 0xc0000005
Fault offset: 0x0004aa42
Faulting process id: 0xa74
Faulting application start time: 0xcsgo.exe0
Faulting application path: csgo.exe1
Faulting module path: csgo.exe2
Report Id: csgo.exe3

Error: (01/09/2014 05:22:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 26.0.0.5087, time stamp: 0x52a0d293
Faulting module name: mozalloc.dll, version: 26.0.0.5087, time stamp: 0x52a0af28
Exception code: 0x80000003
Fault offset: 0x0000119c
Faulting process id: 0x15d8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/09/2014 05:11:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x521bba5d
Faulting module name: scaleformui.dll, version: 0.0.0.0, time stamp: 0x52b821ee
Exception code: 0xc0000005
Fault offset: 0x00115ee0
Faulting process id: 0x10ac
Faulting application start time: 0xcsgo.exe0
Faulting application path: csgo.exe1
Faulting module path: csgo.exe2
Report Id: csgo.exe3


System errors:
=============
Error: (01/11/2014 03:49:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: %25

    Error Code: 0x80096010

    Error description: The digital signature of the object did not verify.

    Signature version: 1.165.1320.0;1.165.1320.0

    Engine version: %600

Error: (01/11/2014 03:49:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: %24

    Error Code: 0x8050800c

    Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

    Signature version: 1.165.1320.0;1.165.1320.0

    Engine version: %600

Error: (01/11/2014 01:19:55 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: %24

    Error Code: 0x80096010

    Error description: The digital signature of the object did not verify.

    Signature version: 1.165.1603.0;1.165.1603.0

    Engine version: %600

Error: (01/11/2014 01:19:51 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:01:38 AM on ‎11/‎01/‎2014 was unexpected.

Error: (01/11/2014 00:02:57 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056

Error: (01/11/2014 00:01:57 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error:
%%1056

Error: (01/11/2014 00:00:57 AM) (Source: Service Control Manager) (User: )
Description: The Telephony service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/11/2014 00:00:57 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (01/11/2014 00:00:57 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/11/2014 00:00:57 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/11/2014 01:19:57 AM) (Source: Application Error)(User: )
Description: Spotify000000000

Error: (01/11/2014 01:19:57 AM) (Source: Application Error)(User: )
Description: spotify.exe0.9.6.8152977895spotify.exe0.9.6.8152977895c000001d00575c719c801cf0e176989aa7dC:\Users\Sam\AppData\Roaming\Spotify\spotify.exeC:\Users\Sam\AppData\Roaming\Spotify\spotify.exea9741867-7a0a-11e3-a67a-94de80b43e27

Error: (01/11/2014 01:01:03 AM) (Source: Application Error)(User: )
Description: mbamservice.exe1.70.0.0512fc04cunknown0.0.0.000000000c00000050000004d82001cf0e0c5cec2da7C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeunknown0586a86a-7a08-11e3-ba33-94de80b43e27

Error: (01/11/2014 00:00:56 AM) (Source: Application Error)(User: )
Description: svchost.exe_NlaSvc6.1.7600.163854a5bc3c1nlasvc.dll6.1.7601.17964506c7976c0000005000000000000182f51c01cf0e0c5bd0e9e6C:\Windows\system32\svchost.exec:\windows\system32\nlasvc.dll9f9db819-79ff-11e3-ba33-94de80b43e27

Error: (01/10/2014 11:08:37 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.0521bba5dnvd3dum.dll9.18.13.316552676a41c0000005000d28d61a2801cf0e0454ffae1bC:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeC:\Windows\system32\nvd3dum.dll50a74486-79f8-11e3-96b1-94de80b43e27

Error: (01/10/2014 11:02:39 PM) (Source: Application Hang)(User: )
Description: spotify.exe0.9.6.8187801cf0d31510b01b716C:\Users\Sam\AppData\Roaming\Spotify\spotify.exe

Error: (01/09/2014 10:15:53 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.0521bba5dscaleformui.dll0.0.0.052b821eec0000005000af8fd38001cf0d326df36f5fC:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exec:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dllc85f440e-7927-11e3-96b1-94de80b43e27

Error: (01/09/2014 09:43:17 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.0521bba5dstudiorender.dll0.0.0.052b820a4c00000050004aa42a7401cf0d2f5654983aC:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exec:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll3a7afe09-7923-11e3-a98a-94de80b43e27

Error: (01/09/2014 05:22:44 PM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293mozalloc.dll26.0.0.508752a0af28800000030000119c15d801cf0d0049e5a6a8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld47cbe01-78fe-11e3-99e2-94de80b43e27

Error: (01/09/2014 05:11:10 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.0521bba5dscaleformui.dll0.0.0.052b821eec000000500115ee010ac01cf0d09de011b9fC:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exec:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll36d47ccf-78fd-11e3-99e2-94de80b43e27


CodeIntegrity Errors:
===================================
  Date: 2014-01-09 21:29:46.628
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-09 21:29:46.582
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 8137.14 MB
Available physical RAM: 4674.03 MB
Total Pagefile: 16272.46 MB
Available Pagefile: 12669.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.48 GB) (Free:25.14 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1661.81 GB) NTFS
Drive g: (AC4 Black Flag) (CDROM) (Total:23.13 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 89D4A517)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 5FA40AC1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 purelysam

purelysam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 10 January 2014 - 02:49 PM

Note rootkit scanner showed clean



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 15 January 2014 - 02:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520361 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 20 January 2014 - 02:40 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users