Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Permission Problems, Slow Performance and Start-up


  • This topic is locked This topic is locked
19 replies to this topic

#1 BobTheCow

BobTheCow

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 21 January 2014 - 07:11 PM

Ok, lets start at the beginning. I was downloading some files one day and I thought they were clean because Avast did not stop the download or warn me of anything. I went on to open the files and noticed they opened cmd and then closed. I concluded they didnt work and continued using my pc. On the next startup i immediately noticed a long 20 second black screen after welcome (Windows 7 Professional) I thought thats wierd and decided to scan my pc with Avast; it came up with a few results so i got rid of them and continued on my computer. Some minutes later a permission box opened up and went something by the name of microsoft updates and was symbolized as a cmd, mistakelingly i pressed yes and gave it admin privileges. From then on my computer has been lagging on me hardcore. Ive had my computer for half a year now and it has worked flawlessy until now...My cpu is topping at 100% and ram 50% all the time. Here are some more  symptoms and things I ve tried to do . Oh and sorry about spelling and grammar its hard to type right when there is a 2 second delay:

 

Symptoms:

  • Slow Start Up, Black Screen for about 20 seconds after welcome during login (never had this issue before)
  • Extreme Drastic Performance change over night Cpu topping all the time and super lag on most programs (seems to run very well on safe mode with netwoking but not normal safe mode)
  • When Starting certain programs I might get one of two errors:
  1. The program referred to by the shortcut cannot be accessed. You may not have the appropriate permissions.
  2. Windows cannot find (program name). Make sure you typed the name correctly and try again.
  • Every startup the pc seems to become laggier.

​Thing I've Tried

  • Clean Boot
  • Driver Verifier
  • Avast Scans, Avast Scans, and more Avast Scans
  • Safe mode 
  • Safe mode with networking (reduced a lot of lag)
  • Malwarebytes would not open so I used Malwarebytes Chameleon (Found More Corrupted files but did not solve the issue) note. malwarebytes will not  open without chameleon install
  • SuperAntiVirus
  • Looking thourgh resource monitor and task manger for malicious files (Found Really nothing but might have missed something
  • Googled a bizzilion times.
  • Found an old microsoft worm documentation that matchs most symtoms (http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FSwen.A%40mm#tab=2)

If Someone could provide any help Id be really appreciative I dont want to have to wipe my hard drive :D

 

DDS Logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Sage at 18:51:00 on 2014-01-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8153.4516 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\SysWOW64\WScript.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
C:\Windows\SysWOW64\tasklist.exe
.
============== Pseudo HJT Report ===============
.
uWinlogon: Shell = C:\Users\Sage\AppData\Roaming\reader\reader.exe,explorer.exe
uWindows: Load = C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\090dd7d5-80be-44be-8d44-218534c006fa.exe /check
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut.jar
StartupFolder: C:\Users\Sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.ini.url
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{C05E9BE8-203E-4AC5-B56E-B5C9C42ABBE1} : NameServer = 208.67.222.222,208.67.220.20
TCP: Interfaces\{C05E9BE8-203E-4AC5-B56E-B5C9C42ABBE1} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{C05E9BE8-203E-4AC5-B56E-B5C9C42ABBE1}\742716365602348657273686 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C05E9BE8-203E-4AC5-B56E-B5C9C42ABBE1}\742716365602348657273686 : DHCPNameServer = 208.67.222.123 208.67.220.123
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: avcenter.exe - euaie.exe
IFEO: avguard.exe - euaie.exe
IFEO: avp.exe - euaie.exe
IFEO: bdagent.exe - euaie.exe
IFEO: ccuac.exe - euaie.exe
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: EnnjooYCouupon: {6514BB6F-34B5-3C2A-AA7C-B7A014691428} - 
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: FunDealus: {F03DE3A8-046C-2DF3-E129-3810288D40AF} - 
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: avcenter.exe - euaie.exe
x64-IFEO: avguard.exe - euaie.exe
x64-IFEO: avp.exe - euaie.exe
x64-IFEO: bdagent.exe - euaie.exe
x64-IFEO: ccuac.exe - euaie.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-6-22 207904]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-23 19264]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-23 22680]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-22 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-22 422216]
R1 SASDIFSV;SASDIFSV;F:\STORAGE\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;F:\STORAGE\saskutil64.sys [2011-7-12 12368]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-22 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-5 50344]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-5 79672]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 debutfilter;Debut Filter Driver v6.20.01;C:\Windows\System32\drivers\debutfilterx64.sys [2013-11-10 33488]
R3 ElgatoGC658Y;Elgato Game Capture;C:\Windows\System32\drivers\ElgatoGC658.sys [2013-12-31 50288]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-23 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-23 789824]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-6-23 110744]
S2 64af91bf;Fast And Safe;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\Windows\System32\drivers\CMUSBDAC.sys [2013-10-15 386560]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-6-22 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 mirrorv3;mirrorv3;C:\Windows\System32\drivers\rminiv3.sys [2012-12-18 5632]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-6-24 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-20 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-20 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-24 1255736]
S4 !SASCORE;SAS Core Service;F:\STORAGE\SASCore64.exe [2013-10-10 144152]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-7-21 49152]
S4 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-6-23 160256]
S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-23 166720]
S4 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-9-20 18360]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-23 365376]
.
=============== Created Last 30 ================
.
2014-01-21 23:05:11 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-21 23:04:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-21 23:04:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 20:10:33 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{383D338E-3006-47A3-A14A-8C8EE12723F0}\mpengine.dll
2014-01-20 22:31:02 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-01-19 14:40:12 -------- d--h--w- C:\{$6666-4448-3690-4432-8983$}
2014-01-19 14:13:37 -------- d--h--w- C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-18 23:26:19 -------- d-----w- C:\ProgramData\SecTaskMan
2014-01-18 23:26:16 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2014-01-18 20:58:15 -------- d-----w- C:\Users\Sage\AppData\Roaming\.minecraft
2014-01-18 20:54:52 227840 --sha-r- C:\ProgramData\812477880.exe
2014-01-18 19:45:25 -------- d-----w- C:\Users\Sage\AppData\Roaming\Malwarebytes
2014-01-18 16:10:03 -------- d-----w- C:\Windows\Migration
2014-01-18 14:12:25 -------- d-----w- C:\Users\Sage\AppData\Roaming\SUPERAntiSpyware.com
2014-01-18 14:12:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-01-18 02:27:17 -------- d-----w- C:\Users\Sage\AppData\Roaming\reader
2014-01-18 02:27:12 0 ----a-w- C:\Users\Sage\13stdybt37.tmp
2014-01-18 02:27:11 -------- d-----w- C:\Users\Sage\AppData\Roaming\Windowsconfig
2014-01-18 02:18:05 -------- d-----w- C:\Users\Sage\AppData\Roaming\Oxy
2014-01-15 20:12:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 20:12:15 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 20:12:15 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 20:12:15 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 20:12:15 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 20:12:15 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 20:12:15 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 20:12:14 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 20:12:13 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-06 01:20:01 -------- d-----w- C:\Users\Sage\AppData\Roaming\AVAST Software
2014-01-06 01:18:48 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-01-05 22:26:55 -------- d-----w- C:\Program Files (x86)\OverDrive Media Console
2014-01-05 22:18:45 -------- d-----w- C:\Users\Sage\AppData\Roaming\OverDrive
2014-01-05 16:11:14 -------- d-----w- C:\Users\Sage\AppData\Roaming\skyz
2014-01-05 16:09:49 -------- d-----w- C:\Minecraft_Backup
2014-01-05 04:07:41 -------- d-----w- C:\Users\Sage\AppData\Roaming\Minecraft Skin Viewer
2014-01-05 03:30:31 -------- d-----w- C:\Users\Sage\AppData\Roaming\SYSTEMAX Software Development
2014-01-05 03:30:31 -------- d-----w- C:\ProgramData\SYSTEMAX Software Development
2013-12-31 18:09:16 50288 ----a-w- C:\Windows\System32\drivers\ElgatoGC658.sys
2013-12-31 18:09:16 -------- d-----w- C:\Program Files\Elgato
2013-12-31 18:09:03 -------- d-----w- C:\Users\Sage\AppData\Roaming\Elgato
2013-12-31 18:08:58 -------- d-----w- C:\Program Files (x86)\Elgato
2013-12-31 01:54:05 -------- d-----w- C:\Users\Sage\AppData\Local\Packages
2013-12-27 18:19:50 -------- d-----w- C:\ProgramData\Fast And Safe
2013-12-26 01:43:24 -------- d-----w- C:\ProgramData\QuickSet
2013-12-26 01:43:01 -------- d-----w- C:\Program Files (x86)\GS Supporter
2013-12-26 01:42:48 -------- d-----w- C:\ProgramData\240f6bdf6ef407ad
.
==================== Find3M  ====================
.
2014-01-06 01:18:46 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-06 01:18:46 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-06 01:18:46 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-06 01:18:46 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-06 01:18:46 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-06 01:18:45 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-11 12:19:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 12:19:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-07 18:02:19 5632 ----a-w- C:\Windows\System32\bbchlp.dll
2013-12-07 18:02:19 4608 ----a-w- C:\Windows\System32\drivers\bbcap.sys
2013-12-07 18:02:19 37376 ----a-w- C:\Windows\System32\bbcap.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-10 23:26:57 33488 ----a-w- C:\Windows\System32\drivers\debutfilterx64.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2002-04-30 21:02:14 3382235 ------w- C:\Program Files (x86)\gta3.exe
2002-04-26 20:37:00 338432 ------w- C:\Program Files (x86)\Mss32.dll
2002-04-26 20:36:44 35840 ------w- C:\Program Files (x86)\drvmgt.dll
.
============= FINISH: 18:51:12.25 ===============
 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 21 January 2014 - 08:04 PM

Hello BobTheCow,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 BobTheCow

BobTheCow
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 21 January 2014 - 08:34 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014

Ran by Sage (administrator) on SAGE-PC on 21-01-2014 20:30:23
Running from C:\Users\Sage\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-05] (AVAST Software)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\090dd7d5-80be-44be-8d44-218534c006fa.exe /check [181136 2014-01-21] (AVAST Software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Winlogon: [Shell] C:\Users\Sage\AppData\Roaming\reader\reader.exe,explorer.exe <==== ATTENTION 
HKCU\...\CurrentVersion\Windows: [Load] C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe <===== ATTENTION
MountPoints2: {dc22b420-dbea-11e2-829b-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4459520 2013-12-27] ()
IFEO\avcenter.exe: [Debugger] euaie.exe
IFEO\avguard.exe: [Debugger] euaie.exe
IFEO\avp.exe: [Debugger] euaie.exe
IFEO\bdagent.exe: [Debugger] euaie.exe
IFEO\ccuac.exe: [Debugger] euaie.exe
IFEO\ComboFix.exe: [Debugger] euaie.exe
IFEO\egui.exe: [Debugger] euaie.exe
IFEO\hijackthis.exe: [Debugger] euaie.exe
IFEO\keyscrambler.exe: [Debugger] euaie.exe
IFEO\mbam.exe: [Debugger] euaie.exe
IFEO\MpCmdRun.exe: [Debugger] euaie.exe
IFEO\MSASCui.exe: [Debugger] euaie.exe
IFEO\MsMpEng.exe: [Debugger] euaie.exe
IFEO\msseces.exe: [Debugger] euaie.exe
IFEO\spybotsd.exe: [Debugger] euaie.exe
IFEO\wireshark.exe: [Debugger] euaie.exe
IFEO\zlclient.exe: [Debugger] euaie.exe
Startup: C:\Users\Sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut.jar ()
Startup: C:\Users\Sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.ini.url ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E81B7EE806FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: EnnjooYCouupon - {6514BB6F-34B5-3C2A-AA7C-B7A014691428} - C:\ProgramData\EnnjooYCouupon\gC5YN83BE.x64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: FunDealus - {F03DE3A8-046C-2DF3-E129-3810288D40AF} - C:\ProgramData\FunDealus\tbnWpePAhB.x64.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{C05E9BE8-203E-4AC5-B56E-B5C9C42ABBE1}: [NameServer]208.67.222.222,208.67.220.20
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Sage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Sage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (YouTube) - C:\Users\Sage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Sage\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Sage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S4 !SASCORE; F:\STORAGE\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 64af91bf; C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [174416 2013-12-27] ()
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-05] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-21] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-10-23] (Overwolf Ltd)
 
==================== Drivers (Whitelisted) ====================
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-05] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-05] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-05] ()
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [33488 2013-11-10] ()
R3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-09-20] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
R1 SASDIFSV; F:\STORAGE\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; F:\STORAGE\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-21 20:30 - 2014-01-21 20:30 - 00009103 _____ C:\Users\Sage\Downloads\FRST.txt
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D C:\FRST
2014-01-21 20:24 - 2014-01-21 20:24 - 02077184 _____ (Farbar) C:\Users\Sage\Downloads\FRST64.exe
2014-01-21 20:14 - 2014-01-21 20:14 - 00000051 _____ C:\Users\Sage\Desktop\zachs house.txt
2014-01-21 18:51 - 2014-01-21 19:04 - 00013917 _____ C:\Users\Sage\Desktop\attach.txt
2014-01-21 18:51 - 2014-01-21 18:51 - 00017807 _____ C:\Users\Sage\Desktop\dds.txt
2014-01-21 18:49 - 2014-01-21 18:49 - 00688992 ____R (Swearware) C:\Users\Sage\Downloads\dds.com
2014-01-21 18:20 - 2014-01-21 18:20 - 00031422 _____ C:\Users\Sage\Desktop\forum.txt
2014-01-21 18:19 - 2014-01-21 18:19 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sage\Downloads\rkill.exe
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Users\Sage\Desktop\mbar
2014-01-21 18:16 - 2014-01-21 18:17 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Sage\Downloads\mbar-1.07.0.1008.exe
2014-01-21 18:08 - 2014-01-21 18:08 - 00987425 _____ C:\Users\Sage\Downloads\SecurityCheck (2).exe
2014-01-21 18:05 - 2014-01-21 18:05 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 18:05 - 2014-01-21 18:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 18:04 - 2014-01-21 18:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 18:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 18:03 - 2014-01-21 18:04 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-01-21 17:45 - 2014-01-21 18:13 - 00028776 _____ C:\Users\Sage\Downloads\Result.txt
2014-01-21 17:45 - 2014-01-21 17:45 - 00760063 _____ (Farbar) C:\Users\Sage\Downloads\MiniToolBox.exe
2014-01-21 17:43 - 2014-01-21 18:10 - 00002082 _____ C:\Users\Sage\Downloads\FSS.txt
2014-01-21 17:42 - 2014-01-21 17:42 - 00987425 _____ C:\Users\Sage\Downloads\SecurityCheck (1).exe
2014-01-21 17:42 - 2014-01-21 17:42 - 00361185 _____ (Farbar) C:\Users\Sage\Downloads\FSS.exe
2014-01-20 21:26 - 2014-01-20 21:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-20 19:00 - 2014-01-20 19:00 - 01440846 _____ C:\Users\Sage\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2014-01-20 18:23 - 2014-01-20 18:23 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-20 18:19 - 2014-01-20 18:19 - 00819176 _____ (Google Inc.) C:\Users\Sage\Downloads\ChromeSetup.exe
2014-01-20 18:19 - 2014-01-20 18:19 - 00000725 _____ C:\Users\Sage\AppData\Local\recently-used.xbel
2014-01-20 18:14 - 2014-01-20 18:14 - 00000000 _____ C:\Users\Sage\Downloads\ChromeSetup_exe (2).02ut7s0.partial
2014-01-20 18:14 - 2014-01-20 18:14 - 00000000 _____ C:\Users\Sage\Downloads\ChromeSetup_exe (1).3z77jk1.partial
2014-01-20 18:13 - 2014-01-20 18:13 - 00000000 _____ C:\Users\Sage\Downloads\ChromeSetup_exe.ncjblzq.partial
2014-01-20 17:30 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-20 17:30 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-20 17:30 - 2012-08-23 09:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-20 17:30 - 2012-08-23 08:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-20 17:30 - 2012-08-23 08:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-20 17:30 - 2012-08-23 08:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-20 17:30 - 2012-08-23 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-20 17:30 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-20 17:30 - 2012-08-23 08:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-20 17:30 - 2012-08-23 08:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-20 17:30 - 2012-08-23 08:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-20 17:30 - 2012-08-23 08:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-20 17:30 - 2012-08-23 07:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-20 17:30 - 2012-08-23 06:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-20 17:30 - 2012-08-23 06:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-20 17:30 - 2012-08-23 06:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-20 17:30 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-20 17:30 - 2012-08-23 05:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-20 17:30 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-20 17:30 - 2012-08-23 05:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-20 17:30 - 2012-08-23 05:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-20 17:30 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-20 17:30 - 2012-08-23 03:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-20 17:30 - 2012-08-23 03:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-19 09:40 - 2014-01-20 20:41 - 00000000 ___HD C:\{$6666-4448-3690-4432-8983$}
2014-01-19 09:35 - 2014-01-19 09:37 - 24859352 _____ (Microsoft Corporation) C:\Users\Sage\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-19 09:13 - 2014-01-21 18:20 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-19 09:12 - 2014-01-19 09:12 - 00000056 _____ C:\Users\Sage\AppData\Roaming\mbam.context.scan
2014-01-18 18:26 - 2014-01-19 09:00 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-18 18:26 - 2014-01-18 18:26 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2014-01-18 18:25 - 2014-01-18 18:25 - 02365840 _____ C:\Users\Sage\Downloads\SecurityTaskManager_Setup.exe
2014-01-18 18:02 - 2014-01-18 18:02 - 00987425 _____ C:\Users\Sage\Downloads\SecurityCheck.exe
2014-01-18 17:58 - 2014-01-18 17:58 - 00448512 _____ (OldTimer Tools) C:\Users\Sage\Downloads\TFC (1).exe
2014-01-18 17:31 - 2014-01-18 17:31 - 00448512 _____ (OldTimer Tools) C:\Users\Sage\Downloads\TFC.exe
2014-01-18 17:29 - 2014-01-21 18:20 - 00003134 _____ C:\Users\Sage\Desktop\Rkill.txt
2014-01-18 17:29 - 2014-01-21 18:20 - 00000000 ____D C:\Users\Sage\Desktop\rkill
2014-01-18 17:29 - 2014-01-18 17:29 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sage\Downloads\rkill.scr
2014-01-18 17:28 - 2014-01-18 17:28 - 00000335 _____ C:\Users\Sage\Downloads\FixExe.reg
2014-01-18 15:58 - 2014-01-21 19:53 - 00000000 ____D C:\Users\Sage\AppData\Roaming\.minecraft
2014-01-18 15:58 - 2014-01-18 15:58 - 00675988 _____ C:\Users\Sage\Desktop\Minecraft.exe
2014-01-18 15:54 - 2014-01-17 21:27 - 00227840 __RSH C:\ProgramData\812477880.exe
2014-01-18 14:48 - 2014-01-18 14:48 - 00065232 _____ (Malwarebytes) C:\Users\Sage\Downloads\regassassin-setup-1.03.exe
2014-01-18 14:45 - 2014-01-18 14:45 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Malwarebytes
2014-01-18 14:44 - 2014-01-18 14:44 - 00000000 ____D C:\Users\Sage\Downloads\mbam-chameleon-1.62.1.1000
2014-01-18 14:43 - 2014-01-18 14:43 - 01440846 _____ C:\Users\Sage\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-01-18 12:22 - 2014-01-18 12:22 - 00232248 _____ C:\Users\Sage\Downloads\CoreProtect_2.0.8 (1).jar
2014-01-18 12:17 - 2014-01-18 12:17 - 00232248 _____ C:\Users\Sage\Downloads\CoreProtect_2.0.8.jar
2014-01-18 12:14 - 2014-01-18 12:14 - 00194943 _____ C:\Users\Sage\Downloads\LogBlock.jar
2014-01-18 11:21 - 2014-01-18 11:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 11:12 - 2014-01-18 11:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\explorer.exe
2014-01-18 10:59 - 2014-01-21 16:01 - 00007604 _____ C:\Users\Sage\AppData\Local\Resmon.ResmonCfg
2014-01-18 09:12 - 2014-01-18 09:12 - 00000627 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-18 09:12 - 2014-01-18 09:12 - 00000000 ____D C:\Users\Sage\AppData\Roaming\SUPERAntiSpyware.com
2014-01-18 09:12 - 2014-01-18 09:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-18 07:40 - 2014-01-18 07:40 - 00000000 _____ C:\Users\Sage\AppData\Roaming\system.ini
2014-01-17 21:27 - 2014-01-21 18:20 - 00000000 ____D C:\Users\Sage\AppData\Roaming\reader
2014-01-17 21:27 - 2014-01-17 21:27 - 00000000 _____ C:\Users\Sage\13stdybt37.tmp
2014-01-17 21:18 - 2014-01-17 21:18 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Oxy
2014-01-17 21:12 - 2014-01-17 21:12 - 00002972 _____ C:\Windows\System32\Tasks\{E21A55EC-8048-46AF-B204-D4E79AD9B1A2}
2014-01-17 21:12 - 2014-01-17 21:12 - 00002972 _____ C:\Windows\System32\Tasks\{1BFC770E-A9FD-41FE-8750-47E4CF8D9A3E}
2014-01-17 21:11 - 2014-01-17 21:11 - 00002972 _____ C:\Windows\System32\Tasks\{F4276303-28B7-4E28-B66C-E0D2D90441CC}
2014-01-17 21:11 - 2014-01-17 21:11 - 00002972 _____ C:\Windows\System32\Tasks\{9B5BF778-11E4-4659-AA71-3D98137748BB}
2014-01-17 21:11 - 2014-01-17 21:11 - 00002972 _____ C:\Windows\System32\Tasks\{95DFB278-E29F-49A1-9CE2-DAC54D4CB0E8}
2014-01-17 15:15 - 2014-01-17 15:15 - 00078308 _____ C:\Users\Sage\Documents\darksouls 1.aep
2014-01-15 15:12 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 15:12 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 15:12 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 15:12 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 15:12 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 15:12 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 15:12 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 15:12 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 15:12 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 21:04 - 2014-01-14 18:05 - 00000000 ____D C:\Users\Sage\Desktop\Lobby For Server
2014-01-13 21:04 - 2014-01-14 16:24 - 00000000 ____D C:\Users\Sage\Desktop\Lobby For Server-
2014-01-12 19:02 - 2014-01-12 19:46 - 00000000 ____D C:\Users\Sage\Desktop\Barney
2014-01-10 15:41 - 2014-01-10 15:41 - 19924817 _____ C:\Users\Sage\Desktop\bukkit.jar
2014-01-10 15:23 - 2014-01-10 15:23 - 00000598 _____ C:\Users\Sage\Desktop\Eclipse.lnk
2014-01-05 20:20 - 2014-01-05 20:20 - 00000000 ____D C:\Users\Sage\AppData\Roaming\AVAST Software
2014-01-05 20:18 - 2014-01-05 20:49 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-05 17:26 - 2014-01-05 17:26 - 00002519 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk
2014-01-05 17:26 - 2014-01-05 17:26 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2014-01-05 17:18 - 2014-01-05 17:27 - 00000000 ____D C:\Users\Sage\Documents\My Media
2014-01-05 17:18 - 2014-01-05 17:18 - 00000000 ____D C:\Users\Sage\AppData\Roaming\OverDrive
2014-01-05 15:26 - 2014-01-06 14:03 - 00000000 ____D C:\Users\Sage\Documents\Adobe After Effects Auto-Save
2014-01-05 14:17 - 2014-01-06 17:43 - 00482108 _____ C:\Users\Sage\Documents\versailles.aep
2014-01-05 11:11 - 2014-01-05 11:11 - 00000000 ____D C:\Users\Sage\AppData\Roaming\skyz
2014-01-05 11:09 - 2014-01-05 11:09 - 00000000 ____D C:\Minecraft_Backup
2014-01-05 01:59 - 2014-01-06 14:04 - 00192546 _____ C:\Users\Sage\Documents\hunger games 1.aep
2014-01-04 23:07 - 2014-01-05 00:00 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Minecraft Skin Viewer
2014-01-04 22:30 - 2014-01-04 22:30 - 00000000 ____D C:\Users\Sage\AppData\Roaming\SYSTEMAX Software Development
2014-01-04 22:30 - 2014-01-04 22:30 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2014-01-02 14:17 - 2014-01-02 14:31 - 00000000 ____D C:\Users\Sage\Desktop\Boats
2013-12-31 13:09 - 2013-12-31 13:09 - 00001094 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2013-12-31 13:09 - 2013-12-31 13:09 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Elgato
2013-12-31 13:09 - 2013-12-31 13:09 - 00000000 ____D C:\Program Files\Elgato
2013-12-31 13:09 - 2012-11-12 03:50 - 00050288 _____ (UB658) C:\Windows\system32\Drivers\ElgatoGC658.sys
2013-12-31 13:08 - 2013-12-31 13:08 - 00000000 ____D C:\Program Files (x86)\Elgato
2013-12-30 20:54 - 2013-12-30 20:54 - 00000000 ____D C:\Users\Sage\AppData\Local\Packages
2013-12-30 12:07 - 2014-01-16 21:37 - 00000000 ____D C:\Users\Sage\Desktop\Factions PvP
2013-12-29 12:58 - 2013-12-29 12:58 - 69426275 _____ C:\Users\Sage\Desktop\EquoCraft.zip
2013-12-27 15:22 - 2013-12-29 09:30 - 00000000 ____D C:\Users\Sage\Desktop\Survival PvP
2013-12-27 14:03 - 2014-01-15 16:30 - 00000000 ____D C:\Users\Sage\Desktop\BungeeCord
2013-12-27 13:38 - 2013-12-29 11:35 - 00000000 ____D C:\Users\Sage\Desktop\Lobby
2013-12-27 13:19 - 2014-01-18 14:55 - 00000000 ____D C:\ProgramData\Fast And Safe
2013-12-25 20:43 - 2013-12-27 13:19 - 00000000 ____D C:\Program Files (x86)\GS Supporter
2013-12-25 20:43 - 2013-12-25 20:43 - 00000000 ____D C:\ProgramData\QuickSet
2013-12-25 20:42 - 2013-12-30 20:54 - 00000000 ____D C:\ProgramData\240f6bdf6ef407ad
 
==================== One Month Modified Files and Folders =======
 
2014-01-21 20:30 - 2014-01-21 20:30 - 00009103 _____ C:\Users\Sage\Downloads\FRST.txt
2014-01-21 20:30 - 2014-01-21 20:30 - 00000000 ____D C:\FRST
2014-01-21 20:24 - 2014-01-21 20:24 - 02077184 _____ (Farbar) C:\Users\Sage\Downloads\FRST64.exe
2014-01-21 20:14 - 2014-01-21 20:14 - 00000051 _____ C:\Users\Sage\Desktop\zachs house.txt
2014-01-21 19:53 - 2014-01-18 15:58 - 00000000 ____D C:\Users\Sage\AppData\Roaming\.minecraft
2014-01-21 19:04 - 2014-01-21 18:51 - 00013917 _____ C:\Users\Sage\Desktop\attach.txt
2014-01-21 18:51 - 2014-01-21 18:51 - 00017807 _____ C:\Users\Sage\Desktop\dds.txt
2014-01-21 18:49 - 2014-01-21 18:49 - 00688992 ____R (Swearware) C:\Users\Sage\Downloads\dds.com
2014-01-21 18:20 - 2014-01-21 18:20 - 00031422 _____ C:\Users\Sage\Desktop\forum.txt
2014-01-21 18:20 - 2014-01-19 09:13 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-21 18:20 - 2014-01-18 17:29 - 00003134 _____ C:\Users\Sage\Desktop\Rkill.txt
2014-01-21 18:20 - 2014-01-18 17:29 - 00000000 ____D C:\Users\Sage\Desktop\rkill
2014-01-21 18:20 - 2014-01-17 21:27 - 00000000 ____D C:\Users\Sage\AppData\Roaming\reader
2014-01-21 18:19 - 2014-01-21 18:19 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sage\Downloads\rkill.exe
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Users\Sage\Desktop\mbar
2014-01-21 18:17 - 2014-01-21 18:16 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Sage\Downloads\mbar-1.07.0.1008.exe
2014-01-21 18:13 - 2014-01-21 17:45 - 00028776 _____ C:\Users\Sage\Downloads\Result.txt
2014-01-21 18:10 - 2014-01-21 17:43 - 00002082 _____ C:\Users\Sage\Downloads\FSS.txt
2014-01-21 18:08 - 2014-01-21 18:08 - 00987425 _____ C:\Users\Sage\Downloads\SecurityCheck (2).exe
2014-01-21 18:05 - 2014-01-21 18:05 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 18:05 - 2014-01-21 18:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 18:05 - 2014-01-21 18:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 18:04 - 2014-01-21 18:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-01-21 17:45 - 2014-01-21 17:45 - 00760063 _____ (Farbar) C:\Users\Sage\Downloads\MiniToolBox.exe
2014-01-21 17:42 - 2014-01-21 17:42 - 00987425 _____ C:\Users\Sage\Downloads\SecurityCheck (1).exe
2014-01-21 17:42 - 2014-01-21 17:42 - 00361185 _____ (Farbar) C:\Users\Sage\Downloads\FSS.exe
2014-01-21 16:35 - 2013-06-23 05:01 - 01183846 _____ C:\Windows\WindowsUpdate.log
2014-01-21 16:14 - 2013-06-23 17:16 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Skype
2014-01-21 16:01 - 2014-01-18 10:59 - 00007604 _____ C:\Users\Sage\AppData\Local\Resmon.ResmonCfg
2014-01-21 15:13 - 2009-07-13 23:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 15:13 - 2009-07-13 23:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 15:12 - 2009-07-14 00:13 - 00799374 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 15:06 - 2013-06-22 15:25 - 00798008 _____ C:\Windows\PFRO.log
2014-01-21 15:06 - 2009-07-13 23:51 - 00080334 _____ C:\Windows\setupact.log
2014-01-20 21:36 - 2013-06-23 05:02 - 00000000 ___RD C:\Users\Sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 21:36 - 2013-06-22 20:05 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 21:36 - 2013-06-22 15:53 - 00000000 ____D C:\Windows\pss
2014-01-20 21:26 - 2014-01-20 21:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-20 20:41 - 2014-01-19 09:40 - 00000000 ___HD C:\{$6666-4448-3690-4432-8983$}
2014-01-20 19:01 - 2013-07-04 09:05 - 00000000 ____D C:\Users\Sage\AppData\Local\CrashDumps
2014-01-20 19:00 - 2014-01-20 19:00 - 01440846 _____ C:\Users\Sage\Downloads\mbam-chameleon-1.62.1.1000 (1).zip
2014-01-20 18:23 - 2014-01-20 18:23 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-20 18:23 - 2013-06-23 05:19 - 00000000 ____D C:\Users\Sage\AppData\Local\Google
2014-01-20 18:23 - 2013-06-23 05:19 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-20 18:19 - 2014-01-20 18:19 - 00819176 _____ (Google Inc.) C:\Users\Sage\Downloads\ChromeSetup.exe
2014-01-20 18:19 - 2014-01-20 18:19 - 00000725 _____ C:\Users\Sage\AppData\Local\recently-used.xbel
2014-01-20 18:19 - 2013-10-31 14:15 - 00000000 ____D C:\Users\Sage\AppData\Local\midori
2014-01-20 18:18 - 2013-10-31 14:16 - 00000000 ____D C:\Users\Sage\.gstreamer-0.10
2014-01-20 18:14 - 2014-01-20 18:14 - 00000000 _____ C:\Users\Sage\Downloads\ChromeSetup_exe (2).02ut7s0.partial
2014-01-20 18:14 - 2014-01-20 18:14 - 00000000 _____ C:\Users\Sage\Downloads\ChromeSetup_exe (1).3z77jk1.partial
2014-01-20 18:13 - 2014-01-20 18:13 - 00000000 _____ C:\Users\Sage\Downloads\ChromeSetup_exe.ncjblzq.partial
2014-01-20 17:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-19 09:37 - 2014-01-19 09:35 - 24859352 _____ (Microsoft Corporation) C:\Users\Sage\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-19 09:12 - 2014-01-19 09:12 - 00000056 _____ C:\Users\Sage\AppData\Roaming\mbam.context.scan
2014-01-19 09:00 - 2014-01-18 18:26 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-18 18:26 - 2014-01-18 18:26 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2014-01-18 18:25 - 2014-01-18 18:25 - 02365840 _____ C:\Users\Sage\Downloads\SecurityTaskManager_Setup.exe
2014-01-18 18:02 - 2014-01-18 18:02 - 00987425 _____ C:\Users\Sage\Downloads\SecurityCheck.exe
2014-01-18 17:58 - 2014-01-18 17:58 - 00448512 _____ (OldTimer Tools) C:\Users\Sage\Downloads\TFC (1).exe
2014-01-18 17:31 - 2014-01-18 17:31 - 00448512 _____ (OldTimer Tools) C:\Users\Sage\Downloads\TFC.exe
2014-01-18 17:29 - 2014-01-18 17:29 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Sage\Downloads\rkill.scr
2014-01-18 17:28 - 2014-01-18 17:28 - 00000335 _____ C:\Users\Sage\Downloads\FixExe.reg
2014-01-18 17:10 - 2013-09-08 19:32 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-18 15:58 - 2014-01-18 15:58 - 00675988 _____ C:\Users\Sage\Desktop\Minecraft.exe
2014-01-18 14:55 - 2013-12-27 13:19 - 00000000 ____D C:\ProgramData\Fast And Safe
2014-01-18 14:48 - 2014-01-18 14:48 - 00065232 _____ (Malwarebytes) C:\Users\Sage\Downloads\regassassin-setup-1.03.exe
2014-01-18 14:45 - 2014-01-18 14:45 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Malwarebytes
2014-01-18 14:44 - 2014-01-18 14:44 - 00000000 ____D C:\Users\Sage\Downloads\mbam-chameleon-1.62.1.1000
2014-01-18 14:43 - 2014-01-18 14:43 - 01440846 _____ C:\Users\Sage\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-01-18 12:22 - 2014-01-18 12:22 - 00232248 _____ C:\Users\Sage\Downloads\CoreProtect_2.0.8 (1).jar
2014-01-18 12:17 - 2014-01-18 12:17 - 00232248 _____ C:\Users\Sage\Downloads\CoreProtect_2.0.8.jar
2014-01-18 12:14 - 2014-01-18 12:14 - 00194943 _____ C:\Users\Sage\Downloads\LogBlock.jar
2014-01-18 11:21 - 2014-01-18 11:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 11:13 - 2014-01-18 11:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sage\Downloads\explorer.exe
2014-01-18 11:10 - 2013-06-23 05:21 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-18 09:12 - 2014-01-18 09:12 - 00000627 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-18 09:12 - 2014-01-18 09:12 - 00000000 ____D C:\Users\Sage\AppData\Roaming\SUPERAntiSpyware.com
2014-01-18 09:12 - 2014-01-18 09:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-18 07:40 - 2014-01-18 07:40 - 00000000 _____ C:\Users\Sage\AppData\Roaming\system.ini
2014-01-18 07:39 - 2013-06-23 05:19 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 07:38 - 2013-10-18 08:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 07:38 - 2013-06-23 05:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 02:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 21:27 - 2014-01-18 15:54 - 00227840 __RSH C:\ProgramData\812477880.exe
2014-01-17 21:27 - 2014-01-17 21:27 - 00000000 _____ C:\Users\Sage\13stdybt37.tmp
2014-01-17 21:27 - 2013-06-23 05:02 - 00000000 ____D C:\Users\Sage
2014-01-17 21:18 - 2014-01-17 21:18 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Oxy
2014-01-17 21:12 - 2014-01-17 21:12 - 00002972 _____ C:\Windows\System32\Tasks\{E21A55EC-8048-46AF-B204-D4E79AD9B1A2}
2014-01-17 21:12 - 2014-01-17 21:12 - 00002972 _____ C:\Windows\System32\Tasks\{1BFC770E-A9FD-41FE-8750-47E4CF8D9A3E}
2014-01-17 21:11 - 2014-01-17 21:11 - 00002972 _____ C:\Windows\System32\Tasks\{F4276303-28B7-4E28-B66C-E0D2D90441CC}
2014-01-17 21:11 - 2014-01-17 21:11 - 00002972 _____ C:\Windows\System32\Tasks\{9B5BF778-11E4-4659-AA71-3D98137748BB}
2014-01-17 21:11 - 2014-01-17 21:11 - 00002972 _____ C:\Windows\System32\Tasks\{95DFB278-E29F-49A1-9CE2-DAC54D4CB0E8}
2014-01-17 17:05 - 2013-08-02 09:23 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3FDE4F24-CAEB-4BBD-91E4-247E8EF2B4C9}
2014-01-17 15:15 - 2014-01-17 15:15 - 00078308 _____ C:\Users\Sage\Documents\darksouls 1.aep
2014-01-17 13:39 - 2013-08-08 11:08 - 00000132 _____ C:\Users\Sage\AppData\Roaming\Adobe PNG Format CC Prefs
2014-01-17 11:57 - 2013-12-05 20:41 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Audacity
2014-01-17 11:10 - 2013-07-02 14:53 - 00000000 ____D C:\Users\Sage\AppData\Local\Adobe
2014-01-17 11:09 - 2013-06-24 01:00 - 00000000 ____D C:\Users\Sage\.gimp-2.8
2014-01-16 21:37 - 2013-12-30 12:07 - 00000000 ____D C:\Users\Sage\Desktop\Factions PvP
2014-01-16 18:30 - 2013-09-20 17:08 - 00000000 ____D C:\Users\Sage\AppData\Roaming\TS3Client
2014-01-16 17:20 - 2013-09-20 17:07 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2014-01-16 16:20 - 2013-06-22 16:27 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-16 16:20 - 2009-07-13 23:45 - 05109704 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 21:25 - 2013-08-14 21:20 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 16:30 - 2013-12-27 14:03 - 00000000 ____D C:\Users\Sage\Desktop\BungeeCord
2014-01-14 18:05 - 2014-01-13 21:04 - 00000000 ____D C:\Users\Sage\Desktop\Lobby For Server
2014-01-14 16:24 - 2014-01-13 21:04 - 00000000 ____D C:\Users\Sage\Desktop\Lobby For Server-
2014-01-12 19:46 - 2014-01-12 19:02 - 00000000 ____D C:\Users\Sage\Desktop\Barney
2014-01-12 18:51 - 2013-06-22 14:48 - 00000000 ____D C:\Users\Sage\AppData\Roaming\vlc
2014-01-10 19:28 - 2013-09-07 16:22 - 00000000 ____D C:\Users\Sage\workspace
2014-01-10 15:41 - 2014-01-10 15:41 - 19924817 _____ C:\Users\Sage\Desktop\bukkit.jar
2014-01-10 15:23 - 2014-01-10 15:23 - 00000598 _____ C:\Users\Sage\Desktop\Eclipse.lnk
2014-01-10 06:52 - 2013-11-13 18:19 - 00000000 ____D C:\Users\Sage\AppData\Local\Microsoft Help
2014-01-06 17:44 - 2013-07-23 13:46 - 00000000 ____D C:\Users\Sage\AppData\Roaming\HandBrake
2014-01-06 17:43 - 2014-01-05 14:17 - 00482108 _____ C:\Users\Sage\Documents\versailles.aep
2014-01-06 16:20 - 2013-08-07 14:23 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-06 14:04 - 2014-01-05 01:59 - 00192546 _____ C:\Users\Sage\Documents\hunger games 1.aep
2014-01-06 14:03 - 2014-01-05 15:26 - 00000000 ____D C:\Users\Sage\Documents\Adobe After Effects Auto-Save
2014-01-05 20:49 - 2014-01-05 20:18 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-05 20:20 - 2014-01-05 20:20 - 00000000 ____D C:\Users\Sage\AppData\Roaming\AVAST Software
2014-01-05 20:18 - 2013-06-22 16:27 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-05 20:18 - 2013-06-22 16:27 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-05 20:18 - 2013-06-22 16:27 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-05 20:18 - 2013-06-22 16:27 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-05 20:18 - 2013-06-22 16:27 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-05 20:18 - 2013-06-22 16:27 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-05 20:18 - 2013-06-22 16:27 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-05 20:18 - 2013-06-22 16:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-05 20:18 - 2013-06-22 16:27 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-05 20:14 - 2013-06-22 16:27 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-05 20:14 - 2013-06-22 16:26 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-05 17:27 - 2014-01-05 17:18 - 00000000 ____D C:\Users\Sage\Documents\My Media
2014-01-05 17:26 - 2014-01-05 17:26 - 00002519 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk
2014-01-05 17:26 - 2014-01-05 17:26 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2014-01-05 17:18 - 2014-01-05 17:18 - 00000000 ____D C:\Users\Sage\AppData\Roaming\OverDrive
2014-01-05 13:37 - 2013-09-19 16:10 - 00001257 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-01-05 13:13 - 2012-06-11 23:38 - 00302592 _____ C:\Users\Sage\Desktop\Minecraft Skin Viewer.exe
2014-01-05 11:11 - 2014-01-05 11:11 - 00000000 ____D C:\Users\Sage\AppData\Roaming\skyz
2014-01-05 11:09 - 2014-01-05 11:09 - 00000000 ____D C:\Minecraft_Backup
2014-01-05 00:00 - 2014-01-04 23:07 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Minecraft Skin Viewer
2014-01-04 22:30 - 2014-01-04 22:30 - 00000000 ____D C:\Users\Sage\AppData\Roaming\SYSTEMAX Software Development
2014-01-04 22:30 - 2014-01-04 22:30 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2014-01-04 19:05 - 2013-06-23 05:16 - 00114520 _____ C:\Users\Sage\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-04 18:48 - 2013-07-03 09:00 - 00000000 ____D C:\Users\Sage\Documents\Adobe
2014-01-04 18:48 - 2013-06-22 14:45 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Adobe
2014-01-02 19:51 - 2013-12-05 18:18 - 00000000 ____D C:\Users\Sage\AppData\Roaming\openvr
2014-01-02 14:31 - 2014-01-02 14:17 - 00000000 ____D C:\Users\Sage\Desktop\Boats
2014-01-01 19:44 - 2013-11-16 11:17 - 00000132 _____ C:\Users\Sage\AppData\Roaming\Adobe GIF Format CC Prefs
2013-12-31 13:09 - 2013-12-31 13:09 - 00001094 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2013-12-31 13:09 - 2013-12-31 13:09 - 00000000 ____D C:\Users\Sage\AppData\Roaming\Elgato
2013-12-31 13:09 - 2013-12-31 13:09 - 00000000 ____D C:\Program Files\Elgato
2013-12-31 13:08 - 2013-12-31 13:08 - 00000000 ____D C:\Program Files (x86)\Elgato
2013-12-30 20:54 - 2013-12-30 20:54 - 00000000 ____D C:\Users\Sage\AppData\Local\Packages
2013-12-30 20:54 - 2013-12-25 20:42 - 00000000 ____D C:\ProgramData\240f6bdf6ef407ad
2013-12-29 12:58 - 2013-12-29 12:58 - 69426275 _____ C:\Users\Sage\Desktop\EquoCraft.zip
2013-12-29 11:35 - 2013-12-27 13:38 - 00000000 ____D C:\Users\Sage\Desktop\Lobby
2013-12-29 09:30 - 2013-12-27 15:22 - 00000000 ____D C:\Users\Sage\Desktop\Survival PvP
2013-12-27 13:19 - 2013-12-25 20:43 - 00000000 ____D C:\Program Files (x86)\GS Supporter
2013-12-26 20:44 - 2013-09-08 15:10 - 00000000 ____D C:\Users\Sage\AppData\Local\PMB Files
2013-12-26 20:44 - 2013-09-08 15:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-12-25 22:05 - 2013-11-30 18:24 - 00000000 ____D C:\Users\Sage\Desktop\terrorist
2013-12-25 20:43 - 2013-12-25 20:43 - 00000000 ____D C:\ProgramData\QuickSet
2013-12-25 20:43 - 2013-07-04 20:00 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-24 18:13 - 2013-11-20 21:24 - 02304092 _____ () C:\Users\Sage\Desktop\TechnicLauncher.exe
2013-12-24 18:13 - 2013-11-20 20:48 - 00000000 ____D C:\Users\Sage\AppData\Roaming\.technic
 
Files to move or delete:
====================
C:\Users\Sage\AppData\Roaming\CamLayout.ini
C:\Users\Sage\AppData\Roaming\CamShapes.ini
C:\Users\Sage\AppData\Roaming\system.ini
C:\ProgramData\812477880.exe
C:\Users\Sage\jagex_cl_runescape_LIVE.dat
C:\Users\Sage\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Sage\AppData\Local\Temp\aacenc3.exe
C:\Users\Sage\AppData\Local\Temp\bbcap.dll
C:\Users\Sage\AppData\Local\Temp\bbchlp.dll
C:\Users\Sage\AppData\Local\Temp\burnsetup.exe
C:\Users\Sage\AppData\Local\Temp\comver.dll
C:\Users\Sage\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Sage\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Sage\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Sage\AppData\Local\Temp\EBU513B.exe
C:\Users\Sage\AppData\Local\Temp\EBU5E93.DLL
C:\Users\Sage\AppData\Local\Temp\EBU60A7.exe
C:\Users\Sage\AppData\Local\Temp\EBU6C1C.DLL
C:\Users\Sage\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Sage\AppData\Local\Temp\htmlayout.dll
C:\Users\Sage\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-1172.dll
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-1223.dll
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-14.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-27-gdc25312-b2814jnks.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R1.0-8-g6ce3ba1-b2904jnks.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-MCPC-Plus-jenkins-MCPC-Plus-107.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1163.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1172.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1223.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-14.dll
C:\Users\Sage\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Sage\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Sage\AppData\Local\Temp\npp.6.5.Installer.exe
C:\Users\Sage\AppData\Local\Temp\ose00000.exe
C:\Users\Sage\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sage\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Sage\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Sage\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Sage\AppData\Local\Temp\_is6C0B.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-10 23:38
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by Sage at 2014-01-21 20:31:01
Running from C:\Users\Sage\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
@BIOS (x32 Version: 2.28 - GIGABYTE)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe After Effects CC (x32 Version: 12.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (x32 Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122 - Adobe Systems, Inc.)
Age of Mythology (x32 Version:  - )
AMD Accelerated Video Transcoding (Version: 13.20.100.30723 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80723.2017 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Application Profiles (x32 Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
Arma 2 (x32 Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (x32 Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (x32 Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (x32 Version:  - )
Armagetron Advanced 0.2.8.3.2 (x32 Version: 0.2.8.3.2 - Armagetron Advanced Team)
Artemis Artemis (x32 Version: 2.00.0 - Thom Robertson)
ASIO4ALL (x32 Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 10.10.0.41001 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 1942 Multiplayer Demo (x32 Version:  - )
BattlEye for OA Uninstall (x32 Version:  - )
BattlEye Uninstall (x32 Version:  - )
Blender (Version: 2.67b - Blender Foundation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
DayZ Commander (x32 Version: 0.92.85 - Dotjosh Studios)
Debut Video Capture Software (x32 Version: 1.82 - NCH Software)
Dota 2 (x32 Version:  - Valve)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EAX™ Unified (SHELL) (x32 Version:  - )
Elgato Game Capture HD (x32 Version: 1.42.9.524 - Elgato Systems GmbH)
Express Burn (x32 Version:  - NCH Software)
Fast And Safe (x32 Version:  - BullPoint)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
FINAL FANTASY VIII (x32 Version:  - )
FL Studio 11 (x32 Version:  - Image-Line)
FlowStone FL 3.0 (x32 Version:  - )
Fraps (remove only) (x32 Version:  - )
Free WMA to MP3 Converter 1.16 (x32 Version:  - Jodix Technologies Ltd.)
Game Capture HD v2.3.3.38 (x32 Version: 2.3.3.38 - Elgato Systems)
GameMaker: Studio (x32 Version:  - YoYo Games Ltd.)
GameSpy Arcade (x32 Version:  - )
GIMP 2.8.4 (Version: 2.8.4 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GS.Enabler (x32 Version: 3.3.0.1124 - PremiumSoft) <==== ATTENTION
GTAIII (x32 Version:  - )
Half-Life 2 Deathmatch version 1821765 (Version: 1821765 - Strogino CS Portal)
HandBrake 0.9.9.1 (x32 Version: 0.9.9.1 - )
HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
IL Download Manager (x32 Version:  - Image-Line)
IL Shared Libraries (x32 Version:  - Image-Line)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
League of Legends (x32 Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lost Saga (x32 Version:  - WeMade Entertainment USA)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Zoo Tycoon (x32 Version:  - )
Midori 0.5.5 (x32 Version: 0.5.5 - Christian Dywan)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
MP3 Audio Recorder  (x32 Version:  - Flywing Inc.)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (x32 Version: 1.0.0 - Microsoft Game Studios)
Neat Video v3.4.0 Demo plug-in for After Effects (64-bit) (Version:  - Neat Video team, ABSoft)
Notepad++ (x32 Version: 6.5.1 - Notepad++ Team)
Octodad (x32 Version:  - )
ON_OFF Charge B12.1025.1 (x32 Version: 1.00.0001 - GIGABYTE)
OverDrive Media Console (x32 Version: 3.2.20 - OverDrive, Inc.)
Overwolf (x32 Version: 0.45.266 - Overwolf)
PaintTool SAI Ver.1 (x32 Version:  - )
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (x32 Version:  - Sony Online Entertainment)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
ROBLOX Player for Sage (HKCU Version:  - ROBLOX Corporation)
Samsung Data Migration (x32 Version: 2.0 - Samsung)
Security Task Manager 1.8g (x32 Version: 1.8g - Neuber Software)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sniper Elite V2 (x32 Version:  - Rebellion)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (x32 Version:  - Valve)
TeamSpeak 3 Client (x32 Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TP-LINK TL-WDN4800 Driver (x32 Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (x32 Version: 1.3.1 - TP-LINK)
TrackMania Nations Forever (x32 Version:  - Nadeo)
Trapcode Suite 64-bit (Version: 11.0.3 - Red Giant Software) Hidden
Trapcode Suite 64-bit (x32 Version: 11.0.3 - Red Giant Software)
Unity (x32 Version:  - Unity Technologies ApS)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
Vuze (Version: 5.1.0.0 - Azureus Software, Inc.)
Warframe (x32 Version:  - Digital Extremes)
World of Tanks (x32 Version:  - Wargaming.net)
Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {30AB1C52-3C26-4549-86B3-012A3E885196} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6859C0B1-5B16-4334-9D22-1C63E1E486B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6B2E48F5-FEEE-4746-AF9C-2ED1D7E72A1B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-05] (AVAST Software)
Task: {8C8F2A9D-C5A3-4C2A-9245-67A1AF8E15F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {9E8B5C0B-931E-40C4-AC66-A2BB9AAC6208} - System32\Tasks\{9B5BF778-11E4-4659-AA71-3D98137748BB} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {A741321E-0901-47D1-A613-7129456052B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
Task: {A8A7A9D9-9ADB-4BF8-9DD6-BBB5A7EBA9FA} - System32\Tasks\{F4276303-28B7-4E28-B66C-E0D2D90441CC} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {CD1A749B-04DC-4845-8FD8-54105FEF3501} - System32\Tasks\{95DFB278-E29F-49A1-9CE2-DAC54D4CB0E8} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {D9785A3C-59BB-4292-8978-8E99AF2B47F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
Task: {E08CA1E4-7BB5-4417-BEEF-52CA4398374F} - System32\Tasks\{1BFC770E-A9FD-41FE-8750-47E4CF8D9A3E} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {EDE452F6-56E1-4F04-8DCD-1AD87A912F65} - System32\Tasks\{E21A55EC-8048-46AF-B204-D4E79AD9B1A2} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {F0FF7A79-37B1-4655-8FA8-E6C9A4CDD4AC} - System32\Tasks\AdobeAAMUpdater-1.0-Sage-PC-Sage => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-01-20 16:33 - 2014-01-20 12:52 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012001\algo.dll
2014-01-21 19:07 - 2014-01-21 17:40 - 02156032 _____ () C:\Program Files\AVAST Software\Avast\defs\14012101\algo.dll
2014-01-05 20:18 - 2014-01-05 20:18 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-01-20 18:23 - 2014-01-11 05:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-20 18:23 - 2014-01-11 05:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-20 18:23 - 2014-01-11 05:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-20 18:23 - 2014-01-11 05:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-20 18:23 - 2014-01-11 05:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Sage\Cookies:asS5CyvFzbo66yHdG
AlternateDataStreams: C:\Users\Sage\AppData\Local\JJJXDBXLC9mwf:7tSjKXz7kX5W8OvMNOGYJ1VHB
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/21/2014 08:30:10 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/21/2014 08:30:10 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: An attempt to open the file "C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/21/2014 08:30:00 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/21/2014 08:30:00 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: An attempt to open the file "C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/21/2014 08:29:49 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/21/2014 08:29:49 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: An attempt to open the file "C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/21/2014 08:29:39 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/21/2014 08:29:39 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: An attempt to open the file "C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/21/2014 08:29:29 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/21/2014 08:29:29 PM) (Source: ESENT) (User: )
Description: DllHost (2084) WebCacheLocal: An attempt to open the file "C:\Users\Sage\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (01/20/2014 09:12:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:12:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:12:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/20/2014 09:03:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-05 19:55:05.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.551
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-05 19:55:05.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 24%
Total physical RAM: 8153.06 MB
Available physical RAM: 6145.1 MB
Total Pagefile: 16304.3 MB
Available Pagefile: 13628.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:28 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:465.66 GB) (Free:97.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: BC8E4420)
Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F4361362)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 22 January 2014 - 01:22 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   4.29KB   7 downloads

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 BobTheCow

BobTheCow
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 22 January 2014 - 06:34 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014
Ran by Sage at 2014-01-22 06:32:15 Run:1
Running from C:\Users\Sage\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] C:\Users\Sage\AppData\Roaming\reader\reader.exe,explorer.exe <==== ATTENTION 
HKCU\...\CurrentVersion\Windows: [Load] C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe <===== ATTENTION
C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe 
C:\Users\Sage\AppData\Roaming\reader\reader.exe
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4459520 2013-12-27] ()
C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL 
C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll 
BHO: EnnjooYCouupon - {6514BB6F-34B5-3C2A-AA7C-B7A014691428} - C:\ProgramData\EnnjooYCouupon\gC5YN83BE.x64.dll No File
C:\ProgramData\EnnjooYCouupon
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 64af91bf; C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [174416 2013-12-27] ()
014-01-19 09:40 - 2014-01-20 20:41 - 00000000 ___HD C:\{$6666-4448-3690-4432-8983$}
2014-01-19 09:13 - 2014-01-21 18:20 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}
2013-12-27 13:19 - 2014-01-18 14:55 - 00000000 ____D C:\ProgramData\Fast And Safe
2013-12-25 20:42 - 2013-12-30 20:54 - 00000000 ____D C:\ProgramData\240f6bdf6ef407ad
4-01-21 18:20 - 2014-01-17 21:27 - 00000000 ____D C:\Users\Sage\AppData\Roaming\reader
C:\Users\Sage\AppData\Roaming\CamLayout.ini
C:\Users\Sage\AppData\Roaming\CamShapes.ini
C:\Users\Sage\AppData\Roaming\system.ini
C:\ProgramData\812477880.exe
C:\Users\Sage\jagex_cl_runescape_LIVE.dat
C:\Users\Sage\random.dat
C:\Users\Sage\AppData\Local\Temp\aacenc3.exe
C:\Users\Sage\AppData\Local\Temp\bbcap.dll
C:\Users\Sage\AppData\Local\Temp\bbchlp.dll
C:\Users\Sage\AppData\Local\Temp\burnsetup.exe
C:\Users\Sage\AppData\Local\Temp\comver.dll
C:\Users\Sage\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Sage\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Sage\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Sage\AppData\Local\Temp\EBU513B.exe
C:\Users\Sage\AppData\Local\Temp\EBU5E93.DLL
C:\Users\Sage\AppData\Local\Temp\EBU60A7.exe
C:\Users\Sage\AppData\Local\Temp\EBU6C1C.DLL
C:\Users\Sage\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Sage\AppData\Local\Temp\htmlayout.dll
C:\Users\Sage\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-1172.dll
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-1223.dll
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-14.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-27-gdc25312-b2814jnks.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R1.0-8-g6ce3ba1-b2904jnks.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-MCPC-Plus-jenkins-MCPC-Plus-107.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1163.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1172.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1223.dll
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-14.dll
C:\Users\Sage\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Sage\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Sage\AppData\Local\Temp\npp.6.5.Installer.exe
C:\Users\Sage\AppData\Local\Temp\ose00000.exe
C:\Users\Sage\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sage\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Sage\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Sage\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Sage\AppData\Local\Temp\_is6C0B.exe
Task: {9E8B5C0B-931E-40C4-AC66-A2BB9AAC6208} - System32\Tasks\{9B5BF778-11E4-4659-AA71-3D98137748BB} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {A8A7A9D9-9ADB-4BF8-9DD6-BBB5A7EBA9FA} - System32\Tasks\{F4276303-28B7-4E28-B66C-E0D2D90441CC} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {CD1A749B-04DC-4845-8FD8-54105FEF3501} - System32\Tasks\{95DFB278-E29F-49A1-9CE2-DAC54D4CB0E8} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {E08CA1E4-7BB5-4417-BEEF-52CA4398374F} - System32\Tasks\{1BFC770E-A9FD-41FE-8750-47E4CF8D9A3E} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
Task: {EDE452F6-56E1-4F04-8DCD-1AD87A912F65} - System32\Tasks\{E21A55EC-8048-46AF-B204-D4E79AD9B1A2} => C:\Users\Sage\Downloads\{REQUEST_STRING}_Downloader.exe
AlternateDataStreams: C:\Users\Sage\Cookies:asS5CyvFzbo66yHdG
AlternateDataStreams: C:\Users\Sage\AppData\Local\JJJXDBXLC9mwf:7tSjKXz7kX5W8OvMNOGYJ1VHB 
 
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
Could not move "C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe" => Scheduled to move on reboot.
C:\Users\Sage\AppData\Roaming\reader\reader.exe => Moved successfully.
"C:\\PROGRA~3\\FASTAN~1\\FASTAN~2.DLL" => Value Data removed successfully.
C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => Moved successfully.
"C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6514BB6F-34B5-3C2A-AA7C-B7A014691428} => Key deleted successfully.
HKCR\CLSID\{6514BB6F-34B5-3C2A-AA7C-B7A014691428} => Key deleted successfully.
"C:\ProgramData\EnnjooYCouupon" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
64af91bf => Service deleted successfully.
 
"C:\ProgramData\{$6666-4448-3690-4432-8983$}" directory move:
 
C:\ProgramData\{$6666-4448-3690-4432-8983$}\812477880 => Moved successfully.
Could not move "C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{$6666-4448-3690-4432-8983$}" directory. => Scheduled to move on reboot.
 
C:\ProgramData\Fast And Safe => Moved successfully.
C:\ProgramData\240f6bdf6ef407ad => Moved successfully.
C:\Users\Sage\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Sage\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Sage\AppData\Roaming\system.ini => Moved successfully.
Could not move "C:\ProgramData\812477880.exe" => Scheduled to move on reboot.
C:\Users\Sage\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Sage\random.dat => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\aacenc3.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\bbcap.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\bbchlp.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\burnsetup.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\comver.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\Creative Cloud Helper.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\CreativeCloudSet-Up.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\dsp_ipp.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\EBU513B.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\EBU5E93.DLL => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\EBU60A7.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\EBU6C1C.DLL => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\FlashBackDriverInstaller.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-1172.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-1223.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-32-git-Spigot-14.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-27-gdc25312-b2814jnks.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R1.0-8-g6ce3ba1-b2904jnks.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-MCPC-Plus-jenkins-MCPC-Plus-107.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1163.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1172.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-1223.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jansi-64-git-Spigot-14.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\npp.6.5.1.Installer.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\npp.6.5.Installer.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Users\Sage\AppData\Local\Temp\_is6C0B.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E8B5C0B-931E-40C4-AC66-A2BB9AAC6208} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E8B5C0B-931E-40C4-AC66-A2BB9AAC6208} => Key deleted successfully.
C:\Windows\System32\Tasks\{9B5BF778-11E4-4659-AA71-3D98137748BB} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9B5BF778-11E4-4659-AA71-3D98137748BB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8A7A9D9-9ADB-4BF8-9DD6-BBB5A7EBA9FA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8A7A9D9-9ADB-4BF8-9DD6-BBB5A7EBA9FA} => Key deleted successfully.
C:\Windows\System32\Tasks\{F4276303-28B7-4E28-B66C-E0D2D90441CC} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4276303-28B7-4E28-B66C-E0D2D90441CC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD1A749B-04DC-4845-8FD8-54105FEF3501} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD1A749B-04DC-4845-8FD8-54105FEF3501} => Key deleted successfully.
C:\Windows\System32\Tasks\{95DFB278-E29F-49A1-9CE2-DAC54D4CB0E8} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95DFB278-E29F-49A1-9CE2-DAC54D4CB0E8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E08CA1E4-7BB5-4417-BEEF-52CA4398374F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E08CA1E4-7BB5-4417-BEEF-52CA4398374F} => Key deleted successfully.
C:\Windows\System32\Tasks\{1BFC770E-A9FD-41FE-8750-47E4CF8D9A3E} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1BFC770E-A9FD-41FE-8750-47E4CF8D9A3E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDE452F6-56E1-4F04-8DCD-1AD87A912F65} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDE452F6-56E1-4F04-8DCD-1AD87A912F65} => Key deleted successfully.
C:\Windows\System32\Tasks\{E21A55EC-8048-46AF-B204-D4E79AD9B1A2} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E21A55EC-8048-46AF-B204-D4E79AD9B1A2} => Key deleted successfully.
"C:\Users\Sage\Cookies" => ":asS5CyvFzbo66yHdG" ADS not found.
C:\Users\Sage\AppData\Local\JJJXDBXLC9mwf => ":7tSjKXz7kX5W8OvMNOGYJ1VHB" ADS removed successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-22 06:33:45)<=
 
C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe => Is moved successfully.
C:\ProgramData\{$6666-4448-3690-4432-8983$}\nacl64.exe => Is moved successfully.
C:\ProgramData\{$6666-4448-3690-4432-8983$} => Is moved successfully.
C:\ProgramData\812477880.exe => Moved successfully.
 
==== End of Fixlog ====


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 22 January 2014 - 10:39 AM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 BobTheCow

BobTheCow
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 22 January 2014 - 03:09 PM

The performance has returned to normal :D

The start-up black screen is gone :D

 

I'm still getting weird permission errors though? It might be something unrelated to this issue?

 

You've done so much already Thank You! 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 22 January 2014 - 03:43 PM

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

 

Tell me how the permissions are after running this tool. Then we will scan for any leftovers.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 BobTheCow

BobTheCow
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 22 January 2014 - 06:17 PM

The Permission Problems Are fixed the performance seems to be slightly slow still  though

for instance Skype is super super slow lately

 

I guess we're ready for clean up then!



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 22 January 2014 - 06:28 PM

Lets scan for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 26 January 2014 - 12:09 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 BobTheCow

BobTheCow
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 26 January 2014 - 06:30 PM

Before I give you my logs I want to tell you lots of my programs are taking up to 15 minutes to load or open and also start-up is slow again.

 

Thanks For Helping And Sorry I took so long :)

 

Malwarebytes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.26.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sage :: SAGE-PC [administrator]
 
1/26/2014 6:27:50 PM
mbam-log-2014-01-26 (18-27-50).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236000
Time elapsed: 2 minute(s), 28 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NACL64.EXE (Trojan.Agent.BCM) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\{$6666-4448-3690-4432-8983$} (Trojan.Agent.BCM) -> Quarantined and deleted successfully.
 
Files Detected: 2
C:\{$6666-4448-3690-4432-8983$}\812477880 (Trojan.Agent.BCM) -> Quarantined and deleted successfully.
C:\{$6666-4448-3690-4432-8983$}\nacl64.exe (Trojan.Agent.BCM) -> Quarantined and deleted successfully.
 
(end)

 

 

 

ESET:

 

ESETSmartInstaller@High as downloader log:

all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff6bf18131a731499ecfe73f1b181e35
# engine=16802
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-26 10:12:54
# local_time=2014-01-26 05:12:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 0 885251 0 0
# compatibility_mode=5893 16776573 100 94 0 142317824 0 0
# scanned=405140
# found=30
# cleaned=0
# scan_time=27687
sh=4F8A16E8F1169FA213DE7C018613F2FD81501FC7 ft=1 fh=4d1259c2ced35da4 vn="a variant of MSIL/Injector.CNT trojan" ac=I fn="C:\FRST\Quarantine\812477880.exe"
sh=4F8A16E8F1169FA213DE7C018613F2FD81501FC7 ft=1 fh=4d1259c2ced35da4 vn="a variant of MSIL/Injector.CNT trojan" ac=I fn="C:\FRST\Quarantine\reader.exe"
sh=E9294BB2410D6125502911895419208C5CA63AD1 ft=1 fh=8419c0bdd3aca654 vn="a variant of Win32/SProtector.D application" ac=I fn="C:\FRST\Quarantine\Fast And Safe\FastAndSafeSvc.dll"
sh=4C82C3FFF1133A656899079476A8EE556A985A0D ft=1 fh=29e4bf6d0b603909 vn="a variant of Win32/Bunndle application" ac=I fn="C:\Program Files\Vuze\.install4j\BunndleOfferManager.dll"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\ProgramData\InstallMate\{A18419CF-8412-4A3C-A8D7-CC307A673B39}\Custom.dll"
sh=4C982CA802F5CAD83610BE680B7973912357F650 ft=1 fh=c71c0011e8542f63 vn="a variant of Win32/AdWare.MultiPlug.N application" ac=I fn="C:\ProgramData\SecTaskMan\gC5YN83BE.dll.q_Quarantine_14397C06_q"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\Users\All Users\InstallMate\{A18419CF-8412-4A3C-A8D7-CC307A673B39}\Custom.dll"
sh=E815CE2A8FC255C897EF4EB7B8111B45946770C8 ft=1 fh=50e4497e7abacfed vn="Win32/OneInstaller.C application" ac=I fn="C:\Users\Sage\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
sh=15004530138D71F136FA48DC0C2C6255A70C368A ft=1 fh=3d9ab185c88904d3 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sage\Documents\Vuze Downloads\FL Studio Producer Edition 11.0.1 Final - R2R [ChingLiu]\Setup\flstudio_11.exe"
sh=E815CE2A8FC255C897EF4EB7B8111B45946770C8 ft=1 fh=50e4497e7abacfed vn="Win32/OneInstaller.C application" ac=I fn="C:\Users\Sage\Downloads\Minecraft_1.7.2.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=4F8A16E8F1169FA213DE7C018613F2FD81501FC7 ft=1 fh=4d1259c2ced35da4 vn="a variant of MSIL/Injector.CNT trojan" ac=I fn="C:\{$6666-4448-3690-4432-8983$}\nacl64.exe"
sh=B38C2B285D3FC85DF472FB3A7132E9C15599C159 ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="F:\SAGE-PC\Backup Set 2013-07-09 175710\Backup Files 2013-07-14 214635\Backup files 3.zip"
sh=BE69DBEBB00CCA8803AC69800E477AE4EDCCB1AF ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="F:\SAGE-PC\Backup Set 2013-07-09 175710\Backup Files 2013-07-14 214635\Backup files 9.zip"
sh=E75CC24AC196D383C08A2C6B1F82BFF5C275AC83 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\SAGE-PC\Backup Set 2013-07-09 175710\Backup Files 2013-08-04 190000\Backup files 7.zip"
sh=9C1B16B328D2007074A5B2CFE2F3C22235B53911 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="F:\SAGE-PC\Backup Set 2013-07-09 175710\Backup Files 2013-08-19 055420\Backup files 12.zip"
sh=4D964271A791E6A32CC98CFECF6ABB586498DA7C ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="F:\SAGE-PC\Backup Set 2013-08-26 180055\Backup Files 2013-08-26 180055\Backup files 17.zip"
sh=E8743564358FF559B1F85CAAB4E858058FC816E1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\SAGE-PC\Backup Set 2013-08-26 180055\Backup Files 2013-08-26 180055\Backup files 54.zip"
sh=C3469E30BCCA70A65E509FA280F09EE2A514C63E ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="F:\SAGE-PC\Backup Set 2013-08-26 180055\Backup Files 2013-08-26 180055\Backup files 6.zip"
sh=424AD3106811ACA8B22792BE65FE78016E752949 ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="F:\SAGE-PC\Backup Set 2013-09-20 175339\Backup Files 2013-09-20 175339\Backup files 8.zip"
sh=8D3A7E6FE1D7949E682CD97C3D8019715466F219 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\SAGE-PC\Backup Set 2013-09-20 175339\Backup Files 2013-09-20 175339\Backup files 87.zip"
sh=2DCB6C16B3CF2618C481FC70EBD5AF48F7DA97D8 ft=0 fh=0000000000000000 vn="a variant of Win32/RemoteAdmin.RAdmin.AC application" ac=I fn="F:\SAGE-PC\Backup Set 2013-09-20 175339\Backup Files 2013-11-10 190000\Backup files 4.zip"
sh=459DDC1982770A795FEC65B26A288849EDC834CE ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.ES application" ac=I fn="F:\SAGE-PC\Backup Set 2013-12-08 190000\Backup Files 2013-12-08 190000\Backup files 10.zip"
sh=E2862878E77643A69AEFD15362D7BC231FE4052F ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="F:\SAGE-PC\Backup Set 2013-12-08 190000\Backup Files 2013-12-08 190000\Backup files 23.zip"
sh=C0C27112E0888A3B137241D8084D997A62BC6A29 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle application" ac=I fn="F:\SAGE-PC\Backup Set 2013-12-08 190000\Backup Files 2013-12-08 192929\Backup files 14.zip"
sh=B19EB8C9D5511837CA7DCB53C805472B3A968AB1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\SAGE-PC\Backup Set 2013-12-08 190000\Backup Files 2013-12-29 190005\Backup files 1.zip"
sh=2D5AA64BA5B27B176160DED155FA09CE9728E00A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\SAGE-PC\Backup Set 2013-12-08 190000\Backup Files 2014-01-12 190000\Backup files 4.zip"
sh=2EFE680FCBF10351939A64DC7B0C29EEF6423247 ft=1 fh=28cb583b540ca352 vn="a variant of Win32/GameHack.B application" ac=I fn="F:\STORAGE\Half-Life 2 Deathmatch\Half-Life_2_Deathmatch.exe"
sh=666FCB0DC635AF7BA075E48C8F8C72A16DD30A67 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="F:\Users\All Users\InstallMate\{A18419CF-8412-4A3C-A8D7-CC307A673B39}\Custom.dll"


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 26 January 2014 - 11:24 PM

Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop

Link 1
Link 2

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 28 January 2014 - 11:47 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 BobTheCow

BobTheCow
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 29 January 2014 - 12:04 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.26.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sage :: SAGE-PC [administrator]
 
1/28/2014 10:13:41 PM
mbam-log-2014-01-28 (22-13-41).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239116
Time elapsed: 1 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
EDIT -
 
After some more time using my computer I noticed programs freezing (not responding) all the time, also My computer has crashed 3 times now.

Edited by BobTheCow, 29 January 2014 - 06:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users