Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus won't let me open Antivirus Programs


  • This topic is locked This topic is locked
28 replies to this topic

#1 iman1323

iman1323

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 13 June 2014 - 07:03 PM

I believe a virus will not let me open any of my antivirus, saying access is denied or unknown path. I've tried to download more antivirus off the web and that is blocked also as they try to install the antivirus. I've tried in safe mode also. When I shut down the computer it gives me a blue screen saying windows has shut down to prevent further damage. There is a malicious program running called "ensOd.exe *32 that appeared on my processes with no description and around the same time the virus might have come on. 

Any help would be appreciated!



BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:01:03 PM

Posted 16 June 2014 - 08:40 AM

Hello iman1323,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 16 June 2014 - 05:59 PM

Hey man thanks for the reply! Really appreciate any help you can give. When my computer booted up, some cmd black box named regsve.exe or something like that popped up that I've never seen.

 

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Ian McQuilkin\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccSvcHst.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\Smc.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1259DBCF18E5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {391506D4-6FF2-4247-93D2-9FF924CC4F89} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ian McQuilkin\AppData\Roaming\Mozilla\Firefox\Profiles\cwhr6fj0.default-1375502143584
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.2: Yahoo
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Adblock Plus) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-01]
CHR Extension: (Balloono) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmggmlpijnjmhdekfigfbkookpdfodhf [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Oovoo Toolbar) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjebaomffhbebmkanbennmagkdjkclo [2014-03-15]
CHR HKCU\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Ian McQuilkin\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [opjebaomffhbebmkanbennmagkdjkclo] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7C\CRX\ToolbarCR.crx [2014-03-15]
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] () [File not signed]
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-01] () [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [391504 2013-06-25] (Hauppauge Computer Works, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll" /prefetch:1
S3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe" /prefetch:1 [X]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
S1 archlp; C:\Windows\SysWow64\Drivers\archlp.sys [10624 2008-01-25] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-30] (Symantec Corporation) [File not signed]
R3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [950384 2013-03-05] (Hauppauge Computer Work, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-06-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-06-29] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-29] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-06-29] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-16 18:54 - 2014-06-16 18:54 - 02081280 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FRST64 (1).exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00000775 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 18:54 - 2014-06-16 18:54 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-06-16 18:52 - 2014-06-16 18:52 - 00000056 _____ () C:\Windows\setupact.log
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-14 19:54 - 2014-06-16 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-14 19:54 - 2014-06-16 18:54 - 00000000 ____D () C:\ProgramData\Avira
2014-06-14 19:54 - 2014-06-16 18:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-14 19:54 - 2014-06-14 19:54 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-14 19:53 - 2014-06-14 19:53 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:28 - 2014-06-14 19:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:26 - 2014-06-14 19:26 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-14 13:24 - 2014-06-14 13:24 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe
2014-06-14 13:12 - 2014-06-14 13:12 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:54 - 2014-06-11 22:54 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\joe.exe.exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-11 18:08 - 2014-06-11 18:08 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\tenfoot
2014-06-11 17:57 - 2014-06-11 17:57 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\userdata
2014-06-11 17:32 - 2014-06-11 17:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\dumps
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 21:27 - 2014-06-10 21:27 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 692574.crdownload
2014-06-10 21:27 - 2014-06-10 21:27 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 105603.crdownload
2014-06-10 20:50 - 2014-06-14 19:21 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-14 19:23 - 00003768 _____ () C:\Users\Ian McQuilkin\Desktop\Rkill.txt
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 14:39 - 2014-06-10 14:40 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\friends
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\controller_base
2014-06-10 13:49 - 2014-06-15 22:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:49 - 2014-06-11 17:39 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\package
2014-06-10 13:49 - 2014-06-10 19:07 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-10 13:49 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\bin
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:45 - 2014-06-15 22:31 - 00000000 ____D () C:\Windows\Minidump
2014-06-10 09:47 - 2014-06-10 09:47 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam (1).zip
2014-06-09 22:42 - 2014-06-12 20:38 - 00086040 _____ () C:\Users\Ian McQuilkin\AppData\Roaming\msconfig.ini
2014-06-09 22:41 - 2014-06-12 20:29 - 00000000 __SHD () C:\Users\Ian McQuilkin\svchost.exe
2014-06-09 22:41 - 2014-06-12 20:23 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Services
2014-06-09 22:41 - 2014-06-09 22:41 - 00000000 ___SH () C:\Users\Ian McQuilkin\bNu54Y.txt
2014-06-09 22:38 - 2014-06-09 22:38 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam.zip
2014-06-07 23:23 - 2014-06-07 23:23 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (2).exe
2014-06-04 16:25 - 2014-06-04 16:25 - 08244106 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 397088.exe.crdownload
2014-06-04 16:16 - 2014-06-04 16:16 - 08244106 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 156809.exe.crdownload
2014-06-04 16:16 - 2014-06-04 16:16 - 00676652 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 283315.exe.crdownload
2014-06-02 23:26 - 2014-06-02 23:26 - 00003106 _____ () C:\Windows\System32\Tasks\{D43EC4DE-CD9C-4356-996B-D4B95184A4D4}
2014-06-02 23:26 - 2014-06-02 23:26 - 00003106 _____ () C:\Windows\System32\Tasks\{CDFDF819-2464-4208-B70A-D6F17446C3DB}
2014-06-02 23:26 - 2014-06-02 23:26 - 00003106 _____ () C:\Windows\System32\Tasks\{61D0ECE1-43EB-4C51-917D-631078F746FB}
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-05-28 22:16 - 2014-05-28 22:16 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (1).exe
2014-05-28 21:34 - 2014-05-28 21:34 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome.exe
2014-05-28 21:32 - 2014-06-08 00:42 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:15 - 2014-05-22 00:21 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:11 - 2014-05-22 00:12 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
2014-05-21 23:52 - 2014-05-21 23:52 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.wlmp
2014-05-21 22:18 - 2014-05-21 22:18 - 23872737 _____ () C:\Users\Ian McQuilkin\Downloads\Crucible Movie.mp4
 
==================== One Month Modified Files and Folders =======
 
2014-06-16 18:55 - 2014-01-04 23:02 - 00014180 _____ () C:\Users\Ian McQuilkin\Downloads\FRST.txt
2014-06-16 18:55 - 2012-12-28 12:11 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Temp
2014-06-16 18:54 - 2014-06-16 18:54 - 02081280 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FRST64 (1).exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00000775 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 18:54 - 2014-06-16 18:54 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-06-16 18:54 - 2014-06-14 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-16 18:54 - 2014-06-14 19:54 - 00000000 ____D () C:\ProgramData\Avira
2014-06-16 18:54 - 2014-01-04 23:02 - 00000000 ____D () C:\FRST
2014-06-16 18:53 - 2014-06-14 19:54 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-16 18:52 - 2014-06-16 18:52 - 00000056 _____ () C:\Windows\setupact.log
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-15 22:31 - 2014-06-10 13:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-15 22:31 - 2014-06-10 12:45 - 00000000 ____D () C:\Windows\Minidump
2014-06-14 19:54 - 2014-06-14 19:54 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-14 19:54 - 2013-09-04 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-14 19:53 - 2014-06-14 19:53 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:32 - 2013-08-11 00:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-14 19:30 - 2014-01-01 20:42 - 00000000 ____D () C:\AdwCleaner
2014-06-14 19:30 - 2012-12-28 12:11 - 00000000 ____D () C:\Users\Ian McQuilkin
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:29 - 2014-06-14 19:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:26 - 2014-06-14 19:26 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe
2014-06-14 19:23 - 2014-06-10 20:27 - 00003768 _____ () C:\Users\Ian McQuilkin\Desktop\Rkill.txt
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-14 19:21 - 2014-06-10 20:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-14 13:36 - 2009-07-17 17:21 - 00016976 _____ (Yamicsoft) C:\Windows\FreeMem.exe
2014-06-14 13:24 - 2014-06-14 13:24 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe
2014-06-14 13:12 - 2014-06-14 13:12 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe
2014-06-12 20:38 - 2014-06-09 22:42 - 00086040 _____ () C:\Users\Ian McQuilkin\AppData\Roaming\msconfig.ini
2014-06-12 20:29 - 2014-06-09 22:41 - 00000000 __SHD () C:\Users\Ian McQuilkin\svchost.exe
2014-06-12 20:23 - 2014-06-09 22:41 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Services
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:54 - 2014-06-11 22:54 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\joe.exe.exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 22:38 - 2014-01-02 19:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-11 18:08 - 2014-06-11 18:08 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\tenfoot
2014-06-11 17:57 - 2014-06-11 17:57 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\userdata
2014-06-11 17:39 - 2014-06-10 13:49 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\package
2014-06-11 17:32 - 2014-06-11 17:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\dumps
2014-06-11 17:29 - 2013-05-18 01:04 - 00008704 ___SH () C:\Users\Ian McQuilkin\Thumbs.db
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 21:27 - 2014-06-10 21:27 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 692574.crdownload
2014-06-10 21:27 - 2014-06-10 21:27 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 105603.crdownload
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:07 - 2014-06-10 13:49 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 18:50 - 2012-06-02 10:54 - 00000000 ____D () C:\Windows\Panther
2014-06-10 14:40 - 2014-06-10 14:39 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\friends
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\controller_base
2014-06-10 13:50 - 2014-06-10 13:49 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\bin
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:49 - 2013-01-01 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:54 - 2013-01-01 20:03 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 09:53 - 2014-04-06 01:05 - 00000000 ____D () C:\Windows\LastGood
2014-06-10 09:47 - 2014-06-10 09:47 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam (1).zip
2014-06-09 22:41 - 2014-06-09 22:41 - 00000000 ___SH () C:\Users\Ian McQuilkin\bNu54Y.txt
2014-06-09 22:38 - 2014-06-09 22:38 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam.zip
2014-06-09 22:33 - 2013-01-02 18:55 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Skype
2014-06-09 22:21 - 2012-12-28 12:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 22:03 - 2013-05-01 20:05 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 20:03 - 2013-05-01 20:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 16:57 - 2013-01-02 18:32 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\.minecraft
2014-06-09 16:47 - 2013-11-30 00:13 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 16:41 - 2012-12-28 23:45 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Adobe
2014-06-09 16:32 - 2013-11-30 00:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-09 16:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 00:42 - 2014-05-28 21:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-06-07 23:23 - 2014-06-07 23:23 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (2).exe
2014-06-04 16:25 - 2014-06-04 16:25 - 08244106 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 397088.exe.crdownload
2014-06-04 16:16 - 2014-06-04 16:16 - 08244106 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 156809.exe.crdownload
2014-06-04 16:16 - 2014-06-04 16:16 - 00676652 _____ () C:\Users\Ian McQuilkin\Downloads\Unconfirmed 283315.exe.crdownload
2014-06-04 16:10 - 2013-12-18 23:54 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\Spyware
2014-06-02 23:26 - 2014-06-02 23:26 - 00003106 _____ () C:\Windows\System32\Tasks\{D43EC4DE-CD9C-4356-996B-D4B95184A4D4}
2014-06-02 23:26 - 2014-06-02 23:26 - 00003106 _____ () C:\Windows\System32\Tasks\{CDFDF819-2464-4208-B70A-D6F17446C3DB}
2014-06-02 23:26 - 2014-06-02 23:26 - 00003106 _____ () C:\Windows\System32\Tasks\{61D0ECE1-43EB-4C51-917D-631078F746FB}
2014-06-02 23:26 - 2014-03-06 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-02 23:25 - 2013-01-02 18:55 - 00000000 ____D () C:\ProgramData\Skype
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-06-02 23:13 - 2014-02-12 22:39 - 00001899 _____ () C:\Users\Ian McQuilkin\Desktop\Clownfish.lnk
2014-05-28 22:16 - 2014-05-28 22:16 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (1).exe
2014-05-28 21:34 - 2014-05-28 21:34 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome.exe
2014-05-22 18:00 - 2013-09-08 01:09 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Windows Live
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:21 - 2014-05-22 00:15 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:12 - 2014-05-22 00:11 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
2014-05-21 23:52 - 2014-05-21 23:52 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.wlmp
2014-05-21 22:18 - 2014-05-21 22:18 - 23872737 _____ () C:\Users\Ian McQuilkin\Downloads\Crucible Movie.mp4
2014-05-17 17:25 - 2013-01-02 03:34 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\ArmA 2 OA
 
Files to move or delete:
====================
C:\Users\Ian McQuilkin\CCEnhancer-2.5.1.exe
C:\Users\Ian McQuilkin\steam.dll
C:\Users\Ian McQuilkin\svchost.exe
C:\Users\Ian McQuilkin\AppData\Roaming\msconfig.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-29 16:11
 
==================== End Of Log ===========================


#4 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 16 June 2014 - 06:01 PM

And here is the additional scan.

==================== Security Center ========================
 
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 13.20.100.30911 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{00957033-C081-5235-665A-A014A6E2FF7B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80911.2216 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Extreme (HKLM-x32\...\{88B05038-C890-468B-A563-0015FD53CDC3}) (Version:  - ArcSoft)
ARMA 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
ARMA 2 Army of The Czech Republic - Data cache removal (HKLM-x32\...\A2ACR Data cache removal) (Version:  - )
ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version:  - )
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - )
Arma 2: Operation Arrowhead - Dedicated Server (HKLM-x32\...\Steam App 33935) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version:  - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Arma: Combat Operations (HKLM-x32\...\Steam App 2780) (Version:  - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira (HKLM-x32\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A1) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chivalry: Medieval Warfare Beta (HKLM-x32\...\Steam App 232210) (Version:  - )
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - )
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2230.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2230.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\CyberLink PowerDVD) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{49D57DC1-18C3-4BA5-95F6-8DD94350B7FD}) (Version: 0.9.117 - Dotjosh Studios)
Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 Demo (HKLM-x32\...\Steam App 231120) (Version:  - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Ghost Recon Online (NCSA-Live) (HKCU\...\fc418bf9b18f76aa) (Version: 1.34.7344.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.31248 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.2.31173 - Hauppauge Computer Works, Inc.)
Horizon v2.7.1.4 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.1.4 - Daring Development Inc.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Larva Mortus (HKLM-x32\...\Steam App 11340) (Version:  - Rake In Grass)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Flight (HKLM-x32\...\Steam App 203850) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NBA 2K13 (HKLM-x32\...\Steam App 219600) (Version:  - Visual Concepts)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.3001 - ooVoo LLC.)
Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-4300-76A7-A758B70C0A06}) (Version: 12.10.6.5033 - APN, LLC)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PremiumSoft Navicat Lite 10.0 (HKLM-x32\...\PremiumSoft Navicat Lite_is1) (Version:  - PremiumSoft CyberTech Ltd.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sniper Elite V2 Demo (HKLM-x32\...\Steam App 210470) (Version:  - )
Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM-x32\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Startup Cop 1.1 (HKLM-x32\...\PC Magazine's Startup Cop_is1) (Version: 1.1 - Ziff Davis Media, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1016 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{4ADBF5BE-7CAF-4193-A1F9-DE6820E68569}) (Version: 12.1.1101.401 - Symantec Corporation)
Take On Helicopters (HKLM-x32\...\Steam App 65730) (Version:  - Bohemia Interactive)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version:  - Eden Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Titan Attacks (HKLM-x32\...\Steam App 203210) (Version:  - Puppygames)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder Launcher 1.0.1.267 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Windows 7 Manager (HKLM\...\{F5F85CD1-C3DC-4524-9A00-907C315C74A0}) (Version: 4.1.9 - Yamicsoft)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.3 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Restore Points  =========================
 
10-06-2014 23:09:13 Removed Symantec Endpoint Protection.
14-06-2014 17:14:07 Installed AVG 2014
14-06-2014 17:14:36 Installed AVG 2014
14-06-2014 17:15:01 Removed AVG 2014
14-06-2014 17:26:32 Installed AVG 2014
14-06-2014 17:26:58 Installed AVG 2014
14-06-2014 17:27:17 Removed AVG 2014
14-06-2014 23:27:13 Installed AVG 2014
14-06-2014 23:27:35 Installed AVG 2014
14-06-2014 23:27:58 Removed AVG 2014
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2DB92475-D248-4002-9C4A-12EC407A1555} - System32\Tasks\AdobeAAMUpdater-1.0-IanMcQuilkin-PC-Ian McQuilkin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {31993F92-9ABF-47F7-A00E-DA2B18CCDC51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {5B666040-8EF9-4481-99A2-922F395530DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {76A70867-9363-4F1D-B131-8D557EC6F42B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {87D52195-AF0F-4A61-A044-A28B4EA5B036} - System32\Tasks\{D43EC4DE-CD9C-4356-996B-D4B95184A4D4} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {B057CDF8-9C3F-40F6-8A04-9513B9F21EED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {B60311A9-2789-46AB-A81B-4BC44D889D9C} - System32\Tasks\{CDFDF819-2464-4208-B70A-D6F17446C3DB} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {EC8A089A-8838-4DF3-BC2A-7052BB76B741} - System32\Tasks\{61D0ECE1-43EB-4C51-917D-631078F746FB} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {F40D9928-C416-4F36-BC7D-21D2437D76E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-11 22:57 - 2013-09-11 22:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 07:59 - 2013-07-26 07:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 07:59 - 2013-07-26 07:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-09-11 22:57 - 2013-09-11 22:57 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-11-30 01:40 - 2014-01-09 22:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-12 00:49 - 2012-08-08 22:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-11 16:43 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 16:43 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 16:43 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92357989.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92357989.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2014 06:53:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2014 06:52:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/16/2014 06:52:56 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/16/2014 06:52:56 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/16/2014 06:52:56 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/16/2014 06:52:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (06/16/2014 06:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.13.24202, time stamp: 0x53736104
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x000332b0
Faulting process id: 0x710
Faulting application start time: 0xAvira.OE.Systray.exe0
Faulting application path: Avira.OE.Systray.exe1
Faulting module path: Avira.OE.Systray.exe2
Report Id: Avira.OE.Systray.exe3
 
Error: (06/16/2014 06:52:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 77BA32B0
 
Error: (06/16/2014 06:52:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/16/2014 06:52:45 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
System errors:
=============
Error: (06/16/2014 06:54:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error: 
%%-2147024891
 
Error: (06/16/2014 06:53:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/16/2014 06:53:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/16/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/16/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/16/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/16/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/16/2014 06:53:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/16/2014 06:53:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/16/2014 06:53:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-04 13:19:26.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-03 18:57:36.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-02 20:18:11.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-02 12:47:21.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 16:07:01.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 22:18:21.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 19:08:33.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 13:08:06.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-29 15:02:20.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-28 18:00:27.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 8137.36 MB
Available physical RAM: 6570.4 MB
Total Pagefile: 16272.89 MB
Available Pagefile: 14634.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:465.66 GB) (Free:325.32 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:6.87 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 167F0D36)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:01:03 PM

Posted 17 June 2014 - 11:28 PM

Hello iman1323,

 

You're welcome. :)

 
I've noted the Command Prompt pop-up and will be addressing that -- thank you for mentioning it.
 
Please do the following.


=========================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) asfixlist.txt
    IFEO\AvastSvc.exe: [Debugger] nqij.exe
    IFEO\AvastUI.exe: [Debugger] nqij.exe
    IFEO\avcenter.exe: [Debugger] nqij.exe
    IFEO\avconfig.exe: [Debugger] nqij.exe
    IFEO\avgcsrvx.exe: [Debugger] nqij.exe
    IFEO\avgidsagent.exe: [Debugger] nqij.exe
    IFEO\avgnt.exe: [Debugger] nqij.exe
    IFEO\avgrsx.exe: [Debugger] nqij.exe
    IFEO\avguard.exe: [Debugger] nqij.exe
    IFEO\avgui.exe: [Debugger] nqij.exe
    IFEO\avgwdsvc.exe: [Debugger] nqij.exe
    IFEO\avp.exe: [Debugger] nqij.exe
    IFEO\avscan.exe: [Debugger] nqij.exe
    IFEO\bdagent.exe: [Debugger] nqij.exe
    IFEO\blindman.exe: [Debugger] nqij.exe
    IFEO\ccSvcHst.exe: [Debugger] nqij.exe
    IFEO\ccuac.exe: [Debugger] nqij.exe
    IFEO\ComboFix.exe: [Debugger] nqij.exe
    IFEO\egui.exe: [Debugger] nqij.exe
    IFEO\hijackthis.exe: [Debugger] nqij.exe
    IFEO\instup.exe: [Debugger] nqij.exe
    IFEO\keyscrambler.exe: [Debugger] nqij.exe
    IFEO\mbam.exe: [Debugger] nqij.exe
    IFEO\mbamgui.exe: [Debugger] nqij.exe
    IFEO\mbampt.exe: [Debugger] nqij.exe
    IFEO\mbamscheduler.exe: [Debugger] nqij.exe
    IFEO\mbamservice.exe: [Debugger] nqij.exe
    IFEO\MpCmdRun.exe: [Debugger] nqij.exe
    IFEO\MSASCui.exe: [Debugger] nqij.exe
    IFEO\MsMpEng.exe: [Debugger] nqij.exe
    IFEO\msseces.exe: [Debugger] nqij.exe
    IFEO\rstrui.exe: [Debugger] nqij.exe
    IFEO\SDFiles.exe: [Debugger] nqij.exe
    IFEO\SDMain.exe: [Debugger] nqij.exe
    IFEO\SDWinSec.exe: [Debugger] nqij.exe
    IFEO\Smc.exe: [Debugger] nqij.exe
    IFEO\spybotsd.exe: [Debugger] nqij.exe
    IFEO\SUPERAntiSpyware.exe: [Debugger] nqij.exe
    IFEO\wireshark.exe: [Debugger] nqij.exe
    IFEO\zlclient.exe: [Debugger] nqij.exe
    CHR HKCU\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Ian McQuilkin\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx [2014-03-15]
    CHR HKLM-x32\...\Chrome\Extension: [opjebaomffhbebmkanbennmagkdjkclo] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7C\CRX\ToolbarCR.crx [2014-03-15]
    C:\Users\Ian McQuilkin\bNu54Y.txt
    C:\Users\Ian McQuilkin\Downloads\Unconfirmed 397088.exe.crdownload
    C:\Users\Ian McQuilkin\Downloads\Unconfirmed 156809.exe.crdownload
    C:\Users\Ian McQuilkin\Downloads\Unconfirmed 283315.exe.crdownload
    C:\Windows\System32\Tasks\{D43EC4DE-CD9C-4356-996B-D4B95184A4D4}
    C:\Windows\System32\Tasks\{CDFDF819-2464-4208-B70A-D6F17446C3DB}
    C:\Windows\System32\Tasks\{61D0ECE1-43EB-4C51-917D-631078F746FB}
    C:\Users\Ian McQuilkin\Downloads\Unconfirmed 692574.crdownload
    C:\Users\Ian McQuilkin\Downloads\Unconfirmed 105603.crdownload
    HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" <==== ATTENTION
    HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [NoFolderOptions] 1
    C:\Users\Ian McQuilkin\svchost.exe
    C:\Windows\SysWOW64\Windows Services
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=========================================================

 

Lastly, please provide a fresh FRST Scan log in your next reply.

=========================================================

What I'd like to see in your next post:  :thumbsup2:

  • Fixlog.txt
  • Fresh FRST Scan log

Edited by TheShooter93, 17 June 2014 - 11:29 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 18 June 2014 - 04:37 PM

I believe this is the fixlog.txt

Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccSvcHst.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\Smc.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
CHR HKCU\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Ian McQuilkin\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [opjebaomffhbebmkanbennmagkdjkclo] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7C\CRX\ToolbarCR.crx [2014-03-15]
C:\Users\Ian McQuilkin\bNu54Y.txt
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 397088.exe.crdownload
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 156809.exe.crdownload
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 283315.exe.crdownload
C:\Windows\System32\Tasks\{D43EC4DE-CD9C-4356-996B-D4B95184A4D4}
C:\Windows\System32\Tasks\{CDFDF819-2464-4208-B70A-D6F17446C3DB}
C:\Windows\System32\Tasks\{61D0ECE1-43EB-4C51-917D-631078F746FB}
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 692574.crdownload
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 105603.crdownload
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" <==== ATTENTION
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [NoFolderOptions] 1
C:\Users\Ian McQuilkin\svchost.exe
C:\Windows\SysWOW64\Windows Services
*****************
 
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Smc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERAntiSpyware.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe' => Key deleted successfully.
'HKCU\SOFTWARE\Google\Chrome\Extensions\gddejphgogdngaihfpebjpmlkjjhmikc' => Key deleted successfully.
"C:\Users\Ian McQuilkin\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\opjebaomffhbebmkanbennmagkdjkclo' => Key deleted successfully.
"C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7C\CRX\ToolbarCR.crx" => File/Directory not found.
C:\Users\Ian McQuilkin\bNu54Y.txt => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 397088.exe.crdownload => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 156809.exe.crdownload => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 283315.exe.crdownload => Moved successfully.
C:\Windows\System32\Tasks\{D43EC4DE-CD9C-4356-996B-D4B95184A4D4} => Moved successfully.
C:\Windows\System32\Tasks\{CDFDF819-2464-4208-B70A-D6F17446C3DB} => Moved successfully.
C:\Windows\System32\Tasks\{61D0ECE1-43EB-4C51-917D-631078F746FB} => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 692574.crdownload => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\Unconfirmed 105603.crdownload => Moved successfully.
HKU\S-1-5-21-93037906-805889245-3321811474-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-93037906-805889245-3321811474-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
C:\Users\Ian McQuilkin\svchost.exe => Moved successfully.
C:\Windows\SysWOW64\Windows Services => Moved successfully.
 
==== End of Fixlog ====
 
And here is the scan
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1259DBCF18E5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {391506D4-6FF2-4247-93D2-9FF924CC4F89} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ian McQuilkin\AppData\Roaming\Mozilla\Firefox\Profiles\cwhr6fj0.default-1375502143584
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.2: Yahoo
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Adblock Plus) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-01]
CHR Extension: (Balloono) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmggmlpijnjmhdekfigfbkookpdfodhf [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Oovoo Toolbar) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjebaomffhbebmkanbennmagkdjkclo [2014-03-15]
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] () [File not signed]
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-01] () [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [391504 2013-06-25] (Hauppauge Computer Works, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll" /prefetch:1
S3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe" /prefetch:1 [X]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
S1 archlp; C:\Windows\SysWow64\Drivers\archlp.sys [10624 2008-01-25] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-30] (Symantec Corporation) [File not signed]
R3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [950384 2013-03-05] (Hauppauge Computer Work, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-06-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-06-29] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-29] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-06-29] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-18 17:35 - 2014-06-18 17:35 - 00012138 _____ () C:\Users\Ian McQuilkin\Desktop\FRST.txt
2014-06-18 17:34 - 2014-06-18 17:34 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FRST-OlderVersion
2014-06-18 17:32 - 2014-06-18 17:32 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-06-18 17:29 - 2014-06-18 17:29 - 00085254 _____ () C:\Windows\PFRO.log
2014-06-16 18:54 - 2014-06-16 23:11 - 00007367 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 18:52 - 2014-06-18 17:29 - 00000112 _____ () C:\Windows\setupact.log
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-14 19:54 - 2014-06-18 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-14 19:54 - 2014-06-18 17:32 - 00000000 ____D () C:\ProgramData\Avira
2014-06-14 19:54 - 2014-06-18 17:31 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-14 19:54 - 2014-06-14 19:54 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-14 19:53 - 2014-06-14 19:53 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:28 - 2014-06-14 19:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:26 - 2014-06-14 19:26 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-14 13:24 - 2014-06-14 13:24 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe
2014-06-14 13:12 - 2014-06-14 13:12 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:54 - 2014-06-11 22:54 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\joe.exe.exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-11 18:08 - 2014-06-11 18:08 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\tenfoot
2014-06-11 17:57 - 2014-06-11 17:57 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\userdata
2014-06-11 17:32 - 2014-06-11 17:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\dumps
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 20:50 - 2014-06-14 19:21 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-14 19:23 - 00003768 _____ () C:\Users\Ian McQuilkin\Desktop\Rkill.txt
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 14:39 - 2014-06-10 14:40 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\friends
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\controller_base
2014-06-10 13:49 - 2014-06-15 22:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:49 - 2014-06-11 17:39 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\package
2014-06-10 13:49 - 2014-06-10 19:07 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-10 13:49 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\bin
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:45 - 2014-06-15 22:31 - 00000000 ____D () C:\Windows\Minidump
2014-06-10 09:47 - 2014-06-10 09:47 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam (1).zip
2014-06-09 22:42 - 2014-06-12 20:38 - 00086040 _____ () C:\Users\Ian McQuilkin\AppData\Roaming\msconfig.ini
2014-06-09 22:38 - 2014-06-09 22:38 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam.zip
2014-06-07 23:23 - 2014-06-07 23:23 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (2).exe
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-05-28 22:16 - 2014-05-28 22:16 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (1).exe
2014-05-28 21:34 - 2014-05-28 21:34 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome.exe
2014-05-28 21:32 - 2014-06-08 00:42 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:15 - 2014-05-22 00:21 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:11 - 2014-05-22 00:12 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
2014-05-21 23:52 - 2014-05-21 23:52 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.wlmp
2014-05-21 22:18 - 2014-05-21 22:18 - 23872737 _____ () C:\Users\Ian McQuilkin\Downloads\Crucible Movie.mp4
 
==================== One Month Modified Files and Folders =======
 
2014-06-18 17:36 - 2014-06-18 17:35 - 00012138 _____ () C:\Users\Ian McQuilkin\Desktop\FRST.txt
2014-06-18 17:35 - 2014-01-04 23:02 - 00000000 ____D () C:\FRST
2014-06-18 17:34 - 2014-06-18 17:34 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FRST-OlderVersion
2014-06-18 17:34 - 2014-01-04 23:01 - 02082304 _____ (Farbar) C:\Users\Ian McQuilkin\Desktop\FRST64.exe
2014-06-18 17:34 - 2012-12-28 12:11 - 00000000 ____D () C:\Users\Ian McQuilkin
2014-06-18 17:33 - 2014-01-06 13:29 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\FRST-OlderVersion
2014-06-18 17:33 - 2014-01-04 23:01 - 02082304 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FRST64.exe
2014-06-18 17:32 - 2014-06-18 17:32 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-06-18 17:32 - 2014-06-16 18:54 - 00007367 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 17:32 - 2014-06-14 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-18 17:32 - 2014-06-14 19:54 - 00000000 ____D () C:\ProgramData\Avira
2014-06-18 17:31 - 2014-06-14 19:54 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-18 17:29 - 2014-06-18 17:29 - 00085254 _____ () C:\Windows\PFRO.log
2014-06-18 17:29 - 2014-06-16 18:52 - 00000112 _____ () C:\Windows\setupact.log
2014-06-16 18:56 - 2014-01-04 23:03 - 00038200 _____ () C:\Users\Ian McQuilkin\Downloads\Addition.txt
2014-06-16 18:56 - 2014-01-04 23:02 - 00037727 _____ () C:\Users\Ian McQuilkin\Downloads\FRST.txt
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-15 22:31 - 2014-06-10 13:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-15 22:31 - 2014-06-10 12:45 - 00000000 ____D () C:\Windows\Minidump
2014-06-14 19:54 - 2014-06-14 19:54 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-14 19:54 - 2013-09-04 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-14 19:53 - 2014-06-14 19:53 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:32 - 2013-08-11 00:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-14 19:30 - 2014-01-01 20:42 - 00000000 ____D () C:\AdwCleaner
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:29 - 2014-06-14 19:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:26 - 2014-06-14 19:26 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe
2014-06-14 19:23 - 2014-06-10 20:27 - 00003768 _____ () C:\Users\Ian McQuilkin\Desktop\Rkill.txt
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-14 19:21 - 2014-06-10 20:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-14 13:36 - 2009-07-17 17:21 - 00016976 _____ (Yamicsoft) C:\Windows\FreeMem.exe
2014-06-14 13:24 - 2014-06-14 13:24 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe
2014-06-14 13:12 - 2014-06-14 13:12 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe
2014-06-12 20:38 - 2014-06-09 22:42 - 00086040 _____ () C:\Users\Ian McQuilkin\AppData\Roaming\msconfig.ini
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:54 - 2014-06-11 22:54 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\joe.exe.exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 22:38 - 2014-01-02 19:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-11 18:08 - 2014-06-11 18:08 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\tenfoot
2014-06-11 17:57 - 2014-06-11 17:57 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\userdata
2014-06-11 17:39 - 2014-06-10 13:49 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\package
2014-06-11 17:32 - 2014-06-11 17:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\dumps
2014-06-11 17:29 - 2013-05-18 01:04 - 00008704 ___SH () C:\Users\Ian McQuilkin\Thumbs.db
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:07 - 2014-06-10 13:49 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 18:50 - 2012-06-02 10:54 - 00000000 ____D () C:\Windows\Panther
2014-06-10 14:40 - 2014-06-10 14:39 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\friends
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\controller_base
2014-06-10 13:50 - 2014-06-10 13:49 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\bin
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:49 - 2013-01-01 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:54 - 2013-01-01 20:03 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 09:53 - 2014-04-06 01:05 - 00000000 ____D () C:\Windows\LastGood
2014-06-10 09:47 - 2014-06-10 09:47 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam (1).zip
2014-06-09 22:38 - 2014-06-09 22:38 - 01013184 _____ () C:\Users\Ian McQuilkin\Downloads\RogueTeam.zip
2014-06-09 22:33 - 2013-01-02 18:55 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Skype
2014-06-09 22:21 - 2012-12-28 12:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 22:03 - 2013-05-01 20:05 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 20:03 - 2013-05-01 20:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 16:57 - 2013-01-02 18:32 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\.minecraft
2014-06-09 16:47 - 2013-11-30 00:13 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 16:41 - 2012-12-28 23:45 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Adobe
2014-06-09 16:32 - 2013-11-30 00:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-09 16:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 00:42 - 2014-05-28 21:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-06-07 23:23 - 2014-06-07 23:23 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (2).exe
2014-06-04 16:10 - 2013-12-18 23:54 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\Spyware
2014-06-02 23:26 - 2014-03-06 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-02 23:25 - 2013-01-02 18:55 - 00000000 ____D () C:\ProgramData\Skype
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-06-02 23:13 - 2014-02-12 22:39 - 00001899 _____ () C:\Users\Ian McQuilkin\Desktop\Clownfish.lnk
2014-05-28 22:16 - 2014-05-28 22:16 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome (1).exe
2014-05-28 21:34 - 2014-05-28 21:34 - 00233256 _____ (Premium Installer ) C:\Users\Ian McQuilkin\Downloads\Player-Chrome.exe
2014-05-22 18:00 - 2013-09-08 01:09 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Windows Live
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:21 - 2014-05-22 00:15 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:12 - 2014-05-22 00:11 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
2014-05-21 23:52 - 2014-05-21 23:52 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.wlmp
2014-05-21 22:18 - 2014-05-21 22:18 - 23872737 _____ () C:\Users\Ian McQuilkin\Downloads\Crucible Movie.mp4
 
Files to move or delete:
====================
C:\Users\Ian McQuilkin\CCEnhancer-2.5.1.exe
C:\Users\Ian McQuilkin\steam.dll
C:\Users\Ian McQuilkin\AppData\Roaming\msconfig.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-29 16:11
 
==================== End Of Log ============================


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:01:03 PM

Posted 20 June 2014 - 08:46 AM

Hello iman1323,
 
Your logs are looking much better!
 
But there is still work to do.    :workout: 

Please perform the following in order. There is a lot here, so take your time. If you get stuck or are unsure of anything, please stop, then come back here and ask me.   :)
 
==============================================

Multiple Antivirus Programs

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • System Performance Issues: Antivirus programs can be resource-intensive. Having multiple installed and running is very taxing to a computer.

Therefore, please go to Programs and Features in the Control Panel and remove Avira or Symantec Endpoint Protection.

Once finished, reboot your computer.

==============================================

Your logs have indicated that you may already have Malwarebytes Antimalware on your system. I have included full directions here just in case, otherwise please begin by launching Malwarebytes Antimalware and updating it to the most recent set of definitions. Then follow the directions below starting with the step involving "Perform Quick Scan".
 
If you do not have Malwarebytes Antimalware already installed, begin the instructions from the beginning.

Malwarebytes Antimalware

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

==============================================

 

Unknown Folders

Are you familiar with the following folders?

C:\Users\Ian McQuilkin\Desktop\userdata

C:\Users\Ian McQuilkin\Desktop\tenfoot

If not, please delete these.

==============================================

 

Finally, reboot the computer and run FRST to produce a fresh Scan log.

Include the fresh Scan log in your next post.

Also, how is your computer running now? What symptoms/unusual behaviors remain?

==============================================

What I'd like to see in your next post:   :thumbsup2:

  • Avira or Symantec removed successfully.
  • Malwarebytes Antimalware log.
  • Familiar with folders?
  • FRST Scan log
  • How is your computer running?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 20 June 2014 - 02:22 PM

Ok Avira was uninstalled.

 

Here is Malwarebytes:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 6/20/2014
Scan Time: 2:55:33 PM
Logfile: malwarerun1.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.20.11
Rootkit Database: v2014.06.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ian McQuilkin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274883
Time Elapsed: 9 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\win32.exe, Quarantined, [dedd84f653280036609d97b4798ac13f], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\win32.exe, Quarantined, [3b80ef8bec8f22140df0d17a996a22de], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 8
Adware.Agent, C:\ProgramData\InstallMate\{4C8A6A16-1B6D-4070-A29B-534F976948E0}\Custom.dll, Quarantined, [8833bac016656acc36d23b1843be847c], 
Trojan.Dropper.SFXAI, C:\Users\Ian McQuilkin\Downloads\RogueTeam (1).zip, Quarantined, [d3e8ed8d631837ff668ce1a754ad43bd], 
Trojan.Dropper.SFXAI, C:\Users\Ian McQuilkin\Downloads\RogueTeam.zip, Quarantined, [cdee88f2ff7ca98de210ceba1de426da], 
PUP.Optional.OptimumInstaller.A, C:\Users\Ian McQuilkin\Downloads\Player-Chrome (1).exe, Quarantined, [c1fa0c6e53287db9c8f354fde021f50b], 
PUP.Optional.OptimumInstaller.A, C:\Users\Ian McQuilkin\Downloads\Player-Chrome (2).exe, Quarantined, [d2e9a2d84b30d066c7f43d149a67639d], 
PUP.Optional.OptimumInstaller.A, C:\Users\Ian McQuilkin\Downloads\Player-Chrome.exe, Quarantined, [2893b9c18fec72c45467c38e41c08e72], 
PUP.Optional.DomaIQ, C:\Users\Ian McQuilkin\Downloads\Setup.exe, Quarantined, [b605b7c3562592a4ece5af8828d8bb45], 
Trojan.Agent, C:\Users\Ian McQuilkin\AppData\Roaming\msconfig.ini, Quarantined, [477490ea9fdc32045b91e0dae41f56aa], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
I didn't see any option to remove them, only to quarantine them.
The folders were apart of extra files from my steam folder.
 
Here is FRST Scan Log
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1259DBCF18E5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {391506D4-6FF2-4247-93D2-9FF924CC4F89} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ian McQuilkin\AppData\Roaming\Mozilla\Firefox\Profiles\cwhr6fj0.default-1375502143584
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.2: Yahoo
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Adblock Plus) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-01]
CHR Extension: (Balloono) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmggmlpijnjmhdekfigfbkookpdfodhf [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] () [File not signed]
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-01] () [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [391504 2013-06-25] (Hauppauge Computer Works, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll" /prefetch:1
S3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe" /prefetch:1 [X]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
S1 archlp; C:\Windows\SysWow64\Drivers\archlp.sys [10624 2008-01-25] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-30] (Symantec Corporation) [File not signed]
R3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [950384 2013-03-05] (Hauppauge Computer Work, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-06-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-06-29] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-29] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-06-29] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-20 15:07 - 2014-06-20 15:07 - 00002375 _____ () C:\Users\Ian McQuilkin\Desktop\malwarerun1.txt
2014-06-20 14:54 - 2014-06-20 14:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 14:54 - 2014-06-20 14:54 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 14:53 - 2014-06-20 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-06-18 17:35 - 2014-06-20 15:14 - 00011213 _____ () C:\Users\Ian McQuilkin\Desktop\FRST.txt
2014-06-18 17:34 - 2014-06-20 15:14 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FRST-OlderVersion
2014-06-18 17:29 - 2014-06-20 15:09 - 00354292 _____ () C:\Windows\PFRO.log
2014-06-16 18:54 - 2014-06-20 15:08 - 00018486 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 18:52 - 2014-06-20 15:09 - 00000280 _____ () C:\Windows\setupact.log
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-14 19:53 - 2014-06-14 19:53 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:28 - 2014-06-14 19:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:26 - 2014-06-14 19:26 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-14 13:24 - 2014-06-14 13:24 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe
2014-06-14 13:12 - 2014-06-14 13:12 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:54 - 2014-06-11 22:54 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\joe.exe.exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 20:50 - 2014-06-14 19:21 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-14 19:23 - 00003768 _____ () C:\Users\Ian McQuilkin\Desktop\Rkill.txt
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 14:39 - 2014-06-10 14:40 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:49 - 2014-06-20 14:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:49 - 2014-06-10 19:07 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:45 - 2014-06-15 22:31 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-05-28 21:32 - 2014-06-08 00:42 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:15 - 2014-05-22 00:21 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:11 - 2014-05-22 00:12 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
2014-05-21 23:52 - 2014-05-21 23:52 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.wlmp
2014-05-21 22:18 - 2014-05-21 22:18 - 23872737 _____ () C:\Users\Ian McQuilkin\Downloads\Crucible Movie.mp4
 
==================== One Month Modified Files and Folders =======
 
2014-06-20 15:14 - 2014-06-18 17:35 - 00011213 _____ () C:\Users\Ian McQuilkin\Desktop\FRST.txt
2014-06-20 15:14 - 2014-06-18 17:34 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FRST-OlderVersion
2014-06-20 15:14 - 2014-01-04 23:02 - 00000000 ____D () C:\FRST
2014-06-20 15:14 - 2014-01-04 23:01 - 02083328 _____ (Farbar) C:\Users\Ian McQuilkin\Desktop\FRST64.exe
2014-06-20 15:12 - 2014-06-16 18:54 - 00018486 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 15:09 - 2014-06-18 17:29 - 00354292 _____ () C:\Windows\PFRO.log
2014-06-20 15:09 - 2014-06-16 18:52 - 00000280 _____ () C:\Windows\setupact.log
2014-06-20 15:07 - 2014-06-20 15:07 - 00002375 _____ () C:\Users\Ian McQuilkin\Desktop\malwarerun1.txt
2014-06-20 15:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web
2014-06-20 14:55 - 2014-06-20 14:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 14:54 - 2014-06-20 14:54 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-06-20 14:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-06-20 14:54 - 2013-10-07 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 14:46 - 2014-06-10 13:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-20 14:37 - 2013-09-04 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 17:34 - 2012-12-28 12:11 - 00000000 ____D () C:\Users\Ian McQuilkin
2014-06-18 17:33 - 2014-01-06 13:29 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\FRST-OlderVersion
2014-06-18 17:33 - 2014-01-04 23:01 - 02082304 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FRST64.exe
2014-06-16 18:56 - 2014-01-04 23:03 - 00038200 _____ () C:\Users\Ian McQuilkin\Downloads\Addition.txt
2014-06-16 18:56 - 2014-01-04 23:02 - 00037727 _____ () C:\Users\Ian McQuilkin\Downloads\FRST.txt
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-15 22:31 - 2014-06-10 12:45 - 00000000 ____D () C:\Windows\Minidump
2014-06-14 19:53 - 2014-06-14 19:53 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:32 - 2013-08-11 00:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-14 19:30 - 2014-01-01 20:42 - 00000000 ____D () C:\AdwCleaner
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:29 - 2014-06-14 19:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:26 - 2014-06-14 19:26 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe
2014-06-14 19:23 - 2014-06-10 20:27 - 00003768 _____ () C:\Users\Ian McQuilkin\Desktop\Rkill.txt
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-14 19:21 - 2014-06-10 20:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-14 13:36 - 2009-07-17 17:21 - 00016976 _____ (Yamicsoft) C:\Windows\FreeMem.exe
2014-06-14 13:24 - 2014-06-14 13:24 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe
2014-06-14 13:12 - 2014-06-14 13:12 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:54 - 2014-06-11 22:54 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\joe.exe.exe
2014-06-11 22:40 - 2014-06-11 22:40 - 04485528 _____ (AVG Technologies) C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 22:38 - 2014-01-02 19:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-11 17:29 - 2013-05-18 01:04 - 00008704 ___SH () C:\Users\Ian McQuilkin\Thumbs.db
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:07 - 2014-06-10 13:49 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 18:50 - 2012-06-02 10:54 - 00000000 ____D () C:\Windows\Panther
2014-06-10 14:40 - 2014-06-10 14:39 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:49 - 2013-01-01 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:54 - 2013-01-01 20:03 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 09:53 - 2014-04-06 01:05 - 00000000 ____D () C:\Windows\LastGood
2014-06-09 22:33 - 2013-01-02 18:55 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Skype
2014-06-09 22:21 - 2012-12-28 12:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 22:03 - 2013-05-01 20:05 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 20:03 - 2013-05-01 20:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 16:57 - 2013-01-02 18:32 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\.minecraft
2014-06-09 16:47 - 2013-11-30 00:13 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 16:41 - 2012-12-28 23:45 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Adobe
2014-06-09 16:32 - 2013-11-30 00:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-09 16:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 00:42 - 2014-05-28 21:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-06-04 16:10 - 2013-12-18 23:54 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\Spyware
2014-06-02 23:26 - 2014-03-06 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-02 23:25 - 2013-01-02 18:55 - 00000000 ____D () C:\ProgramData\Skype
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-06-02 23:13 - 2014-02-12 22:39 - 00001899 _____ () C:\Users\Ian McQuilkin\Desktop\Clownfish.lnk
2014-05-22 18:00 - 2013-09-08 01:09 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Windows Live
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:21 - 2014-05-22 00:15 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:12 - 2014-05-22 00:11 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
2014-05-21 23:52 - 2014-05-21 23:52 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.wlmp
2014-05-21 22:18 - 2014-05-21 22:18 - 23872737 _____ () C:\Users\Ian McQuilkin\Downloads\Crucible Movie.mp4
 
Files to move or delete:
====================
C:\Users\Ian McQuilkin\CCEnhancer-2.5.1.exe
C:\Users\Ian McQuilkin\steam.dll
 
 
Some content of TEMP:
====================
C:\Users\Ian McQuilkin\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-29 16:11
 
==================== End Of Log =================
 
Overall the computer seems to be running good. My Steam still wont open, but instead tries to connect to my account and then force closes. The folders on my desktop you asked me to remove said I wasn't the owner of them and couldn't delete them even though I am administrator. I used a unlocker program I have on my computer to delete them. I was surprised that my comp actually let me download antivirus and run it as it wouldn't when we had first started out so hopefully that's a good sign.


#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:01:03 PM

Posted 21 June 2014 - 09:58 AM

Hello iman1323,
 
Great! Glad to hear things are improving.   :thumbup2:
 
Please do the following.
 
====================================================
 
Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
    
    
    C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe 
    C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe 
    C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe 
    C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe 
    C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe 
    C:\Users\Ian McQuilkin\Downloads\joe.exe.exe 
    C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

====================================================
 
ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.

====================================================

 

As for Steam, please try uninstalling and re-installing.

 

I use Steam pretty frequently myself and I know it can be troublesome.  :rolleyes:

 

====================================================
 
Lastly, provide a fresh FRST Scan log and let me know how your computer is doing.
 
====================================================
 
What I'd like to see in your next post:  :thumbsup2:

  • Fixlog.txt
  • ESET results (if available)
  • Steam uninstall and re-install confirmation
  • Fresh FRST log
  • How is your computer running? What symptoms remain?

Edited by TheShooter93, 21 June 2014 - 09:59 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#10 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 21 June 2014 - 02:02 PM

Here is the Fix Log
 
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe 
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe 
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe 
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe 
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe 
C:\Users\Ian McQuilkin\Downloads\joe.exe.exe 
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe
*****************
 
C:\Users\Ian McQuilkin\Downloads\avira_en_av___ws.exe => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (4).exe => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (3).exe => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (2).exe => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\joe.exe.exe => Moved successfully.
C:\Users\Ian McQuilkin\Downloads\avg_free_stb_all_2014_4577_cnet.exe => Moved successfully.
 
==== End of Fixlog ====
 
Here is results of ESET
 
 C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-OVO2V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v1.95.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\uninst.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\vppsetup_v2.41.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gddejphgogdngaihfpebjpmlkjjhmikc\10.24.3.503_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.35.zip.vir Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe.vir Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Local\NativeMessaging\CT3318920\1_0_0_2\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ian McQuilkin\AppData\Roaming\Mozilla\Firefox\Profiles\cwhr6fj0.default-1375502143584\Extensions\{ed541409-a451-4021-921f-0b66f3196e57}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\offercast.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\FRST\Quarantine\tbVis0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Ian McQuilkin\Downloads\Unconfirmed 156809.exe.crdownload.xBAD a variant of Win32/CainAbel potentially unsafe application deleted - quarantined
C:\FRST\Quarantine\C\Users\Ian McQuilkin\Downloads\Unconfirmed 397088.exe.crdownload.xBAD a variant of Win32/CainAbel potentially unsafe application deleted - quarantined
C:\FRST\Quarantine\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\Mobogenie\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\Mobogenie\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\Mobogenie\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\Mobogenie\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\{ed541409-a451-4021-921f-0b66f3196e57}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.95.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\VideoPad\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\VideoPad\vppsetup_v2.41.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\ProgramData\Avira\My Avira\Temp\antivirus.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/DomaIQ.BA potentially unwanted application deleted - quarantined
C:\Users\Ian McQuilkin\Downloads\CheatEngine63.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-OVO2V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
 
Here is the fresh FRST
  Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-93037906-805889245-3321811474-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1259DBCF18E5CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {391506D4-6FF2-4247-93D2-9FF924CC4F89} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ian McQuilkin\AppData\Roaming\Mozilla\Firefox\Profiles\cwhr6fj0.default-1375502143584
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.2: Yahoo
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Adblock Plus) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-01]
CHR Extension: (Balloono) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmggmlpijnjmhdekfigfbkookpdfodhf [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Ian McQuilkin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] () [File not signed]
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-01] () [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [391504 2013-06-25] (Hauppauge Computer Works, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll" /prefetch:1
S3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe" /prefetch:1 [X]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
S1 archlp; C:\Windows\SysWow64\Drivers\archlp.sys [10624 2008-01-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-30] (Symantec Corporation) [File not signed]
R3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [950384 2013-03-05] (Hauppauge Computer Work, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-06-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-06-29] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-29] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-06-29] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-21 14:48 - 2014-06-21 14:48 - 00012671 _____ () C:\Users\Ian McQuilkin\Desktop\FRST.txt
2014-06-21 14:47 - 2014-06-21 14:47 - 00009976 _____ () C:\Users\Ian McQuilkin\Desktop\ESET Results.txt
2014-06-21 12:19 - 2014-06-21 12:19 - 02347384 _____ (ESET) C:\Users\Ian McQuilkin\Downloads\esetsmartinstaller_enu.exe
2014-06-21 12:19 - 2014-06-21 12:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-21 01:31 - 2014-06-21 01:30 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-21 01:30 - 2014-06-21 01:30 - 00001070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-21 01:30 - 2014-06-21 01:30 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Avira
2014-06-21 01:30 - 2014-06-21 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-21 01:29 - 2014-06-21 01:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-21 01:29 - 2014-06-21 01:29 - 00000000 ____D () C:\ProgramData\Avira
2014-06-21 01:29 - 2014-05-27 17:13 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-21 01:29 - 2014-05-27 17:13 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-21 01:29 - 2014-05-27 17:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-21 01:28 - 2014-06-21 01:28 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av_4041796487__ws.exe
2014-06-20 15:25 - 2014-06-21 01:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-20 15:25 - 2014-06-20 15:25 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (4).exe
2014-06-20 15:25 - 2014-06-20 15:25 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-20 14:54 - 2014-06-20 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 14:54 - 2014-06-20 14:54 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 14:53 - 2014-06-20 14:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-06-18 17:34 - 2014-06-20 15:14 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FRST-OlderVersion
2014-06-18 17:29 - 2014-06-21 12:12 - 00488046 _____ () C:\Windows\PFRO.log
2014-06-16 18:54 - 2014-06-21 12:16 - 00022653 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 18:52 - 2014-06-21 12:12 - 00000336 _____ () C:\Windows\setupact.log
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:28 - 2014-06-14 19:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 20:50 - 2014-06-14 19:21 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 14:39 - 2014-06-10 14:40 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:45 - 2014-06-15 22:31 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-05-28 21:32 - 2014-06-08 00:42 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:15 - 2014-05-22 00:21 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:11 - 2014-05-22 00:12 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
 
==================== One Month Modified Files and Folders =======
 
2014-06-21 14:48 - 2014-06-21 14:48 - 00012671 _____ () C:\Users\Ian McQuilkin\Desktop\FRST.txt
2014-06-21 14:48 - 2014-01-04 23:02 - 00000000 ____D () C:\FRST
2014-06-21 14:47 - 2014-06-21 14:47 - 00009976 _____ () C:\Users\Ian McQuilkin\Desktop\ESET Results.txt
2014-06-21 14:43 - 2013-12-31 18:22 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-06-21 14:37 - 2014-06-16 18:54 - 00022653 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 12:50 - 2013-11-22 16:44 - 00000000 ____D () C:\Users\Public\Hauppauge Capture
2014-06-21 12:19 - 2014-06-21 12:19 - 02347384 _____ (ESET) C:\Users\Ian McQuilkin\Downloads\esetsmartinstaller_enu.exe
2014-06-21 12:19 - 2014-06-21 12:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-21 12:12 - 2014-06-18 17:29 - 00488046 _____ () C:\Windows\PFRO.log
2014-06-21 12:12 - 2014-06-16 18:52 - 00000336 _____ () C:\Windows\setupact.log
2014-06-21 01:58 - 2014-06-20 15:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-21 01:30 - 2014-06-21 01:31 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-21 01:30 - 2014-06-21 01:30 - 00001070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-21 01:30 - 2014-06-21 01:30 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Avira
2014-06-21 01:30 - 2014-06-21 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-21 01:30 - 2014-06-21 01:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-21 01:30 - 2013-09-04 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-21 01:29 - 2014-06-21 01:29 - 00000000 ____D () C:\ProgramData\Avira
2014-06-21 01:28 - 2014-06-21 01:28 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Ian McQuilkin\Downloads\avira_en_av_4041796487__ws.exe
2014-06-20 15:33 - 2014-06-20 14:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 15:25 - 2014-06-20 15:25 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (4).exe
2014-06-20 15:25 - 2014-06-20 15:25 - 00000961 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-20 15:25 - 2013-01-01 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-20 15:14 - 2014-06-18 17:34 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FRST-OlderVersion
2014-06-20 15:14 - 2014-01-04 23:01 - 02083328 _____ (Farbar) C:\Users\Ian McQuilkin\Desktop\FRST64.exe
2014-06-20 15:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web
2014-06-20 14:54 - 2014-06-20 14:54 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-06-20 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 14:54 - 2014-06-20 14:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-06-20 14:54 - 2013-10-07 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 17:34 - 2012-12-28 12:11 - 00000000 ____D () C:\Users\Ian McQuilkin
2014-06-18 17:33 - 2014-01-06 13:29 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\FRST-OlderVersion
2014-06-18 17:33 - 2014-01-04 23:01 - 02082304 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FRST64.exe
2014-06-16 18:56 - 2014-01-04 23:03 - 00038200 _____ () C:\Users\Ian McQuilkin\Downloads\Addition.txt
2014-06-16 18:56 - 2014-01-04 23:02 - 00037727 _____ () C:\Users\Ian McQuilkin\Downloads\FRST.txt
2014-06-16 18:52 - 2014-06-16 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 22:37 - 2014-06-15 22:37 - 00000017 _____ () C:\Users\Ian McQuilkin\AppData\Local\resmon.resmoncfg
2014-06-15 22:31 - 2014-06-10 12:45 - 00000000 ____D () C:\Windows\Minidump
2014-06-14 19:33 - 2014-06-14 19:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ian McQuilkin\Downloads\tdsskiller (1).exe
2014-06-14 19:33 - 2014-06-14 19:33 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (2).exe
2014-06-14 19:32 - 2013-08-11 00:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-14 19:30 - 2014-01-01 20:42 - 00000000 ____D () C:\AdwCleaner
2014-06-14 19:29 - 2014-06-14 19:29 - 01333465 _____ () C:\Users\Ian McQuilkin\Downloads\AdwCleaner (1).exe
2014-06-14 19:29 - 2014-06-14 19:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-06-14 19:21 - 2014-06-14 19:21 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (2).exe
2014-06-14 19:21 - 2014-06-10 20:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\rkill
2014-06-14 13:36 - 2009-07-17 17:21 - 00016976 _____ (Yamicsoft) C:\Windows\FreeMem.exe
2014-06-11 23:00 - 2014-06-11 23:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-06-11 22:58 - 2014-06-11 22:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-06-11 22:38 - 2014-06-11 22:38 - 19634808 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware (1).exe
2014-06-11 22:38 - 2014-01-02 19:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 18:43 - 2014-06-11 18:43 - 19566744 _____ (SUPERAntiSpyware) C:\Users\Ian McQuilkin\Downloads\SUPERAntiSpyware.exe
2014-06-11 17:29 - 2013-05-18 01:04 - 00008704 ___SH () C:\Users\Ian McQuilkin\Thumbs.db
2014-06-10 21:36 - 2014-06-10 21:36 - 00003344 _____ () C:\Users\Ian McQuilkin\Downloads\FSS.txt
2014-06-10 21:35 - 2014-06-10 21:35 - 00415744 _____ (Farbar) C:\Users\Ian McQuilkin\Downloads\FSS.exe
2014-06-10 21:28 - 2014-06-10 21:28 - 04009167 _____ () C:\Users\Ian McQuilkin\Downloads\ServicesRepair (2).exe
2014-06-10 21:28 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-10 20:50 - 2014-06-10 20:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).com
2014-06-10 20:33 - 2014-06-10 20:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1).exe
2014-06-10 20:33 - 2014-06-10 20:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill (1)64.exe
2014-06-10 20:27 - 2014-06-10 20:27 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill.com
2014-06-10 20:27 - 2014-06-10 20:27 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Ian McQuilkin\Downloads\rkill64.com
2014-06-10 20:15 - 2014-06-10 20:15 - 00000000 ____L () C:\Users\Ian McQuilkin\steam.dll
2014-06-10 19:24 - 2014-06-10 19:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-06-10 19:12 - 2014-06-10 19:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-10 19:07 - 2014-06-10 19:07 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (3).exe
2014-06-10 19:04 - 2014-06-10 19:04 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (2).exe
2014-06-10 19:03 - 2014-06-10 19:03 - 11738816 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\SteamUI.dll
2014-06-10 19:00 - 2014-06-10 19:00 - 02930000 _____ (Valve Corporation) C:\Users\Ian McQuilkin\Downloads\Steam.dll
2014-06-10 18:53 - 2014-06-10 18:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ian McQuilkin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 18:50 - 2012-06-02 10:54 - 00000000 ____D () C:\Windows\Panther
2014-06-10 14:40 - 2014-06-10 14:39 - 99647686 _____ () C:\Users\Ian McQuilkin\Downloads\Steam.dmg
2014-06-10 13:50 - 2014-06-10 13:50 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\graphics
2014-06-10 13:49 - 2014-06-10 13:49 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup (1).exe
2014-06-10 13:06 - 2014-06-10 13:06 - 01141680 _____ () C:\Users\Ian McQuilkin\Downloads\SteamSetup.exe
2014-06-10 12:54 - 2013-01-01 20:03 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 11:52 - 2009-07-14 00:45 - 00024368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 09:53 - 2014-04-06 01:05 - 00000000 ____D () C:\Windows\LastGood
2014-06-09 22:33 - 2013-01-02 18:55 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\Skype
2014-06-09 22:21 - 2012-12-28 12:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 22:03 - 2013-05-01 20:05 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 20:03 - 2013-05-01 20:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 16:57 - 2013-01-02 18:32 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Roaming\.minecraft
2014-06-09 16:47 - 2013-11-30 00:13 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 16:41 - 2012-12-28 23:45 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Adobe
2014-06-09 16:32 - 2013-11-30 00:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-09 16:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 00:42 - 2014-05-28 21:32 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\FLVTO 2
2014-06-04 16:10 - 2013-12-18 23:54 - 00000000 ____D () C:\Users\Ian McQuilkin\Desktop\Spyware
2014-06-02 23:26 - 2014-03-06 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-02 23:25 - 2013-01-02 18:55 - 00000000 ____D () C:\ProgramData\Skype
2014-06-02 23:13 - 2014-06-02 23:13 - 00681424 _____ (Shark Labs) C:\Users\Ian McQuilkin\Downloads\CFSetup352.exe
2014-06-02 23:13 - 2014-02-12 22:39 - 00001899 _____ () C:\Users\Ian McQuilkin\Desktop\Clownfish.lnk
2014-05-27 17:13 - 2014-06-21 01:29 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 17:13 - 2014-06-21 01:29 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-27 17:13 - 2014-06-21 01:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-22 18:00 - 2013-09-08 01:09 - 00000000 ____D () C:\Users\Ian McQuilkin\AppData\Local\Windows Live
2014-05-22 00:40 - 2014-05-22 00:40 - 00000000 ____D () C:\Users\Ian McQuilkin\Downloads\Here
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles.mp4
2014-05-22 00:36 - 2014-05-22 00:36 - 42498454 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).mp4
2014-05-22 00:21 - 2014-05-22 00:15 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (2).wlmp
2014-05-22 00:12 - 2014-05-22 00:11 - 00008778 _____ () C:\Users\Ian McQuilkin\Downloads\crucibles (1).wlmp
 
Files to move or delete:
====================
C:\Users\Ian McQuilkin\CCEnhancer-2.5.1.exe
C:\Users\Ian McQuilkin\steam.dll
 
 
Some content of TEMP:
====================
C:\Users\Ian McQuilkin\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-29 16:11
 
==================== End Of Log ============================
 
Computer is running very good. I reinstalled Avira because my Symantec seems to no longer be on my computer, but it will not let me uninstall it and tells me that the path is empty, and the icon can no longer be found on my startup menu so maybe its gone. I have not seen that cmd prompt pop up like I had mentioned earlier. Reinstalled steam and it still will not open, I never experienced these problems before the malware so is their a connectivity issue?


#11 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 21 June 2014 - 05:52 PM

Just checked my laptop, steam works and starts up fine, however my desktop steam crashes without saying anything while connecting to my account.



#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:01:03 PM

Posted 22 June 2014 - 03:05 PM

Hello iman1323,
 
Your logs are still showing evidence of Symantec being installed, so let's try to get it removed.

 

==========

  • Click Start.
  • All Programs.
  • Under all Programs do you see Symantec or anything of the like listed?
  • If so, located the Symantec Endpoint Uninstaller that should be located there and run it.

==========

 

If you do not see Symantec listed under All Programs, we will need to get the CleanWipe tool from Symantec.

 

This tool is only available through Symantec support, so you will have to open a ticket with them for access.

 

Here is more information about this including a link to get you started with their support.

 

===================================================

Java Update

  • Please download and install the latest version of Java:
  • Not keeping this program updated leaves your computer open to malware that exploit the use of non-updated versions of this software.

===================================================

As for Steam, is your situation similar to what happens here?

 

Are you getting any error messages? Does the program indicate that it is no longer responding or does it simply quit without any type of running?

 

===================================================

 

What I'd like to see in your next post:   :thumbsup2:

  • Did you find the Symantec Endpoint uninstaller or contact Symantec support?
  • Confirmation Java updated.
  • Information about Steam crashing.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 22 June 2014 - 04:34 PM

When I open my start menu, A folder for Symantec is there, but the only program in the folder is Symantec support help. When I click on it, I get a "path is empty, you may not have the appropriate permissions." When I try to do a clean unistall in Programs and Features, I get this ------>http://imgur.com/8yG2UnZ (Picture of the error message). I believe Java updated. I tried that method with steam yesterday with no luck and no luck today. 

When Clicking on the steam Icon:

  • Says its updating my account information.
  • Proceeds to say "logging into account"
  • This small window then disappears and I' left with a loading cursor which just proceeds to stop loading.
  • I do not get a error message, but a crash document is put into my steam program folder each time I try to access steam.


#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:01:03 PM

Posted 23 June 2014 - 03:34 PM

Hello iman1323,
 
In regards to Symantec Endpoint Protection, I would ask that you please open a support ticket with them and request access to their CleanWipe tool in order to completely remove Symantec Endpoint Security from your system.
 
------------------------------------------------------------------------------------
 
As for Steam, please try the following.

Launch Service

  • Press and hold the Windows button + R on your keyboard and press Enter.
  • In the Run box type services.msc and hit Enter.
  • In the Services window, look for the service Steam Client Service.
  • Without closing the Services window, launch Steam.
  • While Steam is launching, right-click Steam Client Service and click Start.
  • Once the service is running, if Steam still does launch launch properly, close the Steam program and launch it again.

------------------------------------------------------------------------------------

Let me know about the Symantec support thread and your latest attempt at launching Steam in your next post.  :) 


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 iman1323

iman1323
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:03 PM

Posted 24 June 2014 - 06:26 PM

I can't find a download link for the clean wipe tool nor can i find where to request support on Symantec's website. Also the launch service for steam did not work either. Is it possible that symantec has something to do with the steam issues? Under program and features all my games are there but will not let me unistall them. Both Symantec and the games no longer have a logo next to them.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users