Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP please, this virus looks bad... In over my head.


  • This topic is locked This topic is locked
71 replies to this topic

#1 Sdawg27

Sdawg27

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 13 July 2014 - 02:14 AM

Umm... just showed up and been chasing it for a day or two, thought I knew what I was doing... Yikes..
Anyway THANK YOU IN ADVANCE!!!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by Sdawg27 at 23:49:21 on 2014-07-12
#Option Extended Search is enabled.
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.24567.21950 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\authServer.exe
Z:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
Z:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
Z:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CE\CovenantEyes.exe
C:\Program Files (x86)\CE\CovenantEyesHelper.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
Z:\Program Files (x86)\Security Task Manager\TaskMan.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - Z:\Program Files\plugins\ArcPluginIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
mRun: [NMSVC] C:\Program Files (x86)\CE\CovenantEyes.exe
StartupFolder: C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: CESpy.dll
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
TCP: NameServer = 24.113.32.29 24.113.32.30 24.113.0.30
TCP: Interfaces\{5339DF1D-7165-4C49-88EA-9D3888EF2823} : DHCPNameServer = 24.113.32.29 24.113.32.30 24.113.0.30
TCP: Interfaces\{AD392F42-6A77-4907-88B3-C3A559027AE4} : DHCPNameServer = 192.168.1.1 24.113.32.29 24.113.32.30
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sdawg27\AppData\Roaming\Mozilla\Firefox\Profiles\iirnfizy.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-7-12 91352]
R2 Auth Service;Auth Service;C:\Windows\System32\authServer.exe [2011-11-15 2220544]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 MBAMScheduler;MBAMScheduler;Z:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-12 1809720]
R2 MBAMService;MBAMService;Z:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-12 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-12 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-12 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-12 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-16 676968]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S3 ArcService;Arc Service;Z:\Program Files\ArcService.exe [2013-9-5 88424]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2012-4-12 838136]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-11 111616]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-5-12 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-12 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-1-26 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-12 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 60 ================
.
2014-07-13 05:38:49 -------- d-----w- C:\ProgramData\SecTaskMan
2014-07-13 05:37:08 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D16101C0-B2F2-4307-9C48-3435A1887F84}\mpengine.dll
2014-07-12 08:56:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-07-12 08:56:06 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-07-12 08:56:05 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-07-12 08:56:05 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-07-12 08:52:26 -------- d-----w- C:\Windows\Migration
2014-07-12 08:49:40 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-07-12 08:49:24 2558808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-12 08:47:15 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-07-12 08:46:34 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-07-12 08:46:31 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-07-12 08:46:31 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-07-12 08:46:28 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-07-12 08:46:27 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-07-12 08:46:27 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-07-12 08:46:27 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-07-12 08:41:10 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-07-12 08:40:53 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-07-12 08:40:53 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-07-12 08:40:52 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-07-12 08:40:52 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-07-12 08:40:50 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-07-12 08:40:50 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-07-12 08:40:50 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-07-12 08:39:24 385024 ----a-w- C:\Windows\System32\CNMLMAN.DLL
2014-07-12 08:35:26 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-07-12 08:34:44 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-12 08:31:05 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-07-12 08:30:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-07-12 08:30:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-07-12 08:30:46 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-07-12 07:59:27 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-12 07:47:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-12 07:47:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-12 07:47:53 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-12 07:27:31 2203648 ----a-w- C:\Windows\System32\nmNsp.dll
2014-07-12 07:27:31 206336 ----a-w- C:\Windows\System32\CESpy.dll
2014-07-12 07:27:31 177944 ----a-w- C:\Windows\SysWow64\CESpy.dll
2014-07-12 07:27:31 1623320 ----a-w- C:\Windows\SysWow64\nmNsp.dll
2014-07-12 05:53:36 -------- d-----w- C:\Program Files\CCleaner
2014-07-12 05:23:24 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C59ACD41-0BD3-4EC0-A470-7643468CE9DF}\gapaengine.dll
2014-07-12 05:23:21 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-12 05:22:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-12 05:22:03 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-12 05:22:03 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-11 12:54:31 -------- d-----w- C:\Users\Sdawg27\AppData\Local\globalUpdate
2014-05-16 15:56:24 1619632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
2014-05-15 20:55:12 -------- d-----w- C:\Windows\rescache
.
==================== Find6M ====================
.
2014-07-08 18:24:10 11204096 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-06-27 05:14:23 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-06-27 05:14:23 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-12 14:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:50:51 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 12:15:58 660120 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-04-01 05:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 05:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-03-21 06:03:10 62408 ----a-w- C:\Windows\System32\OpenCL.dll
2014-03-21 06:03:10 54216 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-03-21 06:03:06 18302384 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2014-03-21 06:03:06 15783992 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-03-21 06:03:02 947808 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-03-21 06:03:02 832936 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2014-03-21 06:03:00 9690424 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-03-21 06:03:00 11589272 ----a-w- C:\Windows\System32\nvopencl.dll
2014-03-11 16:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
.
============= FINISH: 23:49:51.36 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/18/2011 6:09:55 PM
System Uptime: 7/12/2014 11:26:43 PM (0 hours ago)
.
Motherboard: EVGA | | 131-GT-E767
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz | Socket 423 | 1591/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 84 GiB total, 13.625 GiB free.
D: is CDROM ()
E: is CDROM ()
Z: is FIXED (NTFS) - 233 GiB total, 63.365 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP407: 7/12/2014 1:37:11 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR
American Conquest
Arc
Backyard Basketball 2004
Batman: Arkham City™ PC
Battle.net
Battlefield Play4Free
Bing Bar
BMW M3 Challenge
Call of Duty® 4 - Modern Warfare™
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MX880 series MP Drivers
CCleaner
CDDRV_Installer
Cisco Connect
Covenant Eyes
Diablo III
Dota 2
Dota 2 Test
DVD Shrink 3.2
erLT
EVGA OC Scanner X 3.3.0 (64-bit)
EVGA Precision X 4.2.1
FFsplit version 0.7
foobar2000 v1.1.10
Google Chrome
Google Earth Plug-in
Google Update Helper
H&R Block Deluxe + Efile 2013
Hearthstone
KhalInstallWrapper
League of Legends
Logitech SetPoint
Malwarebytes Anti-Malware version 2.0.2.1012
marvell 91xx driver
Microsoft .NET Framework 4.5.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Mig Alley 1.1
Motorola Mobile Drivers Installation 5.2.0
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MS Access 97 SP2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Need for Speed™ ProStreet
Notepad++
NVIDIA 3D Vision Controller Driver 331.58
NVIDIA 3D Vision Driver 335.23
NVIDIA Control Panel 335.23
NVIDIA Graphics Driver 335.23
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.4.0
NVIDIA Update Core
Origin
Pando Media Booster
PunkBuster Services
RaidCall
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Samsung Mobile phone USB driver Drive Software
Security Task Manager 1.8g
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596804) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SimCity 3000 Unlimited
Spotify
Star Wars Battlefront II
Steam
TeamSpeak 3 Client
Torchlight II
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client for Windows x64
VLC media player 2.0.5
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
7/12/2014 2:18:15 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
7/12/2014 2:17:42 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/12/2014 12:56:21 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/12/2014 12:55:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
7/12/2014 12:36:48 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/12/2014 12:35:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/12/2014 12:35:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/12/2014 12:35:10 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/12/2014 12:35:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/12/2014 12:35:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/12/2014 12:35:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/12/2014 12:35:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/12/2014 12:34:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
7/12/2014 12:34:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff880030f9180, 0x0000000000000006). A dump was saved in: C:\Windows\Minidump\071214-6786-01.dmp. Report Id: 071214-6786-01.
7/12/2014 11:27:59 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/11/2014 9:37:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:37:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:37:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:36:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/11/2014 9:36:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:36:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:32:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/11/2014 9:27:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:27:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:27:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 9:27:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/11/2014 9:26:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8013c12b30, 0xfffffa8013c12e10, 0xfffff8000297c270). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071114-9765-01.
7/11/2014 9:26:03 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
7/11/2014 9:26:03 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
7/11/2014 7:48:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
7/11/2014 7:47:06 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2014 7:23:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:23:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:23:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:23:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:23:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:18:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
7/11/2014 7:13:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
7/11/2014 7:13:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:13:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:13:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:13:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:13:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 7:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/11/2014 7:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/11/2014 7:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/11/2014 7:12:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8013f40b30, 0xfffffa8013f40e10, 0xfffff800035d7270). A dump was saved in: C:\Windows\Minidump\071114-6068-01.dmp. Report Id: 071114-6068-01.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ESProtectionDriver MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2014 7:12:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2014 7:12:29 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
7/11/2014 7:02:24 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
7/11/2014 7:01:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
7/11/2014 7:01:03 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/11/2014 7:00:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
7/11/2014 7:00:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.
7/11/2014 7:00:35 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/11/2014 6:52:19 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/11/2014 6:49:32 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/11/2014 6:35:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ESProtectionDriver
7/11/2014 6:35:00 PM, Error: Service Control Manager [7000] - The Reimage Real Time Protector service failed to start due to the following error: The system cannot find the file specified.
7/11/2014 10:18:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/11/2014 10:18:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: DawgPound\Sdawg27 Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 10:18:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DawgPound\Sdawg27 Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 10:18:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DawgPound\Sdawg27 Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/11/2014 10:02:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/12/2014
Scan Time: 11:14:14 PM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.13.01
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sdawg27

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309822
Time Elapsed: 7 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmcmflmkceipgecmhoddphflfndnfbbe, Quarantined, [93ecadf0aecd1e18c0f654c38b79f20e],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2941179568-1066538883-732945140-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pmcmflmkceipgecmhoddphflfndnfbbe, Quarantined, [106f7c210a7180b6793eb364e420af51],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-2941179568-1066538883-732945140-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.yahoo.com?type=994519&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (http://search.yahoo.com?type=994519&fr=spigot-yhp-ie),Replaced,[a0df6e2f285348eebb42cec4b84c6c94]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Files


Edited by Oh My, 17 July 2014 - 04:05 PM.
Posted logs

-SDawg27


"Soli Deo Gloria!"

BC AdBot (Login to Remove)

 


#2 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 13 July 2014 - 05:07 PM

PLEASE I REALLY NEED HELP. I've turned this computer on only for two short moments since last post.... its already taking over the entire computer. Writing up to 25mbs+ on both drives. I can run anything can't to to the internet. NOW the lap top I was using to search for answers I think is infected via router?? First virus in 4 years and I have never seen anything this bad. I noticed system.exe was uploading to my routers ip.. I tried to log on that and doesn't work... I have fincial files and important documents im terrified if it steals. Im DESPERATELY waiting on a responce, I know your all busy. I waiting to only go by your instructions and have not posted anywhere else. I beg for help, thanks.

Edited by Sdawg27, 13 July 2014 - 05:11 PM.

-SDawg27


"Soli Deo Gloria!"

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:04 AM

Posted 17 July 2014 - 04:07 PM

Greetings Sdawg27 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop (or if necessary download to a USB device from a clean computer and transfer to your desktop)
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 05:10 PM

I'll have those posted soon, thank you for your help in advance.
A little more background, my laptop has the same thing I suspect. and both desktop and laptop their network adapter doesn't show up. If I'm able to fix that I am able to reply in rapid fire. In the mean time tracking down a friends laptop hoping not to spread the infection...
Also I've been tinkering on my own which probably has worked against me. I will now stop all of that tinkering now that you are able to assist me. I'm a chef of a wedding venue, so for the next two days I'll be busy catering. Which is also my rush to fix this so I can finish planning for those. Again thank you in advance good Sir. And be with you momentarily.
-SDawg27


"Soli Deo Gloria!"

#5 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 05:21 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Sdawg27 (administrator) on DAWGPOUND on 17-07-2014 14:52:03
Running from F:\Shea's Tools\Diagnose_Log_Scanner
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\CE\CovenantEyes.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files (x86)\CE\CovenantEyesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [NMSVC] => C:\Program Files (x86)\CE\CovenantEyes.exe [2433832 2012-10-22] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2941179568-1066538883-732945140-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-2941179568-1066538883-732945140-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2941179568-1066538883-732945140-1000\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF46D7B27FE8DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> Z:\Program Files\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
Winsock: Catalog5 07 C:\Windows\SysWOW64\nmNsp.dll [1623320] ()
Winsock: Catalog5-x64 07 %SystemRoot%\System32\nmNsp.dll [2203648] ()

FireFox:
========
FF ProfilePath: C:\Users\Sdawg27\AppData\Roaming\Mozilla\Firefox\Profiles\iirnfizy.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - Z:\Program Files\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Sdawg27\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - Z:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Sdawg27\AppData\Roaming\Mozilla\Firefox\Profiles\iirnfizy.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi []
FF StartMenuInternet: FIREFOX.EXE - Z:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage:
CHR Extension: (Docs) - C:\Users\Sdawg27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Sdawg27\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Sdawg27\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Sdawg27\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Gmail) - C:\Users\Sdawg27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 ArcService; Z:\Program Files\ArcService.exe [88424 2013-09-05] (Perfect World Entertainment Inc)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-30] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-11-18] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-17] ()
S3 catchme; \??\C:\4FRTH1TORUN\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 14:01 - 2014-07-17 14:01 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAWGPOUND-Microsoft-Windows-7-Professional-(64-bit).dat
2014-07-17 14:01 - 2014-07-17 14:01 - 00000000 ____D () C:\RegBackup
2014-07-17 13:51 - 2014-07-17 13:51 - 00003288 _____ () C:\bootsqm.dat
2014-07-17 13:17 - 2014-07-17 13:17 - 00000546 _____ () C:\Users\Sdawg27\Desktop\Emsisoft Emergency Kit.lnk
2014-07-17 13:17 - 2014-07-17 13:17 - 00000000 ____D () C:\EEK
2014-07-17 13:16 - 2014-07-17 13:16 - 00003215 _____ () C:\Users\Sdawg27\Desktop\Sophos Virus Removal Tool.lnk
2014-07-17 13:16 - 2014-07-17 13:16 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-17 13:16 - 2014-07-17 13:16 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-17 13:16 - 2014-07-17 13:16 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-17 13:15 - 2014-07-17 13:21 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c4daa3c4-d112-4d4f-a575-c9eb393efd6a.job
2014-07-17 13:15 - 2014-07-17 13:21 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1be86653-1f57-452a-b632-256716d34493.job
2014-07-17 13:15 - 2014-07-17 13:15 - 00003594 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1be86653-1f57-452a-b632-256716d34493
2014-07-17 13:15 - 2014-07-17 13:15 - 00003520 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c4daa3c4-d112-4d4f-a575-c9eb393efd6a
2014-07-17 13:15 - 2014-07-17 13:15 - 00001808 _____ () C:\Users\Sdawg27\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\SUPERAntiSpyware.com
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-17 13:14 - 2014-07-17 14:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 13:14 - 2014-07-17 13:14 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-07-17 13:14 - 2014-07-17 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-07-17 13:14 - 2014-07-17 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-17 13:14 - 2014-07-17 13:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-17 13:13 - 2014-07-17 13:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 13:13 - 2014-07-17 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 13:13 - 2014-07-17 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 13:13 - 2014-07-17 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 13:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-17 13:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-17 13:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 13:08 - 2014-07-17 13:08 - 00000635 _____ () C:\Users\Sdawg27\Desktop\JRT.txt
2014-07-17 13:02 - 2014-07-17 13:02 - 00000619 _____ () C:\Users\Sdawg27\Desktop\Shea's Tools - Shortcut.lnk
2014-07-17 12:59 - 2014-07-17 12:59 - 00002985 _____ () C:\Users\Sdawg27\Desktop\HiJackThis.lnk
2014-07-17 12:59 - 2014-07-17 12:59 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-17 12:59 - 2014-07-17 12:59 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-17 12:48 - 2014-07-17 12:48 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\Spotify
2014-07-17 12:44 - 2014-07-17 14:47 - 00000448 _____ () C:\Windows\setupact.log
2014-07-17 12:44 - 2014-07-17 12:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 12:19 - 2014-07-17 12:19 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-17 12:18 - 2014-07-17 12:18 - 00110072 _____ () C:\Users\Sdawg27\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 12:12 - 2014-07-17 12:12 - 00000000 ____D () C:\RGBU
2014-07-17 12:10 - 2014-07-17 12:10 - 00000924 _____ () C:\Users\Sdawg27\Desktop\NTREGOPT.lnk
2014-07-17 12:10 - 2014-07-17 12:10 - 00000905 _____ () C:\Users\Sdawg27\Desktop\ERUNT.lnk
2014-07-17 12:10 - 2014-07-17 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-17 12:10 - 2014-07-17 12:10 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-17 12:07 - 2014-07-17 14:47 - 00421120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-17 12:07 - 2014-07-17 14:47 - 00022102 _____ () C:\Windows\PFRO.log
2014-07-17 01:41 - 2014-07-17 01:41 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-17 01:41 - 2014-07-17 01:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-17 01:41 - 2014-07-17 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-17 01:41 - 2014-07-17 01:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-17 01:18 - 2014-07-17 01:18 - 00000000 _____ () C:\Users\Sdawg27\defogger_reenable
2014-07-17 01:17 - 2014-07-17 01:17 - 00001877 _____ () C:\Users\Sdawg27\Desktop\aswMBR.txt
2014-07-17 01:17 - 2014-07-17 01:17 - 00000512 _____ () C:\Users\Sdawg27\Desktop\MBR.dat
2014-07-17 01:16 - 2014-07-17 01:44 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\CrashDumps
2014-07-17 01:09 - 2014-07-17 01:09 - 00000927 _____ () C:\Users\Sdawg27\Desktop\Revo Uninstaller.lnk
2014-07-17 00:41 - 2014-07-17 00:41 - 00001055 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-07-17 00:41 - 2014-07-17 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-07-17 00:41 - 2014-07-17 00:41 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-07-17 00:38 - 2014-07-17 00:39 - 00036294 _____ () C:\Users\Sdawg27\Desktop\Show-Hidden.txt
2014-07-17 00:37 - 2014-07-17 00:37 - 00000948 _____ () C:\Users\Sdawg27\Desktop\FixExec.txt
2014-07-17 00:34 - 2014-07-17 01:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-17 00:33 - 2014-07-17 01:22 - 00000000 ____D () C:\Users\Sdawg27\Desktop\mbar
2014-07-17 00:30 - 2014-07-17 00:30 - 00000792 _____ () C:\Users\Sdawg27\Desktop\checkup.txt
2014-07-16 18:27 - 2014-07-17 00:37 - 00001178 _____ () C:\Users\Sdawg27\Desktop\ListCWall.txt
2014-07-16 18:20 - 2014-07-17 01:03 - 00002990 _____ () C:\Users\Sdawg27\Desktop\unhide.txt
2014-07-16 18:15 - 2014-07-17 01:29 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-16 18:15 - 2014-07-16 18:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-16 18:11 - 2014-07-16 18:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-16 18:09 - 2014-07-17 13:53 - 00002458 _____ () C:\Users\Sdawg27\Desktop\Rkill.txt
2014-07-15 14:49 - 2014-07-17 12:59 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\VirtualStore
2014-07-13 14:23 - 2014-07-17 13:19 - 00003643 _____ () C:\ceProcesses.txt
2014-07-13 04:05 - 2014-07-17 14:46 - 00007601 _____ () C:\Users\Sdawg27\AppData\Local\Resmon.ResmonCfg
2014-07-12 23:50 - 2014-07-17 00:32 - 00049214 _____ () C:\Users\Sdawg27\Desktop\attach.txt
2014-07-12 23:50 - 2014-07-17 00:32 - 00017082 _____ () C:\Users\Sdawg27\Desktop\dds.txt
2014-07-12 22:38 - 2014-07-13 03:42 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-07-12 22:38 - 2014-07-12 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-07-12 22:34 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-12 22:34 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-12 02:19 - 2014-07-12 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-12 01:56 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-07-12 01:56 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-07-12 01:56 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-07-12 01:56 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-07-12 01:50 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-12 01:50 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-12 01:50 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-12 01:50 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-12 01:50 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-12 01:50 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-12 01:50 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-12 01:50 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-12 01:50 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-12 01:50 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-12 01:50 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-12 01:50 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-12 01:50 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-12 01:50 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-12 01:50 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-12 01:50 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-12 01:50 - 2013-10-01 13:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-12 01:50 - 2013-10-01 13:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-12 01:49 - 2014-03-04 06:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-07-12 01:49 - 2014-03-04 04:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-12 01:46 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-12 01:46 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-07-12 01:46 - 2012-08-23 07:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-07-12 01:46 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-07-12 01:46 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-07-12 01:40 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-07-12 01:40 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-07-12 01:40 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-07-12 01:40 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-07-12 01:40 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-07-12 01:40 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-07-12 01:40 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-07-12 01:40 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-07-12 01:39 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAN.DLL
2014-07-12 01:36 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 01:36 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 01:36 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 01:36 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 01:36 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 01:36 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 01:36 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 01:36 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 01:36 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 01:36 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 01:36 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 01:36 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 01:36 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 01:36 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 01:36 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-07-12 01:36 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-07-12 01:36 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-07-12 01:36 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-07-12 01:36 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-07-12 01:36 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-07-12 01:36 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-07-12 01:36 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-07-12 01:36 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-07-12 01:36 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-07-12 01:36 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-07-12 01:36 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-07-12 01:36 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-07-12 01:36 - 2012-04-30 22:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-07-12 01:36 - 2012-04-07 05:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-07-12 01:36 - 2012-04-07 04:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-07-12 01:35 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-07-12 01:35 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-07-12 01:35 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-07-12 01:35 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-07-12 01:35 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-07-12 01:35 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-07-12 01:35 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-07-12 01:35 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-07-12 01:35 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-12 01:35 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-07-12 01:35 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-07-12 01:35 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-07-12 01:35 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-07-12 01:35 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-07-12 01:35 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-07-12 01:35 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-07-12 01:35 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-07-12 01:35 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-07-12 01:35 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-07-12 01:35 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-07-12 01:35 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-07-12 01:35 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-07-12 01:35 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-07-12 01:35 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-07-12 01:35 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-07-12 01:35 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-07-12 01:35 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-07-12 01:35 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-07-12 01:35 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-07-12 01:35 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-07-12 01:35 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-07-12 01:35 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-07-12 01:35 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-07-12 01:35 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-07-12 01:35 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-07-12 01:35 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-07-12 01:35 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-07-12 01:35 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-07-12 01:35 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-07-12 01:35 - 2012-10-03 10:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-07-12 01:35 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-07-12 01:35 - 2012-10-03 10:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-07-12 01:35 - 2012-10-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-07-12 01:35 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-07-12 01:35 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-07-12 01:35 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-07-12 01:35 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-07-12 01:35 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-07-12 01:35 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-07-12 01:35 - 2012-01-13 00:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-07-12 01:34 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-12 01:34 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-12 01:34 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-07-12 01:34 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-07-12 01:34 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-07-12 01:34 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-07-12 01:34 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-07-12 01:34 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-07-12 01:34 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-07-12 01:34 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-07-12 01:34 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-07-12 01:34 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-07-12 01:34 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-07-12 01:34 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-07-12 01:34 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-07-12 01:34 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-07-12 01:34 - 2013-09-24 19:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-12 01:34 - 2013-09-24 18:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-12 01:34 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-07-12 01:34 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-07-12 01:34 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-07-12 01:34 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-07-12 01:34 - 2012-05-05 01:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-07-12 01:34 - 2012-05-05 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-07-12 01:34 - 2012-05-04 04:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-07-12 01:34 - 2012-05-04 02:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-07-12 01:31 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-07-12 01:30 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-07-12 01:30 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-07-12 01:30 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-07-12 00:27 - 2012-10-22 16:02 - 01623320 _____ () C:\Windows\SysWOW64\nmNsp.dll
2014-07-12 00:27 - 2012-10-22 16:02 - 00177944 _____ () C:\Windows\SysWOW64\CESpy.dll
2014-07-12 00:27 - 2012-10-22 16:01 - 02203648 _____ () C:\Windows\system32\nmNsp.dll
2014-07-12 00:27 - 2012-10-22 16:01 - 00206336 _____ () C:\Windows\system32\CESpy.dll
2014-07-12 00:00 - 2014-07-12 00:00 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-12 00:00 - 2014-07-12 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-11 23:34 - 2014-07-11 23:34 - 00000000 ____D () C:\ProgramData\Sun
2014-07-11 22:24 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 22:24 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-11 22:24 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 22:24 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 22:24 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-11 22:24 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 22:24 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 22:24 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-11 22:24 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-11 22:24 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-11 22:24 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 22:24 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-11 22:24 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 22:24 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 22:24 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-11 22:24 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-11 22:24 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-11 22:24 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-11 22:24 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 22:24 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 22:24 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-11 22:24 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-11 22:24 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 22:24 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 22:24 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 22:24 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 22:24 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-11 22:24 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-11 22:24 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-11 22:24 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-11 22:24 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 22:24 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-11 22:24 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-11 22:24 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-11 22:24 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 22:24 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-11 22:24 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-11 22:24 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-11 22:24 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-11 22:24 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-11 22:24 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 22:24 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-11 22:24 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-11 22:24 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 22:24 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-11 22:24 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-11 22:24 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 22:24 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-11 22:24 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-11 22:24 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-11 22:24 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-11 22:24 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 22:24 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-11 22:24 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-11 22:24 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-11 22:24 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 22:24 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 22:24 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 22:24 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 22:24 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 22:24 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 22:24 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 22:22 - 2014-07-11 22:22 - 00003118 _____ () C:\Windows\System32\Tasks\{8E28B75F-C980-4201-834A-E709F2AE3B12}
2014-07-11 22:22 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 22:22 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 22:22 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 19:48 - 2014-07-11 22:19 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-11 10:14 - 2014-07-11 10:14 - 00020045 _____ () C:\ComboFix.txt

==================== One Month Modified Files and Folders =======

2014-07-17 14:52 - 2014-02-19 20:39 - 00000000 ____D () C:\FRST
2014-07-17 14:51 - 2009-07-13 22:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 14:50 - 2011-10-18 18:06 - 01823674 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 14:47 - 2014-07-17 13:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 14:47 - 2014-07-17 12:44 - 00000448 _____ () C:\Windows\setupact.log
2014-07-17 14:47 - 2014-07-17 12:07 - 00421120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-17 14:47 - 2014-07-17 12:07 - 00022102 _____ () C:\Windows\PFRO.log
2014-07-17 14:47 - 2013-10-21 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-17 14:47 - 2012-10-15 14:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 14:47 - 2012-05-16 02:08 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-17 14:47 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 14:46 - 2014-07-13 04:05 - 00007601 _____ () C:\Users\Sdawg27\AppData\Local\Resmon.ResmonCfg
2014-07-17 14:43 - 2012-03-20 20:36 - 00783672 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-17 14:36 - 2009-07-13 19:34 - 00000514 _____ () C:\Windows\win.ini
2014-07-17 14:12 - 2012-10-15 14:11 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 14:01 - 2014-07-17 14:01 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAWGPOUND-Microsoft-Windows-7-Professional-(64-bit).dat
2014-07-17 14:01 - 2014-07-17 14:01 - 00000000 ____D () C:\RegBackup
2014-07-17 13:59 - 2009-07-13 21:45 - 00032032 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 13:59 - 2009-07-13 21:45 - 00032032 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 13:53 - 2014-07-16 18:09 - 00002458 _____ () C:\Users\Sdawg27\Desktop\Rkill.txt
2014-07-17 13:51 - 2014-07-17 13:51 - 00003288 _____ () C:\bootsqm.dat
2014-07-17 13:29 - 2012-05-15 12:08 - 00000000 ____D () C:\Windows\pss
2014-07-17 13:21 - 2014-07-17 13:15 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c4daa3c4-d112-4d4f-a575-c9eb393efd6a.job
2014-07-17 13:21 - 2014-07-17 13:15 - 00000514 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1be86653-1f57-452a-b632-256716d34493.job
2014-07-17 13:20 - 2014-02-19 20:42 - 00000000 ____D () C:\AdwCleaner
2014-07-17 13:19 - 2014-07-13 14:23 - 00003643 _____ () C:\ceProcesses.txt
2014-07-17 13:17 - 2014-07-17 13:17 - 00000546 _____ () C:\Users\Sdawg27\Desktop\Emsisoft Emergency Kit.lnk
2014-07-17 13:17 - 2014-07-17 13:17 - 00000000 ____D () C:\EEK
2014-07-17 13:16 - 2014-07-17 13:16 - 00003215 _____ () C:\Users\Sdawg27\Desktop\Sophos Virus Removal Tool.lnk
2014-07-17 13:16 - 2014-07-17 13:16 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-17 13:16 - 2014-07-17 13:16 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-17 13:16 - 2014-07-17 13:16 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-17 13:15 - 2014-07-17 13:15 - 00003594 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1be86653-1f57-452a-b632-256716d34493
2014-07-17 13:15 - 2014-07-17 13:15 - 00003520 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c4daa3c4-d112-4d4f-a575-c9eb393efd6a
2014-07-17 13:15 - 2014-07-17 13:15 - 00001808 _____ () C:\Users\Sdawg27\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\SUPERAntiSpyware.com
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-17 13:15 - 2014-07-17 13:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-17 13:14 - 2014-07-17 13:14 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-07-17 13:14 - 2014-07-17 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-07-17 13:14 - 2014-07-17 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-17 13:14 - 2014-07-17 13:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-17 13:13 - 2014-07-17 13:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 13:13 - 2014-07-17 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 13:13 - 2014-07-17 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 13:13 - 2014-07-17 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 13:08 - 2014-07-17 13:08 - 00000635 _____ () C:\Users\Sdawg27\Desktop\JRT.txt
2014-07-17 13:02 - 2014-07-17 13:02 - 00000619 _____ () C:\Users\Sdawg27\Desktop\Shea's Tools - Shortcut.lnk
2014-07-17 12:59 - 2014-07-17 12:59 - 00002985 _____ () C:\Users\Sdawg27\Desktop\HiJackThis.lnk
2014-07-17 12:59 - 2014-07-17 12:59 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-17 12:59 - 2014-07-17 12:59 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-17 12:59 - 2014-07-15 14:49 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\VirtualStore
2014-07-17 12:48 - 2014-07-17 12:48 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\Spotify
2014-07-17 12:44 - 2014-07-17 12:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 12:19 - 2014-07-17 12:19 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-17 12:18 - 2014-07-17 12:18 - 00110072 _____ () C:\Users\Sdawg27\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 12:12 - 2014-07-17 12:12 - 00000000 ____D () C:\RGBU
2014-07-17 12:10 - 2014-07-17 12:10 - 00000924 _____ () C:\Users\Sdawg27\Desktop\NTREGOPT.lnk
2014-07-17 12:10 - 2014-07-17 12:10 - 00000905 _____ () C:\Users\Sdawg27\Desktop\ERUNT.lnk
2014-07-17 12:10 - 2014-07-17 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-17 12:10 - 2014-07-17 12:10 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-17 01:44 - 2014-07-17 01:16 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\CrashDumps
2014-07-17 01:44 - 2013-10-21 20:45 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2014-07-17 01:44 - 2012-03-20 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-07-17 01:44 - 2012-03-20 18:16 - 00000000 ____D () C:\Windows\Minidump
2014-07-17 01:44 - 2011-11-23 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2014-07-17 01:41 - 2014-07-17 01:41 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-17 01:41 - 2014-07-17 01:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-17 01:41 - 2014-07-17 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-17 01:41 - 2014-07-17 01:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-17 01:29 - 2014-07-16 18:15 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-17 01:22 - 2014-07-17 00:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-17 01:22 - 2014-07-17 00:33 - 00000000 ____D () C:\Users\Sdawg27\Desktop\mbar
2014-07-17 01:18 - 2014-07-17 01:18 - 00000000 _____ () C:\Users\Sdawg27\defogger_reenable
2014-07-17 01:18 - 2011-10-18 18:09 - 00000000 ____D () C:\Users\Sdawg27
2014-07-17 01:17 - 2014-07-17 01:17 - 00001877 _____ () C:\Users\Sdawg27\Desktop\aswMBR.txt
2014-07-17 01:17 - 2014-07-17 01:17 - 00000512 _____ () C:\Users\Sdawg27\Desktop\MBR.dat
2014-07-17 01:09 - 2014-07-17 01:09 - 00000927 _____ () C:\Users\Sdawg27\Desktop\Revo Uninstaller.lnk
2014-07-17 01:03 - 2014-07-16 18:20 - 00002990 _____ () C:\Users\Sdawg27\Desktop\unhide.txt
2014-07-17 00:41 - 2014-07-17 00:41 - 00001055 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-07-17 00:41 - 2014-07-17 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-07-17 00:41 - 2014-07-17 00:41 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-07-17 00:39 - 2014-07-17 00:38 - 00036294 _____ () C:\Users\Sdawg27\Desktop\Show-Hidden.txt
2014-07-17 00:37 - 2014-07-17 00:37 - 00000948 _____ () C:\Users\Sdawg27\Desktop\FixExec.txt
2014-07-17 00:37 - 2014-07-16 18:27 - 00001178 _____ () C:\Users\Sdawg27\Desktop\ListCWall.txt
2014-07-17 00:32 - 2014-07-12 23:50 - 00049214 _____ () C:\Users\Sdawg27\Desktop\attach.txt
2014-07-17 00:32 - 2014-07-12 23:50 - 00017082 _____ () C:\Users\Sdawg27\Desktop\dds.txt
2014-07-17 00:30 - 2014-07-17 00:30 - 00000792 _____ () C:\Users\Sdawg27\Desktop\checkup.txt
2014-07-16 18:26 - 2009-07-13 19:34 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_600
2014-07-16 18:15 - 2014-07-16 18:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-16 18:11 - 2014-07-16 18:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-13 03:42 - 2014-07-12 22:38 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-07-13 03:41 - 2011-10-18 19:59 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-12 22:38 - 2014-07-12 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-07-12 07:30 - 2011-10-21 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-12 07:30 - 2011-10-21 13:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 02:19 - 2014-07-12 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-12 02:19 - 2013-10-21 17:52 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\NVIDIA
2014-07-12 02:19 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 02:01 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 02:01 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 02:01 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-12 01:50 - 2012-05-15 11:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-12 01:50 - 2012-05-15 11:36 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-12 01:21 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 01:14 - 2013-07-22 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 01:12 - 2011-10-19 19:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 00:34 - 2011-11-19 00:19 - 00000000 ____D () C:\Windows\system32\ShellExt
2014-07-12 00:34 - 2011-11-15 17:46 - 00000000 ____D () C:\Program Files\CE
2014-07-12 00:34 - 2011-11-15 17:46 - 00000000 ____D () C:\Program Files (x86)\CE
2014-07-12 00:19 - 2012-05-08 03:41 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\CE
2014-07-12 00:00 - 2014-07-12 00:00 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-12 00:00 - 2014-07-12 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-12 00:00 - 2012-10-15 14:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-11 23:55 - 2014-02-19 20:50 - 00000000 ____D () C:\Qoobox
2014-07-11 23:34 - 2014-07-11 23:34 - 00000000 ____D () C:\ProgramData\Sun
2014-07-11 23:33 - 2011-11-19 00:19 - 00000000 ____D () C:\Windows\SysWOW64\ShellExt
2014-07-11 23:22 - 2011-10-18 20:01 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\Google
2014-07-11 22:22 - 2014-07-11 22:22 - 00003118 _____ () C:\Windows\System32\Tasks\{8E28B75F-C980-4201-834A-E709F2AE3B12}
2014-07-11 22:20 - 2014-05-15 13:55 - 00000000 ____D () C:\Windows\rescache
2014-07-11 22:20 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-07-11 22:19 - 2014-07-11 19:48 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-11 22:19 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files (x86)\PDF995
2014-07-11 22:19 - 2014-03-27 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-11 22:19 - 2014-02-19 20:50 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 22:19 - 2014-01-21 20:35 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Battle.net
2014-07-11 22:19 - 2013-11-06 17:09 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2014-07-11 22:19 - 2013-10-21 17:44 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-11 22:19 - 2013-10-21 17:44 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-11 22:19 - 2013-10-21 17:44 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-07-11 22:19 - 2013-04-15 11:13 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\vlc
2014-07-11 22:19 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-11 22:19 - 2012-06-07 16:46 - 00000000 ____D () C:\Program Files (x86)\EVGA Precision X
2014-07-11 22:19 - 2011-11-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-11 22:19 - 2011-10-27 12:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-11 22:19 - 2011-10-27 02:20 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-11 22:19 - 2011-10-25 16:47 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-07-11 22:19 - 2011-10-18 20:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-11 22:19 - 2011-10-18 19:13 - 00000000 ____D () C:\Program Files (x86)\NEC Electronics
2014-07-11 22:19 - 2011-04-12 01:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-11 22:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-07-11 22:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-11 22:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-11 22:11 - 2011-10-27 12:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-11 22:11 - 2011-10-21 16:57 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-11 22:04 - 2011-10-22 01:49 - 00000000 ____D () C:\ProgramData\Skype
2014-07-11 22:04 - 2011-10-18 19:56 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\Deployment
2014-07-11 21:27 - 2011-10-22 01:49 - 00000000 ____D () C:\Users\Sdawg27\AppData\Roaming\Skype
2014-07-11 10:14 - 2014-07-11 10:14 - 00020045 _____ () C:\ComboFix.txt
2014-07-11 06:30 - 2009-07-13 19:34 - 68157440 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-11 06:30 - 2009-07-13 19:34 - 22806528 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-11 06:30 - 2009-07-13 19:34 - 00372736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-11 06:30 - 2009-07-13 19:34 - 00065536 _____ () C:\Windows\system32\config\SAM.bak
2014-07-11 06:30 - 2009-07-13 19:34 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-10 06:20 - 2014-01-21 20:35 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\Battle.net
2014-07-09 00:24 - 2013-06-12 05:17 - 00000000 ____D () C:\Users\Sdawg27\AppData\Local\PMB Files
2014-07-08 11:24 - 2012-12-16 12:45 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-01 01:50 - 2013-06-12 05:17 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-26 22:14 - 2011-10-18 20:39 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-26 22:14 - 2011-10-18 20:39 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-20 13:14 - 2014-07-11 22:24 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 12:39 - 2014-07-11 22:24 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 18:39 - 2014-07-11 22:24 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 18:06 - 2014-07-11 22:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 18:06 - 2014-07-11 22:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 17:48 - 2014-07-11 22:24 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 17:42 - 2014-07-11 22:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 17:42 - 2014-07-11 22:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 17:41 - 2014-07-11 22:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 17:41 - 2014-07-11 22:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 17:32 - 2014-07-11 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 17:31 - 2014-07-11 22:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 17:26 - 2014-07-11 22:24 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 17:24 - 2014-07-11 22:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 17:24 - 2014-07-11 22:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 17:23 - 2014-07-11 22:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 17:16 - 2014-07-11 22:24 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 17:14 - 2014-07-11 22:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 17:09 - 2014-07-11 22:24 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 16:59 - 2014-07-11 22:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 16:56 - 2014-07-11 22:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 16:53 - 2014-07-11 22:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 16:51 - 2014-07-11 22:24 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 16:50 - 2014-07-11 22:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 16:48 - 2014-07-11 22:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 16:39 - 2014-07-11 22:24 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 16:38 - 2014-07-11 22:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 16:37 - 2014-07-11 22:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 16:36 - 2014-07-11 22:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 16:35 - 2014-07-11 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 16:33 - 2014-07-11 22:24 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 16:32 - 2014-07-11 22:24 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 16:28 - 2014-07-11 22:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 16:28 - 2014-07-11 22:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 16:27 - 2014-07-11 22:24 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 16:27 - 2014-07-11 22:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 16:25 - 2014-07-11 22:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 16:23 - 2014-07-11 22:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 16:22 - 2014-07-11 22:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 16:12 - 2014-07-11 22:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 16:06 - 2014-07-11 22:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 16:01 - 2014-07-11 22:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 15:59 - 2014-07-11 22:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 15:58 - 2014-07-11 22:24 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 15:58 - 2014-07-11 22:24 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 15:52 - 2014-07-11 22:24 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 15:51 - 2014-07-11 22:24 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 15:49 - 2014-07-11 22:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 15:46 - 2014-07-11 22:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 15:45 - 2014-07-11 22:24 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 15:35 - 2014-07-11 22:24 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 15:34 - 2014-07-11 22:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 15:15 - 2014-07-11 22:24 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 15:13 - 2014-07-11 22:24 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 15:09 - 2014-07-11 22:24 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 15:07 - 2014-07-11 22:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:07 - 2012-10-15 14:11 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 22:07 - 2012-10-15 14:11 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 19:18 - 2014-07-11 22:24 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 18:51 - 2014-07-11 22:24 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 18:10 - 2014-07-11 22:24 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Files to move or delete:
====================
C:\Users\Sdawg27\random.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-11 01:38

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Sdawg27 at 2014-07-17 14:52:44
Running from F:\Shea's Tools\Diagnose_Log_Scanner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
American Conquest (HKLM-x32\...\American Conquest) (Version: - )
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Backyard Basketball 2004 (HKLM-x32\...\InstallShield_{B2AB8AF6-AE06-438F-A3D5-C9FBFBDB0AC0}) (Version: 1.00.0000 - Atari)
Backyard Basketball 2004 (x32 Version: 1.00.0000 - Atari) Hidden
Batman: Arkham City™ PC (HKLM-x32\...\Steam App 57400) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version: - EA Digital illusions)
BMW M3 Challenge (HKLM-x32\...\{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1) (Version: BMW M3 Challenge v1.0.0.0 - 10TACLE STUDIOS AG)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 4.5.3 - Covenant Eyes, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
EVGA OC Scanner X 3.3.0 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: - EVGA)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
FFsplit version 0.7 (HKLM-x32\...\{82458834-6226-4A34-AE96-6907354F9F36}_is1) (Version: 0.7 - FFsplit Team)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
foobar2000 v1.1.10 (HKLM-x32\...\foobar2000) (Version: 1.1.10 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6502 - HRB Technology, LLC.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Project MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mig Alley 1.1 (HKLM-x32\...\Mig Alley 1.1) (Version: - )
Motorola Mobile Drivers Installation 5.2.0 (HKLM\...\{1CCF1727-A817-4FEE-A028-5466FB542934}) (Version: 5.2.0 - Motorola Inc.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MS Access 97 SP2 (HKLM-x32\...\MS Access 97 SP2) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Need for Speed™ ProStreet (HKLM-x32\...\{CC419DDC-E0F0-4013-B25A-6FA036516F0D}) (Version: 1.0.1.0 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.58 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.6-1.0.8500.17 - raidcall.com)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.12.1218.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Sid Meier's Civilization 4 - Beyond the Sword (HKCU\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 - Warlords (HKCU\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
Sid Meier's Civilization 4 (HKCU\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version: - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.1 - Sophos Limited)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PRO_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PRO_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PRO_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PRO_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PRO_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Project 2007 Help (KB963668) (HKLM-x32\...\{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{1DF07773-4289-4998-BC2C-83539AD85C50}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PRO_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Restore Points =========================

17-07-2014 19:59:03 Installed HiJackThis
17-07-2014 20:16:10 Installed Sophos Virus Removal Tool.
17-07-2014 21:01:26 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

2009-07-13 19:34 - 2014-07-17 14:36 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {25F414AC-1618-46AD-B394-F47E901DAA52} - System32\Tasks\{ED233545-F307-4B44-94A2-BD2654604F62} => D:\Games 1\WACKY\INSTALL.EXE
Task: {3174F0C1-C2B9-4767-BB84-47322F19FBA9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1be86653-1f57-452a-b632-256716d34493 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3DFD4A51-A6B8-45B4-A4E9-F04F06C41138} - System32\Tasks\{60605D5C-A99A-49ED-A93D-C2FD1E72ACCB} => C:\Users\Sdawg27\Downloads\wwheels\INSTALL.EXE
Task: {506D3231-4E49-46DD-9FC0-AD98BF80FD50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)
Task: {54AFE79F-7533-4C2D-9DAB-94C3C679124B} - System32\Tasks\{E89B8386-5BC9-4E6D-AD61-2311F6200AE2} => C:\Users\Sdawg27\Diablo-III-Setup-enUS.exe
Task: {5A7CC8F9-2990-4D11-8DA5-D425361D24C4} - System32\Tasks\{0F22FDFC-95B7-499F-ABCF-334EF462678A} => D:\BATTLEPL\WAR_HACK.EXE
Task: {63BC95B7-B43E-465D-9AB5-1D35A501A535} - System32\Tasks\{11C56046-D036-4DE5-9BA4-143C913AB507} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {76FE56E0-DD20-4A29-AE66-98A839D73DFB} - System32\Tasks\SUPERAntiSpyware Scheduled Task c4daa3c4-d112-4d4f-a575-c9eb393efd6a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {81B43278-7164-48F0-B1F2-663BFACFC2B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {88B83596-BDAF-46BC-B13C-8E95BD4BF290} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: {916E2578-BF7F-4C07-955E-77406575AAED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)
Task: {AB1FBFE4-EE5D-4686-9099-5FB704EF6384} - \AVG-Secure-Search-Update_MAY2013_TB_rel No Task File <==== ATTENTION
Task: {C9839D46-5E81-4D1D-B228-B46C41E92201} - System32\Tasks\{BC714AAF-4DA4-43AD-B364-00994CF2F753} => C:\ProgramData\Battle.net\Agent\Agent.exe [2014-07-09] (Blizzard Entertainment)
Task: {E8F72194-4941-482D-9E77-D26DDB6DADFA} - System32\Tasks\{C2B061B4-718A-4E7B-9F19-EFDCBD415B15} => D:\Games 1\WACKY\INSTALL.EXE
Task: {FE16F73B-2EE3-4A85-8D12-3E505B0AD776} - System32\Tasks\{86C6A455-AB1F-4B4A-843D-BAE8B0F3A773} => C:\Users\Sdawg27\Downloads\wwheels\INSTALL.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1be86653-1f57-452a-b632-256716d34493.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c4daa3c4-d112-4d4f-a575-c9eb393efd6a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-07-12 00:27 - 2012-10-22 16:01 - 02203648 _____ () C:\Windows\System32\nmNsp.dll
2013-10-21 17:43 - 2014-03-04 06:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-18 20:39 - 2013-12-30 03:15 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-18 08:24 - 2012-06-18 08:24 - 00222720 _____ () Z:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-07-12 00:27 - 2012-10-22 16:00 - 00577024 _____ () C:\Program Files\CE\nmsvc64.dll
2014-07-12 00:27 - 2012-10-22 16:00 - 00079872 _____ () C:\Program Files\CE\nmsvTree64.dll
2014-07-12 00:27 - 2012-10-22 16:00 - 00130048 _____ () C:\Program Files\CE\zlib64.dll
2011-10-25 16:47 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2011-10-25 16:47 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2014-07-12 00:27 - 2012-10-22 16:02 - 02433832 _____ () C:\Program Files (x86)\CE\CovenantEyes.exe
2014-07-12 00:27 - 2012-10-22 16:02 - 01533240 _____ () C:\Program Files (x86)\CE\CovenantEyesHelper.exe
2014-07-12 00:27 - 2012-10-22 16:02 - 01623320 _____ () C:\Windows\SysWOW64\nmNsp.dll
2014-07-12 00:27 - 2012-10-22 16:02 - 02021144 _____ () C:\Program Files (x86)\CE\nmsvc.dll
2014-07-12 00:27 - 2012-10-22 16:02 - 00072992 _____ () C:\Program Files (x86)\CE\nmsvTree.dll
2014-07-12 00:27 - 2012-10-22 15:47 - 00112128 _____ () C:\Program Files (x86)\CE\zlib.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01060905.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28105404.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01060905.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28105404.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Sdawg27^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Steam => "Z:\Program Files\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 02:47:46 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/17/2014 02:47:41 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/17/2014 02:34:01 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (07/17/2014 02:33:57 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (07/17/2014 01:54:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 01:45:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.


Operation:
Instantiating VSS server

Error: (07/17/2014 01:45:33 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].


Operation:
Instantiating VSS server

Error: (07/17/2014 01:32:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 01:28:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 01:23:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/17/2014 02:48:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/17/2014 02:40:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/17/2014 02:40:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/17/2014 02:40:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/17/2014 02:40:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/17/2014 02:40:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/17/2014 02:40:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/17/2014 02:40:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/17/2014 02:39:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/17/2014 02:39:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (06/18/2014 02:59:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 70721 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/03/2013 05:03:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6523 seconds with 2400 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-07-11 06:27:54.303
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\4FRTH1TORUN\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 06:27:54.241
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\4FRTH1TORUN\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 06:27:54.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\4FRTH1TORUN\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-11 06:27:54.116
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\4FRTH1TORUN\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-19 20:41:21.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\4FRTH1TORUN\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-19 20:41:21.634
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\4FRTH1TORUN\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-21 07:10:48.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Riva\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-21 07:10:48.519
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Riva\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-21 07:10:47.471
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Riva\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-21 07:10:47.434
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Riva\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 24567.18 MB
Available physical RAM: 21981.38 MB
Total Pagefile: 25365.36 MB
Available Pagefile: 22539.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:83.75 GB) (Free:14.55 GB) NTFS
Drive f: (CRUZER) (Removable) (Total:1.88 GB) (Free:0.24 GB) FAT32
Drive z: (Media and Backup) (Fixed) (Total:232.88 GB) (Free:63.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 37189CD8)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 84 GB) (Disk ID: 9BC7D1DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=84 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

==================== End Of Log ============================

Attached Files


-SDawg27


"Soli Deo Gloria!"

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:04 AM

Posted 17 July 2014 - 05:54 PM

Welcome and thanks for the information. I can see you have thrown a lot of tools at this already. Let's see what we can find out. Please do this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM-x32 - DefaultScope value is missing.
C:\Users\Sdawg27\random.dat
Task: {AB1FBFE4-EE5D-4686-9099-5FB704EF6384} - \AVG-Secure-Search-Update_MAY2013_TB_rel No Task File <==== ATTENTION
Folder: C:\Windows\System32\Tasks\{8E28B75F-C980-4201-834A-E709F2AE3B12}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\system32\Drivers\lvuvc.hs

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 06:16 PM

Like I said in my previous posts.. Can you help me access my network adapter first so I can get online....
And now since posting those last logs, the second laptop I've used is now creating boot files in temp folders.... So now that's 3 computers I believe are compromised.. If you can help me get my internet working I can stay on that comp and not have to risk further infections greatly appreciated.

Attempting to post the next far bar log, but will need to hand type script since I can't copy and paste. And hopefully in time before the second laptops internet gets disconnected..

But I can not run virus total until I have internet access.

Thanks, sdawg27

Edited by Sdawg27, 17 July 2014 - 06:18 PM.

-SDawg27


"Soli Deo Gloria!"

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:04 AM

Posted 17 July 2014 - 06:18 PM

Can you tell me who your internet provider is?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 06:20 PM

Wavecable
-SDawg27


"Soli Deo Gloria!"

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:04 AM

Posted 17 July 2014 - 06:25 PM

OK, are you able to bypass the router and connect directly to the modem?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 06:34 PM

That is a negative. My computer adapter doesn't even show up in control panel FYI.
-SDawg27


"Soli Deo Gloria!"

#12 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 06:36 PM

Maybe some program I ran earlier? Attempted to fix it or something? I have a sick feeling there's a VM or somesort or root kit or bad mBR.. But who knows
-SDawg27


"Soli Deo Gloria!"

#13 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 06:51 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Sdawg27 at 2014-07-17 16:37:02 Run:1
Running from F:\Shea's Tools\Diagnose_Log_Scanner
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefoultScope value is missing.
C:\Users\Sdawg27\random.dat
Task: {AB1FBFE4-EE5D-4686-9099-5FB704EF6384} - \AVG-Secure-Search-Update_MAY2013_TB_rel No Task File <==== ATTENTION
Folder: C:\Windows\System32\Tasks\{8E28B75F-C980-4201-834A-E709F2AE3B12}
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefoultScope value is => Value not found.
C:\Users\Sdawg27\random.dat => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB1FBFE4-EE5D-4686-9099-5FB704EF6384}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB1FBFE4-EE5D-4686-9099-5FB704EF6384}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_MAY2013_TB_rel' => Key deleted successfully.

========================= Folder: C:\Windows\System32\Tasks\{8E28B75F-C980-4201-834A-E709F2AE3B12} ========================

The path is not a directory.

==== End of Fixlog ====


As far as I can get on your instructions.

Sorry :(


-SDawg27


"Soli Deo Gloria!"

#14 Sdawg27

Sdawg27
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PNW
  • Local time:05:04 AM

Posted 17 July 2014 - 07:03 PM

Miss-typed defaultscope in last fixed, like I said had to hand type it in.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Sdawg27 at 2014-07-17 16:58:05 Run:2
Running from F:\Shea's Tools\Diagnose_Log_Scanner
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope value is missing.
C:\Users\Sdawg27\random.dat
Task: {AB1FBFE4-EE5D-4686-9099-5FB704EF6384} - \AVG-Secure-Search-Update_MAY2013_TB_rel No Task File <==== ATTENTION
Folder: C:\Windows\System32\Tasks\{8E28B75F-C980-4201-834A-E709F2AE3B12}
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Users\Sdawg27\random.dat" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB1FBFE4-EE5D-4686-9099-5FB704EF6384}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_MAY2013_TB_rel'=> Key not found.

========================= Folder: C:\Windows\System32\Tasks\{8E28B75F-C980-4201-834A-E709F2AE3B12} ========================

The path is not a directory.

==== End of Fixlog ====


-SDawg27


"Soli Deo Gloria!"

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:04 AM

Posted 17 July 2014 - 07:07 PM

Thanks, I am most interested in the Virustotal results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users