Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix after some weird behavior.


  • This topic is locked This topic is locked
10 replies to this topic

#1 nexus6ca

nexus6ca

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 21 August 2014 - 05:19 PM

I know, I know the post says don't run Combofix first, I guess i know just enough to be dangerous.  Anyway, this is log - it looks like it found something.  Should I do anything else at this point?

 

ComboFix 14-08-21.01 - Jason Williamson 08/21/2014  14:36:38.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8089.5470 [GMT -7:00]
Running from: c:\users\Jason Williamson\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Jason Williamson\AppData\Local\Adobe\gccheck.exe
c:\users\Jason Williamson\AppData\Local\Adobe\gtbcheck.exe
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\_ctypes.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\_elementtree.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\_hashlib.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\_multiprocessing.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\_socket.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\_ssl.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\hashobjs_ext.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\pyexpat.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\pysqlite2._sqlite.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\python27.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\pythoncom27.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\PyWinTypes27.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\select.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\unicodedata.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32api.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32com.shell.shell.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32crypt.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32event.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32file.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32gui.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32inet.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32pdh.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32pipe.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32process.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32profile.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32security.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\win32ts.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\windows._lib_cacheinvalidation.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._animate.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._controls_.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._core_.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._gdi_.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._html2.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._misc_.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._windows_.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wx._wizard.pyd
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wxbase294u_net_vc90.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wxbase294u_vc90.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wxmsw294u_adv_vc90.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wxmsw294u_core_vc90.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wxmsw294u_html_vc90.dll
c:\users\Jason Williamson\AppData\Local\Temp\_MEI32282\wxmsw294u_webview_vc90.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\_ctypes.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\_elementtree.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\_hashlib.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\_multiprocessing.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\_socket.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\_ssl.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\hashobjs_ext.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\pyexpat.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\pysqlite2._sqlite.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\python27.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\pythoncom27.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\PyWinTypes27.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\select.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\unicodedata.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32api.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32com.shell.shell.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32crypt.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32event.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32file.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32gui.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32inet.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32pdh.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32pipe.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32process.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32profile.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32security.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\win32ts.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\windows._lib_cacheinvalidation.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._animate.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._controls_.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._core_.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._gdi_.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._html2.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._misc_.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._windows_.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wx._wizard.pyd
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wxbase294u_net_vc90.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wxbase294u_vc90.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wxmsw294u_adv_vc90.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wxmsw294u_core_vc90.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wxmsw294u_html_vc90.dll
c:\users\JASONW~1\AppData\Local\Temp\_MEI32282\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 21:53 . 2014-08-21 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-20 01:41 . 2014-08-20 01:41 -------- d-----w- c:\users\postgres
2014-08-20 01:40 . 2014-08-20 01:40 -------- d-----w- c:\program files\PostgreSQL
2014-08-20 01:35 . 2014-08-20 16:39 -------- d-----w- c:\users\Jason Williamson\AppData\Local\PokerTracker 4
2014-08-20 01:30 . 2014-08-20 19:28 -------- d-----w- c:\program files (x86)\PokerTracker 4
2014-08-19 23:56 . 2014-08-19 23:56 -------- d-----w- c:\users\Jason Williamson\AppData\Local\cache
2014-08-19 23:55 . 2014-08-19 23:59 -------- d-----w- c:\users\Jason Williamson\AppData\Local\FullTiltPoker
2014-08-19 22:08 . 2014-08-19 22:12 -------- d-----w- c:\users\Jason Williamson\AppData\Local\Poker Pro Labs
2014-08-19 22:08 . 2014-08-19 22:08 -------- d-----w- c:\program files (x86)\Poker Pro Labs
2014-08-19 22:05 . 2014-08-20 00:40 -------- d-----w- c:\program files (x86)\Full Tilt Poker
2014-08-17 20:09 . 2014-08-17 20:09 -------- d-----w- c:\users\Jason Williamson\AppData\Local\PokerEdge
2014-08-17 20:05 . 2014-08-17 20:24 -------- d-----w- c:\program files (x86)\PokerEdge
2014-08-17 00:48 . 2014-08-21 18:04 -------- d-----w- c:\users\Jason Williamson\AppData\Local\PokerStars
2014-08-17 00:47 . 2014-08-17 21:16 -------- d-----w- c:\program files (x86)\PokerStars
2014-08-14 10:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 10:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 10:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 10:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 10:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 10:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 10:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 10:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 06:24 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-14 06:24 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-14 06:24 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-14 06:24 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-14 06:24 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-14 06:24 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 06:24 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-14 06:24 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 06:24 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-14 06:22 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 06:22 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-14 06:22 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 06:22 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-11 22:56 . 2014-08-11 22:56 -------- d-----w- c:\users\Jason Williamson\AppData\Roaming\SOCCC
2014-08-11 22:56 . 2014-08-11 22:56 -------- d-----w- c:\program files (x86)\Microsoft XNA
2014-08-10 06:33 . 2014-08-10 10:34 -------- d-----w- c:\windows\system32\drivers\NISx64\1505000.013
2014-08-01 22:21 . 2014-08-01 22:21 -------- d--h--r- c:\users\Jason Williamson\AppData\Roaming\SecuROM
2014-08-01 20:36 . 2014-08-01 20:36 -------- d-----w- c:\users\Jason Williamson\AppData\Local\Fallout3
2014-08-01 20:35 . 2014-08-01 20:35 -------- d-----w- c:\windows\SysWow64\xlive
2014-08-01 20:35 . 2014-08-01 20:35 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-07-29 01:28 . 2014-07-29 01:28 -------- d-----w- c:\users\Jason Williamson\AppData\Local\FalloutNV
2014-07-24 00:43 . 2014-07-24 00:43 -------- d-----w- c:\users\Jason Williamson\AppData\Local\Sports Interactive
2014-07-23 21:01 . 2014-07-23 21:01 -------- d-----w- c:\users\Jason Williamson\AppData\Roaming\Fallout
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-14 10:05 . 2014-01-07 03:33 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-08 13:49 . 2014-01-11 02:40 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-01 20:42 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-08-01 20:42 . 2009-08-18 18:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-17 23:22 . 2014-07-17 23:07 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 11:57 . 2014-02-13 00:42 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 11:57 . 2014-01-23 05:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-09 05:57 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 05:57 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 05:57 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 05:57 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 05:56 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 05:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 05:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 05:57 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 05:57 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 05:57 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 05:57 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 05:57 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 05:57 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 05:57 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 05:57 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 05:57 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 05:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 05:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 05:57 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 05:57 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 05:57 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 05:57 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-08 13:50 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-08 13:50 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-08 13:50 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"uTorrent"="c:\users\Jason Williamson\AppData\Roaming\uTorrent\uTorrent.exe" [2014-08-06 1329744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-16 767200]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Homestream.lnk - c:\program files\Homestream\bin\HomestreamConsole.exe [2012-5-25 222208]
Monitor Ink Alerts - HP Deskjet 3520 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3531G5N205SY;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Homestream;Homestream;c:\program files\Homestream\bin\HomestreamService.exe;c:\program files\Homestream\bin\HomestreamService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [x]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [x]
S3 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1505000.013\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140820.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140820.001\IDSvia64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1505000.013\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1505000.013\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1505000.013\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1505000.013\SYMNETS.SYS [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 04:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-13 11:57]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06 18:25]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06 18:25]
.
2014-08-21 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-06-26 00:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-08 13:50 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-08 13:50 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-08 13:50 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19;c:\program files (x86)\Norton Internet Security\Engine64\21.5.0.19"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3625427649-1515251984-503709852-1000\Software\SecuROM\License information*]
"datasecu"=hex:e1,33,d2,a1,ea,9d,2b,69,16,be,7a,e9,d8,9d,3a,26,d3,1d,69,0c,e0,
   75,5d,e8,56,91,b9,b8,63,f4,fc,b7,2b,58,9a,d6,7b,0d,84,6f,4d,8d,e7,37,08,90,\
"rkeysecu"=hex:eb,ff,fc,cb,bb,c2,56,0f,38,b1,9b,4a,a5,50,4c,cc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-08-21  15:06:53 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-21 22:06
.
Pre-Run: 132,510,896,128 bytes free
Post-Run: 134,335,303,680 bytes free
.
- - End Of File - - C3CAF697695A287AF95EFA3877B9822A
A36C5E4F47E84449FF07ED3517B43A31
 


BC AdBot (Login to Remove)

 


#2 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 21 August 2014 - 05:37 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Jason Williamson at 15:27:35 on 2014-08-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8089.5654 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Homestream\bin\HomestreamService.exe
C:\Program Files\Homestream\bin\HomestreamService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [uTorrent] "C:\Users\Jason Williamson\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\JASONW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HOMEST~1.LNK - C:\Program Files\Homestream\bin\HomestreamConsole.exe
StartupFolder: C:\Users\JASONW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{BDA7A638-8750-400B-A6E0-98EECDDE548A} : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{ED8C9776-4169-4AAB-92E5-CC706E9EE602} : DHCPNameServer = 192.168.1.254 75.153.176.9
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-5 83176]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-5 43240]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2014-2-3 141920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-2-5 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-15 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-15 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-18 2356912]
R2 Homestream;Homestream;C:\Program Files\Homestream\bin\HomestreamService.exe [2012-5-25 206848]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe [2014-8-9 276376]
R2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w --> C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-6-24 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-6-24 420608]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [2014-8-5 1530160]
R3 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1505000.013\ccsetx64.sys [2014-8-9 162392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-11 142128]
R3 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140820.001\IDSviA64.sys [2014-8-20 525016]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-6 805088]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1505000.013\symds64.sys [2014-8-9 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1505000.013\symefa64.sys [2014-8-9 1148120]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1505000.013\ironx64.sys [2014-8-9 264280]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1505000.013\symnets.sys [2014-8-9 593112]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-5-9 58536]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2014-4-27 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-4-27 477960]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-1-6 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 66608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2014-2-1 1254464]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-2-3 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-2-3 12504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-4 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SymSnapService;SymSnapService;"C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" --> C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-9 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-6 1255736]
.
=============== Created Last 30 ================
.
2014-08-21 21:55:32 -------- d-----w- C:\$RECYCLE.BIN
2014-08-21 21:34:14 98816 ----a-w- C:\Windows\sed.exe
2014-08-21 21:34:14 256000 ----a-w- C:\Windows\PEV.exe
2014-08-21 21:34:14 208896 ----a-w- C:\Windows\MBR.exe
2014-08-20 01:40:31 -------- d-----w- C:\Program Files\PostgreSQL
2014-08-20 01:35:29 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\PokerTracker 4
2014-08-20 01:30:47 -------- d-----w- C:\Program Files (x86)\PokerTracker 4
2014-08-19 23:56:02 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\cache
2014-08-19 23:55:52 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\FullTiltPoker
2014-08-19 22:08:17 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\Poker Pro Labs
2014-08-19 22:08:08 -------- d-----w- C:\Program Files (x86)\Poker Pro Labs
2014-08-19 22:05:57 -------- d-----w- C:\Program Files (x86)\Full Tilt Poker
2014-08-17 20:09:06 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\PokerEdge
2014-08-17 20:05:57 -------- d-----w- C:\Program Files (x86)\PokerEdge
2014-08-17 00:48:10 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\PokerStars
2014-08-17 00:47:32 -------- d-----w- C:\Program Files (x86)\PokerStars
2014-08-14 10:01:20 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 10:01:20 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 10:01:20 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 10:01:20 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 10:01:16 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 10:01:16 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 10:00:57 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 10:00:57 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 06:24:06 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 06:24:06 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 06:24:05 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-14 06:24:05 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-14 06:24:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 06:24:02 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 06:22:53 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 06:22:53 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 06:22:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-14 06:22:53 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-11 22:56:34 -------- d-----w- C:\Users\Jason Williamson\AppData\Roaming\SOCCC
2014-08-11 22:56:06 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2014-08-10 06:33:29 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1505000.013\srtsp64.sys
2014-08-10 06:33:29 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1505000.013\symnets.sys
2014-08-10 06:33:29 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\symds64.sys
2014-08-10 06:33:29 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\srtspx64.sys
2014-08-10 06:33:29 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\ironx64.sys
2014-08-10 06:33:29 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\symelam.sys
2014-08-10 06:33:29 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\ccsetx64.sys
2014-08-10 06:33:29 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1505000.013\symefa64.sys
2014-08-10 06:33:17 -------- d-----w- C:\Windows\System32\drivers\NISx64\1505000.013
2014-08-01 20:40:15 15576 ----a-w- C:\Users\Jason Williamson\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2014-08-01 20:36:50 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\Fallout3
2014-08-01 20:35:34 -------- d-----w- C:\Windows\SysWow64\xlive
2014-08-01 20:35:34 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-29 01:28:59 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\FalloutNV
2014-07-24 00:43:10 -------- d-----w- C:\Users\Jason Williamson\AppData\Local\Sports Interactive
2014-07-23 21:01:22 -------- d-----w- C:\Users\Jason Williamson\AppData\Roaming\Fallout
.
==================== Find3M  ====================
.
2014-08-21 22:14:12 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-09 11:57:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 11:57:11 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 15:27:47.47 ===============
 

The above DDS log was run after I ran combofix.  After running Combofix, I also ran a Malware Bytes scan and got a clean log.

Attached Files



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:16 AM

Posted 26 August 2014 - 08:39 AM

Greetings nexus6ca and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Are you currently experiencing any issues?

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:16 AM

Posted 29 August 2014 - 09:04 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 29 August 2014 - 09:43 AM

I haven't seen any further weirdness.   Here are the requested logs.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Jason Williamson (administrator) on TYRELLCORP on 29-08-2014 07:36:00
Running from C:\Users\Jason Williamson\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\Homestream\bin\HomestreamService.exe
() C:\Program Files\Homestream\bin\HomestreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\DAODx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BitTorrent Inc.) C:\Users\Jason Williamson\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files\Homestream\bin\HomestreamConsole.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Jason Williamson\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3625427649-1515251984-503709852-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3625427649-1515251984-503709852-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3625427649-1515251984-503709852-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
HKU\S-1-5-21-3625427649-1515251984-503709852-1000\...\Run: [uTorrent] => C:\Users\Jason Williamson\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-08-06] (BitTorrent Inc.)
HKU\S-1-5-21-3625427649-1515251984-503709852-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-09] (Adobe Systems Incorporated)
Startup: C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Homestream.lnk
ShortcutTarget: Homestream.lnk -> C:\Program Files\Homestream\bin\HomestreamConsole.exe ()
Startup: C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x11FF5E35610BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jason Williamson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-25]
CHR Extension: (Google Search) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-25]
CHR Extension: (Search by Image (by Google)) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-05-25]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-25]
CHR Extension: (Hola Better Internet) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-08-04]
CHR Extension: (Move Your Photos) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\idiebfmmkhaffedkhjhapmagabcadjhc [2014-07-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-06]
CHR Extension: (Google Wallet) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2014-08-22]
CHR Extension: (Gmail) - C:\Users\Jason Williamson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JASONW~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-10]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-09]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-08-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-04-27] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-06] (Creative Labs) [File not signed]
R2 Homestream; C:\Program Files\Homestream\bin\HomestreamService.exe [206848 2012-05-25] () [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-09] ()
R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]
S3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-04-27] (BitRaider)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-05] (Disc Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140827.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140828.023\ENG64.SYS [129752 2014-08-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140828.023\EX64.SYS [2137304 2014-08-20] (Symantec Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2014-02-03] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 V2iMount; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-29 07:35 - 2014-08-29 07:35 - 02103296 _____ (Farbar) C:\Users\Jason Williamson\Downloads\FRST64 (1).exe
2014-08-27 21:15 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:15 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:15 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 19:00 - 2014-08-26 19:00 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Mozilla
2014-08-26 19:00 - 2014-08-26 19:00 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\eclipse
2014-08-26 18:58 - 2014-08-26 19:00 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\CarbonPoker
2014-08-26 18:57 - 2014-08-26 19:02 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker
2014-08-26 18:57 - 2014-08-26 18:57 - 00001906 _____ () C:\Users\Jason Williamson\Desktop\CarbonPoker.lnk
2014-08-26 18:57 - 2014-08-26 18:57 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker
2014-08-26 18:56 - 2014-08-26 18:56 - 52662736 _____ () C:\Users\Jason Williamson\Downloads\PokerInstaller.exe
2014-08-23 15:15 - 2014-08-23 15:15 - 00031241 _____ () C:\Users\Jason Williamson\Downloads\[kickass.to]the.biggest.poker.strategy.ebooks.collection.93.books.texas.hold.em.no.limit.fixed.limit.pot.limit.omaha.etc.torrent
2014-08-23 14:41 - 2014-08-23 14:41 - 00002049 _____ () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk
2014-08-23 14:41 - 2014-08-23 14:41 - 00002025 _____ () C:\Users\postgres\Desktop\888poker.lnk
2014-08-23 14:41 - 2014-08-23 14:41 - 00002025 _____ () C:\Users\Jason Williamson\Desktop\888poker.lnk
2014-08-23 14:41 - 2014-08-23 14:41 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\PacificPoker
2014-08-23 14:41 - 2014-08-23 14:41 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
2014-08-23 14:41 - 2014-08-23 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
2014-08-23 14:40 - 2014-08-23 14:41 - 00000000 ____D () C:\Program Files (x86)\PacificPoker
2014-08-23 14:24 - 2014-08-23 14:24 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Party
2014-08-23 14:24 - 2014-08-23 14:24 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\cef-cache
2014-08-23 14:22 - 2014-08-23 14:22 - 00872368 _____ () C:\Users\Jason Williamson\Downloads\PartyPokerSetup.exe
2014-08-23 14:19 - 2014-08-23 14:19 - 00765872 _____ () C:\Users\Jason Williamson\Downloads\PartyPokerNetSetup.exe
2014-08-22 10:10 - 2014-08-22 10:15 - 54457120 _____ () C:\Users\Jason Williamson\Downloads\FullTiltSetup.exe
2014-08-22 09:53 - 2014-08-22 09:53 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Logitech
2014-08-22 09:53 - 2014-08-22 09:53 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-08-22 09:52 - 2014-08-22 09:52 - 11863248 _____ (Logitech) C:\Users\Jason Williamson\Downloads\HarmonyBrowserPlug-in.exe
2014-08-22 09:51 - 2014-08-22 09:51 - 00409880 _____ (Logitech) C:\Users\Jason Williamson\Downloads\MyHarmony-App.exe
2014-08-22 00:57 - 2014-08-22 00:57 - 10164466 _____ () C:\Users\Jason Williamson\Downloads\sharkscope-setup-322.exe
2014-08-21 21:35 - 2014-08-21 21:35 - 00002626 _____ () C:\Users\Jason Williamson\Downloads\legitcheck.hta
2014-08-21 19:24 - 2014-08-21 19:24 - 01364531 _____ () C:\Users\Jason Williamson\Downloads\AdwCleaner.exe
2014-08-21 19:22 - 2014-08-21 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-21 19:21 - 2014-08-21 19:32 - 00000000 ____D () C:\Users\Jason Williamson\Desktop\mbar
2014-08-21 19:21 - 2014-08-21 19:21 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Jason Williamson\Downloads\mbar-1.07.0.1012.exe
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-21 16:26 - 2014-08-21 16:26 - 02347384 _____ (ESET) C:\Users\Jason Williamson\Downloads\esetsmartinstaller_enu.exe
2014-08-21 15:50 - 2014-08-21 15:50 - 00040517 _____ () C:\Users\Jason Williamson\Downloads\Addition.txt
2014-08-21 15:49 - 2014-08-29 07:36 - 00022682 _____ () C:\Users\Jason Williamson\Downloads\FRST.txt
2014-08-21 15:49 - 2014-08-29 07:36 - 00000000 ____D () C:\FRST
2014-08-21 15:49 - 2014-08-21 15:49 - 02101760 _____ (Farbar) C:\Users\Jason Williamson\Downloads\frst64.exe
2014-08-21 15:36 - 2014-08-21 15:36 - 00003098 _____ () C:\Users\Jason Williamson\Desktop\attach.zip
2014-08-21 15:27 - 2014-08-21 15:27 - 00688992 ____R (Swearware) C:\Users\Jason Williamson\Downloads\dds.com
2014-08-21 15:27 - 2014-08-21 15:27 - 00024648 _____ () C:\Users\Jason Williamson\Desktop\dds.txt
2014-08-21 15:27 - 2014-08-21 15:27 - 00007634 _____ () C:\Users\Jason Williamson\Desktop\attach.txt
2014-08-21 15:07 - 2014-08-21 15:07 - 00031275 _____ () C:\ComboFix.txt
2014-08-21 14:34 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-21 14:34 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-21 14:34 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-21 14:34 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-21 14:34 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-21 14:34 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-21 14:34 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-21 14:34 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-21 14:33 - 2014-08-21 15:07 - 00000000 ____D () C:\Qoobox
2014-08-21 14:33 - 2014-08-21 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-08-20 00:56 - 2014-08-20 00:56 - 63697776 _____ () C:\Users\Jason Williamson\Downloads\unconfirmed 699985.crdownload
2014-08-19 18:41 - 2014-08-28 03:18 - 00000000 ____D () C:\Users\postgres
2014-08-19 18:41 - 2014-08-19 18:41 - 00000020 ___SH () C:\Users\postgres\ntuser.ini
2014-08-19 18:41 - 2014-08-19 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.0
2014-08-19 18:41 - 2014-02-17 04:56 - 00000000 ____D () C:\Users\postgres\AppData\Local\Google
2014-08-19 18:41 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-19 18:41 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-19 18:40 - 2014-08-19 18:40 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-08-19 18:35 - 2014-08-20 09:39 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\PokerTracker 4
2014-08-19 18:35 - 2014-08-19 18:35 - 00005044 _____ () C:\ProgramData\flwjycbm.bab
2014-08-19 18:30 - 2014-08-26 22:21 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-08-19 18:30 - 2014-08-19 18:30 - 63697776 _____ () C:\Users\Jason Williamson\Downloads\pt-install-v4.11.11.exe
2014-08-19 18:30 - 2014-08-19 18:30 - 00001074 _____ () C:\Users\Jason Williamson\Desktop\PokerTracker 4.lnk
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-08-19 17:07 - 2014-08-28 11:58 - 00000000 ____D () C:\Users\Jason Williamson\Documents\888poker
2014-08-19 16:56 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\cache
2014-08-19 16:55 - 2014-08-19 16:59 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\FullTiltPoker
2014-08-19 15:08 - 2014-08-19 15:12 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\Poker Pro Labs
2014-08-19 15:08 - 2014-08-19 15:08 - 00000000 ____D () C:\Users\Jason Williamson\Documents\Poker Pro Labs
2014-08-19 15:08 - 2014-08-19 15:08 - 00000000 ____D () C:\Program Files (x86)\Poker Pro Labs
2014-08-19 15:06 - 2014-08-19 15:06 - 00001051 _____ () C:\Users\Public\Desktop\Full Tilt Poker.lnk
2014-08-19 15:06 - 2014-08-19 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-08-19 15:05 - 2014-08-22 10:14 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-08-19 15:05 - 2014-08-19 15:05 - 00975624 _____ (Poker Pro Labs) C:\Users\Jason Williamson\Downloads\SuperHudSetup.exe
2014-08-17 15:09 - 2014-08-17 15:09 - 22869918 _____ () C:\Users\Jason Williamson\Downloads\PokerStarsInstall.apk
2014-08-17 13:12 - 2014-08-17 14:54 - 41539294 _____ () C:\ps.raw
2014-08-17 13:09 - 2014-08-17 13:09 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\PokerEdge
2014-08-17 13:05 - 2014-08-17 13:24 - 00000000 ____D () C:\Program Files (x86)\PokerEdge
2014-08-16 17:48 - 2014-08-26 17:24 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\PokerStars
2014-08-16 17:48 - 2014-08-16 17:48 - 00001953 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2014-08-16 17:48 - 2014-08-16 17:48 - 00001947 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-08-16 17:47 - 2014-08-17 14:16 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-08-16 17:47 - 2014-08-16 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-08-16 17:44 - 2014-08-16 17:47 - 53258792 _____ (PokerStars) C:\Users\Jason Williamson\Downloads\PokerStarsInstall.exe
2014-08-14 23:11 - 2014-08-14 23:11 - 00000221 _____ () C:\Users\Jason Williamson\Desktop\DUNGEONS - Steam Special Edition.url
2014-08-14 22:41 - 2014-08-14 22:41 - 00000222 _____ () C:\Users\Jason Williamson\Desktop\DUNGEONS - The Dark Lord (Steam Special Edition).url
2014-08-14 20:17 - 2014-08-14 20:17 - 01058200 _____ (Adobe) C:\Users\Jason Williamson\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-14 10:13 - 2014-08-14 10:13 - 00003171 _____ () C:\Users\Jason Williamson\Documents\accountactivity.csv
2014-08-14 10:12 - 2014-08-14 10:12 - 00011688 _____ () C:\Users\Jason Williamson\Documents\csv36324.csv
2014-08-14 03:01 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 03:01 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 03:01 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 03:01 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 03:01 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 03:01 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 03:00 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 03:00 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 23:24 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 23:24 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 23:24 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 23:24 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 23:24 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 23:24 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 23:24 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 23:24 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 23:24 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 23:24 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 23:24 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 23:24 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 23:24 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 23:24 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 23:23 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 23:23 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 23:23 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 23:23 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 23:23 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 23:23 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 23:23 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 23:23 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 23:23 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 23:23 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 23:23 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 23:23 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 23:23 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 23:23 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 23:23 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 23:23 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 23:23 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 23:23 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 23:23 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 23:23 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 23:23 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 23:23 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 23:23 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 23:23 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 23:23 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 23:23 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 23:23 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 23:23 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 23:23 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 23:23 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 23:23 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 23:23 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 23:23 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 23:23 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 23:23 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 23:23 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 23:23 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 23:23 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 23:23 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 23:23 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 23:23 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 23:23 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 23:23 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 23:23 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 23:23 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 23:23 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 23:23 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 23:23 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 23:23 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 23:23 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 23:23 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 23:23 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 23:23 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 23:23 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 23:23 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 23:23 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 23:23 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 23:23 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 23:23 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 23:23 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 23:23 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 23:23 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 23:23 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 23:23 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 23:23 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 23:23 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 23:22 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 23:22 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 23:22 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 23:22 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 15:56 - 2014-08-11 15:56 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\SOCCC
2014-08-11 15:56 - 2014-08-11 15:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-08-11 15:46 - 2014-08-11 15:46 - 00000222 _____ () C:\Users\Jason Williamson\Desktop\Smooth Operators.url
2014-08-10 03:35 - 2014-08-10 03:35 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Jason Williamson\Documents\EA Games
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 __RHD () C:\Users\Jason Williamson\AppData\Roaming\SecuROM
2014-08-01 15:13 - 2014-08-01 15:13 - 00001682 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2014-08-01 15:13 - 2014-08-01 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-08-01 14:00 - 2014-08-01 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unofficial Fallout 3 Patch
2014-08-01 13:55 - 2014-08-01 13:58 - 53395321 _____ ( ) C:\Users\Jason Williamson\Downloads\Updated_Unofficial_Fallout3_Patch-19122-1-6-1.exe
2014-08-01 13:42 - 2014-08-01 13:42 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-08-01 13:36 - 2014-08-01 13:36 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\Fallout3
2014-08-01 13:35 - 2014-08-01 13:35 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-08-01 13:35 - 2014-08-01 13:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-31 18:40 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 18:40 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 18:40 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 18:40 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 18:40 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 18:40 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 18:40 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 18:40 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 18:40 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 18:40 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 18:40 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 18:40 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 18:40 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 18:40 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 09:30 - 2014-07-30 09:24 - 00000000 ____D () C:\Users\Jason Williamson\Desktop\photos
2014-07-30 09:28 - 2014-07-30 09:28 - 68759003 _____ () C:\Users\Jason Williamson\Downloads\facebook-jasonwilliamson35175.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-29 07:36 - 2014-08-21 15:49 - 00022682 _____ () C:\Users\Jason Williamson\Downloads\FRST.txt
2014-08-29 07:36 - 2014-08-21 15:49 - 00000000 ____D () C:\FRST
2014-08-29 07:35 - 2014-08-29 07:35 - 02103296 _____ (Farbar) C:\Users\Jason Williamson\Downloads\FRST64 (1).exe
2014-08-29 07:33 - 2014-01-13 17:21 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\uTorrent
2014-08-29 07:22 - 2014-06-25 17:02 - 00000346 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-08-29 07:10 - 2014-01-06 11:25 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-29 06:57 - 2014-02-12 17:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-29 06:49 - 2014-01-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-29 06:11 - 2014-01-10 19:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-29 03:22 - 2014-05-09 17:41 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-29 03:00 - 2014-01-06 11:21 - 01102701 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 19:10 - 2014-01-06 11:25 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 17:03 - 2014-01-13 14:55 - 00017408 ___SH () C:\Users\Jason Williamson\Documents\Thumbs.db
2014-08-28 11:58 - 2014-08-19 17:07 - 00000000 ____D () C:\Users\Jason Williamson\Documents\888poker
2014-08-28 11:19 - 2014-05-09 17:41 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Raptr
2014-08-28 03:26 - 2009-07-13 21:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 03:26 - 2009-07-13 21:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 03:19 - 2014-01-10 20:02 - 00000000 ___RD () C:\Users\Jason Williamson\Google Drive
2014-08-28 03:18 - 2014-08-19 18:41 - 00000000 ____D () C:\Users\postgres
2014-08-28 03:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 03:18 - 2009-07-13 21:51 - 00036379 _____ () C:\Windows\setupact.log
2014-08-28 03:18 - 2009-07-13 21:45 - 00437904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 22:21 - 2014-08-19 18:30 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-08-26 19:02 - 2014-08-26 18:57 - 00000000 ____D () C:\Program Files (x86)\CarbonPoker
2014-08-26 19:00 - 2014-08-26 19:00 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Mozilla
2014-08-26 19:00 - 2014-08-26 19:00 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\eclipse
2014-08-26 19:00 - 2014-08-26 18:58 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\CarbonPoker
2014-08-26 18:57 - 2014-08-26 18:57 - 00001906 _____ () C:\Users\Jason Williamson\Desktop\CarbonPoker.lnk
2014-08-26 18:57 - 2014-08-26 18:57 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker
2014-08-26 18:56 - 2014-08-26 18:56 - 52662736 _____ () C:\Users\Jason Williamson\Downloads\PokerInstaller.exe
2014-08-26 17:24 - 2014-08-16 17:48 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\PokerStars
2014-08-26 14:15 - 2014-01-11 21:22 - 00000000 ____D () C:\Users\Jason Williamson\Documents\Au's Docs
2014-08-23 15:15 - 2014-08-23 15:15 - 00031241 _____ () C:\Users\Jason Williamson\Downloads\[kickass.to]the.biggest.poker.strategy.ebooks.collection.93.books.texas.hold.em.no.limit.fixed.limit.pot.limit.omaha.etc.torrent
2014-08-23 14:41 - 2014-08-23 14:41 - 00002049 _____ () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk
2014-08-23 14:41 - 2014-08-23 14:41 - 00002025 _____ () C:\Users\postgres\Desktop\888poker.lnk
2014-08-23 14:41 - 2014-08-23 14:41 - 00002025 _____ () C:\Users\Jason Williamson\Desktop\888poker.lnk
2014-08-23 14:41 - 2014-08-23 14:41 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\PacificPoker
2014-08-23 14:41 - 2014-08-23 14:41 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
2014-08-23 14:41 - 2014-08-23 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
2014-08-23 14:41 - 2014-08-23 14:40 - 00000000 ____D () C:\Program Files (x86)\PacificPoker
2014-08-23 14:41 - 2014-01-22 15:36 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-23 14:28 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-23 14:24 - 2014-08-23 14:24 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Party
2014-08-23 14:24 - 2014-08-23 14:24 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\cef-cache
2014-08-23 14:23 - 2014-02-12 17:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-23 14:23 - 2014-02-12 17:42 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-23 14:23 - 2014-01-22 22:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-23 14:22 - 2014-08-23 14:22 - 00872368 _____ () C:\Users\Jason Williamson\Downloads\PartyPokerSetup.exe
2014-08-23 14:19 - 2014-08-23 14:19 - 00765872 _____ () C:\Users\Jason Williamson\Downloads\PartyPokerNetSetup.exe
2014-08-22 19:07 - 2014-08-27 21:15 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 21:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 21:15 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 12:12 - 2014-04-27 12:32 - 00000000 ____D () C:\ProgramData\BitRaider
2014-08-22 10:15 - 2014-08-22 10:10 - 54457120 _____ () C:\Users\Jason Williamson\Downloads\FullTiltSetup.exe
2014-08-22 10:14 - 2014-08-19 15:05 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-08-22 09:53 - 2014-08-22 09:53 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Logitech
2014-08-22 09:53 - 2014-08-22 09:53 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-08-22 09:53 - 2014-01-06 11:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-22 09:52 - 2014-08-22 09:52 - 11863248 _____ (Logitech) C:\Users\Jason Williamson\Downloads\HarmonyBrowserPlug-in.exe
2014-08-22 09:51 - 2014-08-22 09:51 - 00409880 _____ (Logitech) C:\Users\Jason Williamson\Downloads\MyHarmony-App.exe
2014-08-22 00:57 - 2014-08-22 00:57 - 10164466 _____ () C:\Users\Jason Williamson\Downloads\sharkscope-setup-322.exe
2014-08-21 21:35 - 2014-08-21 21:35 - 00002626 _____ () C:\Users\Jason Williamson\Downloads\legitcheck.hta
2014-08-21 19:32 - 2014-08-21 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-21 19:32 - 2014-08-21 19:21 - 00000000 ____D () C:\Users\Jason Williamson\Desktop\mbar
2014-08-21 19:24 - 2014-08-21 19:24 - 01364531 _____ () C:\Users\Jason Williamson\Downloads\AdwCleaner.exe
2014-08-21 19:22 - 2014-07-17 16:07 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 19:21 - 2014-08-21 19:21 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Jason Williamson\Downloads\mbar-1.07.0.1012.exe
2014-08-21 19:21 - 2014-07-17 16:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 16:27 - 2014-08-21 16:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-21 16:26 - 2014-08-21 16:26 - 02347384 _____ (ESET) C:\Users\Jason Williamson\Downloads\esetsmartinstaller_enu.exe
2014-08-21 15:50 - 2014-08-21 15:50 - 00040517 _____ () C:\Users\Jason Williamson\Downloads\Addition.txt
2014-08-21 15:49 - 2014-08-21 15:49 - 02101760 _____ (Farbar) C:\Users\Jason Williamson\Downloads\frst64.exe
2014-08-21 15:36 - 2014-08-21 15:36 - 00003098 _____ () C:\Users\Jason Williamson\Desktop\attach.zip
2014-08-21 15:27 - 2014-08-21 15:27 - 00688992 ____R (Swearware) C:\Users\Jason Williamson\Downloads\dds.com
2014-08-21 15:27 - 2014-08-21 15:27 - 00024648 _____ () C:\Users\Jason Williamson\Desktop\dds.txt
2014-08-21 15:27 - 2014-08-21 15:27 - 00007634 _____ () C:\Users\Jason Williamson\Desktop\attach.txt
2014-08-21 15:07 - 2014-08-21 15:07 - 00031275 _____ () C:\ComboFix.txt
2014-08-21 15:07 - 2014-08-21 14:33 - 00000000 ____D () C:\Qoobox
2014-08-21 15:07 - 2014-04-22 11:56 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-21 15:07 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-21 15:04 - 2014-08-21 14:33 - 00000000 ____D () C:\Windows\erdnt
2014-08-21 14:55 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-21 14:54 - 2014-01-06 11:31 - 00173232 _____ () C:\Windows\PFRO.log
2014-08-21 14:44 - 2014-01-10 20:10 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\Adobe
2014-08-21 14:33 - 2014-07-17 16:29 - 05572006 ____R (Swearware) C:\Users\Jason Williamson\Downloads\ComboFix.exe
2014-08-20 09:39 - 2014-08-19 18:35 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\PokerTracker 4
2014-08-20 00:56 - 2014-08-20 00:56 - 63697776 _____ () C:\Users\Jason Williamson\Downloads\unconfirmed 699985.crdownload
2014-08-19 18:41 - 2014-08-19 18:41 - 00000020 ___SH () C:\Users\postgres\ntuser.ini
2014-08-19 18:41 - 2014-08-19 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.0
2014-08-19 18:40 - 2014-08-19 18:40 - 00000000 ____D () C:\Program Files\PostgreSQL
2014-08-19 18:35 - 2014-08-19 18:35 - 00005044 _____ () C:\ProgramData\flwjycbm.bab
2014-08-19 18:30 - 2014-08-19 18:30 - 63697776 _____ () C:\Users\Jason Williamson\Downloads\pt-install-v4.11.11.exe
2014-08-19 18:30 - 2014-08-19 18:30 - 00001074 _____ () C:\Users\Jason Williamson\Desktop\PokerTracker 4.lnk
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-08-19 16:59 - 2014-08-19 16:55 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\FullTiltPoker
2014-08-19 16:56 - 2014-08-19 16:56 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\cache
2014-08-19 15:12 - 2014-08-19 15:08 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\Poker Pro Labs
2014-08-19 15:08 - 2014-08-19 15:08 - 00000000 ____D () C:\Users\Jason Williamson\Documents\Poker Pro Labs
2014-08-19 15:08 - 2014-08-19 15:08 - 00000000 ____D () C:\Program Files (x86)\Poker Pro Labs
2014-08-19 15:06 - 2014-08-19 15:06 - 00001051 _____ () C:\Users\Public\Desktop\Full Tilt Poker.lnk
2014-08-19 15:06 - 2014-08-19 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-08-19 15:05 - 2014-08-19 15:05 - 00975624 _____ (Poker Pro Labs) C:\Users\Jason Williamson\Downloads\SuperHudSetup.exe
2014-08-18 13:21 - 2014-01-09 16:28 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\HpUpdate
2014-08-17 15:09 - 2014-08-17 15:09 - 22869918 _____ () C:\Users\Jason Williamson\Downloads\PokerStarsInstall.apk
2014-08-17 14:54 - 2014-08-17 13:12 - 41539294 _____ () C:\ps.raw
2014-08-17 14:16 - 2014-08-16 17:47 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-08-17 13:24 - 2014-08-17 13:05 - 00000000 ____D () C:\Program Files (x86)\PokerEdge
2014-08-17 13:09 - 2014-08-17 13:09 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\PokerEdge
2014-08-17 13:09 - 2014-01-09 18:35 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\CrashDumps
2014-08-16 17:48 - 2014-08-16 17:48 - 00001953 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2014-08-16 17:48 - 2014-08-16 17:48 - 00001947 _____ () C:\Users\Public\Desktop\PokerStars.lnk
2014-08-16 17:48 - 2014-08-16 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-08-16 17:47 - 2014-08-16 17:44 - 53258792 _____ (PokerStars) C:\Users\Jason Williamson\Downloads\PokerStarsInstall.exe
2014-08-15 19:28 - 2014-06-18 17:56 - 00005026 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TyrellCorp-Jason Williamson TyrellCorp
2014-08-15 08:20 - 2014-01-07 20:33 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Kalypso Media
2014-08-15 08:19 - 2014-01-06 22:35 - 00534965 _____ () C:\Windows\DirectX.log
2014-08-14 23:11 - 2014-08-14 23:11 - 00000221 _____ () C:\Users\Jason Williamson\Desktop\DUNGEONS - Steam Special Edition.url
2014-08-14 23:11 - 2014-01-06 20:39 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-14 22:41 - 2014-08-14 22:41 - 00000222 _____ () C:\Users\Jason Williamson\Desktop\DUNGEONS - The Dark Lord (Steam Special Edition).url
2014-08-14 21:12 - 2014-07-17 16:30 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 20:17 - 2014-08-14 20:17 - 01058200 _____ (Adobe) C:\Users\Jason Williamson\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-14 12:41 - 2014-01-24 20:38 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\vlc
2014-08-14 10:14 - 2014-01-10 19:24 - 00000000 ____D () C:\Users\Jason Williamson\Documents\Sands Docs
2014-08-14 10:13 - 2014-08-14 10:13 - 00003171 _____ () C:\Users\Jason Williamson\Documents\accountactivity.csv
2014-08-14 10:12 - 2014-08-14 10:12 - 00011688 _____ () C:\Users\Jason Williamson\Documents\csv36324.csv
2014-08-14 04:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 03:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 03:08 - 2014-01-06 20:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:05 - 2014-01-06 20:33 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 03:00 - 2014-05-02 19:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 19:11 - 2014-01-10 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-11 15:56 - 2014-08-11 15:56 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Roaming\SOCCC
2014-08-11 15:56 - 2014-08-11 15:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-08-11 15:46 - 2014-08-11 15:46 - 00000222 _____ () C:\Users\Jason Williamson\Desktop\Smooth Operators.url
2014-08-11 13:48 - 2014-01-09 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-10 12:11 - 2009-07-13 22:13 - 00778180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-10 03:35 - 2014-08-10 03:35 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-10 03:34 - 2014-01-25 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-10 03:34 - 2014-01-06 21:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-10 03:34 - 2014-01-06 21:19 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-10 03:34 - 2014-01-06 21:19 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-06 19:06 - 2014-08-13 23:22 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-13 23:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 04:06 - 2014-01-13 17:23 - 00000864 _____ () C:\Users\Jason Williamson\Desktop\µTorrent.lnk
2014-08-06 04:06 - 2014-01-13 17:23 - 00000844 _____ () C:\Users\Jason Williamson\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-02 07:43 - 2014-01-07 18:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-02 07:42 - 2014-01-07 18:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-01 20:34 - 2014-01-06 20:45 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Jason Williamson\Documents\EA Games
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 __RHD () C:\Users\Jason Williamson\AppData\Roaming\SecuROM
2014-08-01 15:13 - 2014-08-01 15:13 - 00001682 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2014-08-01 15:13 - 2014-08-01 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-08-01 14:00 - 2014-08-01 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unofficial Fallout 3 Patch
2014-08-01 13:58 - 2014-08-01 13:55 - 53395321 _____ ( ) C:\Users\Jason Williamson\Downloads\Updated_Unofficial_Fallout3_Patch-19122-1-6-1.exe
2014-08-01 13:42 - 2014-08-01 13:42 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-08-01 13:42 - 2014-01-06 21:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-01 13:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-01 13:36 - 2014-08-01 13:36 - 00000000 ____D () C:\Users\Jason Williamson\AppData\Local\Fallout3
2014-08-01 13:35 - 2014-08-01 13:35 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-08-01 13:35 - 2014-08-01 13:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-08-01 13:33 - 2014-01-11 01:37 - 00000000 ____D () C:\Users\Jason Williamson\Documents\my games
2014-07-31 16:41 - 2014-08-13 23:23 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-13 23:23 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 09:28 - 2014-07-30 09:28 - 68759003 _____ () C:\Users\Jason Williamson\Downloads\facebook-jasonwilliamson35175.zip
2014-07-30 09:24 - 2014-07-30 09:30 - 00000000 ____D () C:\Users\Jason Williamson\Desktop\photos
 
Some content of TEMP:
====================
C:\Users\Jason Williamson\AppData\Local\Temp\javasysmo6916729818039873777.dll
C:\Users\Jason Williamson\AppData\Local\Temp\SIInvoker.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 00:19
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Jason Williamson at 2014-08-29 07:36:43
Running from C:\Users\Jason Williamson\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
888poker (HKLM-x32\...\888poker) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40415 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F5B2C61F-1C10-FD9B-C29C-D8B88C9849CF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - BlueByte)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - Ubisoft Montreal)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft Montreal)
Assassin's Creed® III v1.02 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.02 - Ubisoft)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
CarbonPoker (HKCU\...\CarbonPoker) (Version: 6.0 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0415.2224.38428 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0415.2225.38428 - Advanced Micro Devices, Inc.) Hidden
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
DJ3520FWUpdateAlert (x32 Version: 2.00.0000 - HP) Hidden
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
DUNGEONS - Steam Special Edition (HKLM-x32\...\Steam App 57650) (Version:  - Realmforge Studios)
DUNGEONS - The Dark Lord (Steam Special Edition) (HKLM-x32\...\Steam App 200550) (Version:  - Realmforge Studios)
East India Company (HKLM-x32\...\Steam App 25930) (Version:  - Nitro Games)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Europa Universalis: Rome - Gold Edition (HKLM-x32\...\Steam App 23420) (Version:  - Paradox Development Studio)
Europa Universalis: Rome - Vae Victis (HKLM-x32\...\Steam App 23440) (Version:  - Realmforge Studios)
Evil Genius (HKLM-x32\...\Steam App 3720) (Version:  - Elixir Studios)
Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version:  - Black Isle Studios)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 3 Patch v1.6.1 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.6.1 - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.16.20.WIN.FullTilt.COM - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Ages: Rome (HKLM-x32\...\Steam App 23450) (Version:  - Haemimont Games)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Homestream (HKLM\...\Homestream) (Version:  - )
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Omerta - City of Gangsters (HKLM-x32\...\Steam App 208520) (Version:  - Haemimont Games)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Overlord (HKLM-x32\...\Steam App 11450) (Version:  - Triumph Studios)
Overlord II (HKLM-x32\...\Steam App 12810) (Version:  - Triumph Studios)
Overlord: Raising Hell (HKLM-x32\...\Steam App 12710) (Version:  - Triumph Studios)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 9.0  (HKLM\...\PostgreSQL 9.0) (Version: 9.0 - PostgreSQL Global Development Group)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Sengoku (HKLM-x32\...\Steam App 73210) (Version:  - Paradox Development Studio)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Smooth Operators (HKLM-x32\...\Steam App 262900) (Version:  - Heydeck Games)
Space Hulk (HKLM-x32\...\Steam App 242570) (Version:  - Full Control Studios)
Star Ruler (HKLM-x32\...\Steam App 70900) (Version:  - Blind Mind Studios)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.39 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Thief (HKLM-x32\...\VGhpZWY=_is1) (Version: 1 - )
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version:  - Haemimont Games)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War for the Overworld Bedrock Beta (HKLM-x32\...\Steam App 230190) (Version:  - Subterranean Games)
Warlock 2: the Exiled (HKLM-x32\...\Steam App 205990) (Version:  - Ino-Co Plus)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-08-2014 07:00:07 Scheduled Checkpoint
28-08-2014 10:00:11 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-08-21 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A476FFA-249C-4876-8C9D-451AAD40768B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-29] (Microsoft Corporation)
Task: {145BE320-8F97-412C-8A00-FC5C6820ABCF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-23] (Adobe Systems Incorporated)
Task: {21D81DB6-0EBD-4E04-AF54-B0D7052E33DB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {393261EF-B106-4A36-A3ED-CF220389B304} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {3B22508C-AFC7-4542-8B3E-046560B592A8} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5ADD9319-923D-472F-B04F-40F8492438D0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {5B111573-81F0-4D74-A398-6CC03B292FED} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {71B70313-C1DE-488C-87B9-7682A8F50930} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-29] (Microsoft Corporation)
Task: {887F3A81-6EB3-4203-B010-2DDBA3DD3FFF} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-06-25] ()
Task: {91049CA0-A4A5-43BD-9427-38A8FE353459} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TyrellCorp-Jason Williamson TyrellCorp => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-29] (Microsoft Corporation)
Task: {93936EF5-F8F8-4478-ADBE-E394C292776E} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-29] ()
Task: {A707E799-3B45-452F-8E9B-5253FC159F0C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {CAEB1C26-DBB3-4F15-B97E-630F5939C8A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {F82F648F-A28A-4002-9AD7-09EAE1029E55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-25 13:32 - 2012-05-25 13:32 - 00206848 _____ () C:\Program Files\Homestream\bin\HomestreamService.exe
2014-01-07 16:38 - 2014-02-09 19:46 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-19 18:40 - 2012-09-21 00:55 - 00217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2014-08-19 18:41 - 2012-08-14 05:02 - 02258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2014-08-29 06:11 - 2014-08-29 06:11 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-03-29 23:32 - 2009-03-29 23:32 - 00032768 ____R () C:\Windows\DAODx.exe
2012-05-25 13:32 - 2012-05-25 13:32 - 00222208 _____ () C:\Program Files\Homestream\bin\HomestreamConsole.exe
2014-04-15 22:28 - 2014-04-15 22:28 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-18 19:11 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-06 21:37 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-01-06 21:37 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-28 03:18 - 2014-08-28 03:18 - 00098816 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32api.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00110080 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\pywintypes27.dll
2014-08-28 03:18 - 2014-08-28 03:18 - 00364544 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\pythoncom27.dll
2014-08-28 03:18 - 2014-08-28 03:18 - 00045568 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\_socket.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 01160704 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\_ssl.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00320512 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32com.shell.shell.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00713216 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\_hashlib.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 01175040 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._core_.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00805888 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._gdi_.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00811008 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._windows_.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 01062400 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._controls_.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00735232 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._misc_.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00128512 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\_elementtree.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00127488 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\pyexpat.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00557056 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\pysqlite2._sqlite.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00007168 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\hashobjs_ext.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00087552 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\_ctypes.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00119808 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32file.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00108544 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32security.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00018432 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32event.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00038912 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32inet.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00070656 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._html2.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00167936 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32gui.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00011264 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32crypt.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00027136 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\_multiprocessing.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00686080 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\unicodedata.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00122368 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._wizard.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00010240 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\select.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00024064 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32pipe.pyd
2014-08-28 03:19 - 2014-08-28 03:19 - 00025600 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32pdh.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00525640 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\windows._lib_cacheinvalidation.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00035840 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32process.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00017408 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32profile.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00022528 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\win32ts.pyd
2014-08-28 03:18 - 2014-08-28 03:18 - 00078336 _____ () C:\Users\Jason Williamson\AppData\Local\Temp\_MEI33042\wx._animate.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-08-19 18:34 - 2014-08-19 18:34 - 00031488 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 17:56 - 2014-06-17 17:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-08-29 06:48 - 2014-08-21 11:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 06:48 - 2014-08-21 11:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 06:48 - 2014-08-21 11:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-01-06 20:29 - 2014-08-20 15:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 19:05 - 2014-08-28 04:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 06:48 - 2014-08-21 11:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 06:48 - 2014-08-21 11:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-01-06 20:29 - 2014-08-28 04:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-01-06 20:29 - 2014-08-20 15:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 16:55 - 2014-08-20 15:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-08-29 06:11 - 2014-08-29 06:11 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-08-14 21:12 - 2014-08-06 20:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-14 21:12 - 2014-08-06 20:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-14 21:12 - 2014-08-06 20:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 21:12 - 2014-08-06 20:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 21:12 - 2014-08-06 20:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-07-09 04:57 - 2014-07-09 04:57 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/29/2014 00:21:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/27/2014 00:27:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/25/2014 00:46:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/24/2014 01:14:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/23/2014 02:24:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pprekop.exe, version: 4.2.0.172, time stamp: 0xole32.dll
Faulting module name: 5.1.2600.2182, version: 10017bed, time stamp: 0x%6
Exception code: 0x%7
Fault offset: 0x%8
Faulting process id: 0x%9
Faulting application start time: 0xpprekop.exe0
Faulting application path: pprekop.exe1
Faulting module path: pprekop.exe2
Report Id: pprekop.exe3
 
Error: (08/23/2014 11:07:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PokerStars.exe version 8.4.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 22a8
 
Start Time: 01cfbee133e9f1c3
 
Termination Time: 109
 
Application Path: C:\Program Files (x86)\PokerStars\PokerStars.exe
 
Report Id: 4c91c0d4-2af0-11e4-b11f-bcee7b5e8219
 
Error: (08/22/2014 01:11:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/22/2014 01:11:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/22/2014 01:10:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/21/2014 07:18:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (08/29/2014 06:49:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (08/29/2014 06:49:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (08/28/2014 03:18:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
Error: (08/28/2014 03:18:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
Error: (08/23/2014 05:40:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (08/22/2014 10:43:18 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/21/2014 09:12:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (08/21/2014 02:57:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
%%1053
 
Error: (08/21/2014 02:57:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (08/21/2014 02:55:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (08/29/2014 00:21:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/27/2014 00:27:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/25/2014 00:46:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/24/2014 01:14:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/23/2014 02:24:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pprekop.exe4.2.0.172ole32.dll5.1.2600.218210017bed
 
Error: (08/23/2014 11:07:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PokerStars.exe8.4.2.022a801cfbee133e9f1c3109C:\Program Files (x86)\PokerStars\PokerStars.exe4c91c0d4-2af0-11e4-b11f-bcee7b5e8219
 
Error: (08/22/2014 01:11:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\jason williamson\downloads\esetsmartinstaller_enu.exe
 
Error: (08/22/2014 01:11:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\jason williamson\downloads\esetsmartinstaller_enu.exe
 
Error: (08/22/2014 01:10:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/21/2014 07:18:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jason Williamson\Downloads\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-21 14:44:37.026
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-21 14:44:36.936
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8320 Eight-Core Processor 
Percentage of memory in use: 38%
Total physical RAM: 8089.45 MB
Available physical RAM: 5001.22 MB
Total Pagefile: 16177.09 MB
Available Pagefile: 11072.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:128.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (rld-wadc) (CDROM) (Total:7.32 GB) (Free:0 GB) CDFS
Drive f: (Games and Programs) (Fixed) (Total:931.51 GB) (Free:247.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3F976704)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=465.8 GB) - (Type=42)
Partition 3: (Not Active) - (Size=24 KB) - (Type=42)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B052CEC8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
 
==================== End Of Log ============================

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:16 AM

Posted 29 August 2014 - 10:15 AM

Greetings and welcome.

Unfortunately I must advise you of 2 very serious infections on your computer. I am also providing a caution about Peer 2 Peer programs because of the inherent dangers associated with them and, in fact, you most probably got infected via these means.

Before doing anything further please let me know what you decide to do.

===================================================

BACKDOOR WARNING! - Ramnit Virus

--------------------

Your system is infected with a Win32/Ramnit.A, a file infector with IRCBot functionality which infects .exe, and .HTMLHTM files, and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
  • Understanding virus names
  • Threat aliases for Win32/Ramnit.A
  • With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. Any assumption your computer is clean simply because a program may deem it so is unwise.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

    ===================================================

    Sality Virus Warning

    --------------------

    I'm afraid I have very bad news. The system is infected with a nasty variant of Win32/Sality. This family of malware is a polymorphic file infector which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

    Please see Kaspersky's Threat Encyclopaedia of Win32.Sality.NAO.

    With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

    About Sality Virus

    If the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised
and change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach.Because your computer was compromised please read:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 29 August 2014 - 10:49 AM

Ok so, if its needed. I will reformat the computer.

 

Since I have your attention, can I post logs for my wife's laptop?  I am concerned its infected as well.  



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:16 AM

Posted 29 August 2014 - 11:09 AM

Greetings,

 

It is best if you reformat.  If you need assistance in doing anything please let me know.  If you don't need any assistance let me know as well and I will close the Topic.

 

Unfortunately you will have to start a new Topic for your wife's computer.  We really only deal with one computer per Topic.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 29 August 2014 - 11:32 AM

Clean installs I can do.  Thanks.

Edited by Oh My!, 29 August 2014 - 11:41 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:16 AM

Posted 29 August 2014 - 11:41 AM

Very good, I will close this Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:16 AM

Posted 29 August 2014 - 11:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users