Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser and Steam Adware.


  • This topic is locked This topic is locked
17 replies to this topic

#1 Azire

Azire

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 18 September 2014 - 08:37 PM

Hello, thank you for taking your time to help me. For the past maybe.. 4 months or so I have had this Adware on my PC. I've tried a lot of things to remove it. I used DBAN to wipe my hard drive, AdwCleaner, AVG, Avast, Malwarebytes pro, and spybot, are some of the more known ones I used to try and get rid of this adware. It specifically pops up when I click a link or click anywhere on a webpage. It wont pop up if I go to the webpage but if I click somewhere ReduuxMedia or Rolblox ad's pop up. On my steam client if I go anywhere but my Library I get 3 to 4 pop ups talking about binary coding and why I should do it. I have never downloaded anything or agreed to let anything run from these ad's. Thank you for helping me. I will always respond as fast as possible.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 19 September 2014 - 04:51 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Azire

Azire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 19 September 2014 - 04:37 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Josh (administrator) on JOSH-PC on 19-09-2014 17:32:58
Running from C:\Users\Josh\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Curse) C:\Users\Josh\AppData\Local\Apps\2.0\W75C97V2.HYO\CCJK7TX9.CWQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3927883460-440213185-1545101782-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2993376 2014-05-08] (Nota Inc.)
HKU\S-1-5-21-3927883460-440213185-1545101782-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * ROBoot64 \??\C:\Windows\system32\ASOROSet.binsdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A52F224D7B1CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 107.170.189.30 162.243.207.106 206.248.154.22

FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\x3lurf0t.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Josh\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.ca/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (AdBlock) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
CHR Extension: (Blockulicious) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 17:32 - 2014-09-19 17:33 - 00009766 _____ () C:\Users\Josh\Desktop\FRST.txt
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Downloads\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Desktop\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 02105856 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 02105856 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 00000000 ____D () C:\FRST
2014-09-18 22:40 - 2014-09-18 22:40 - 01373475 _____ () C:\Users\Josh\Downloads\AdwCleaner.exe
2014-09-18 22:40 - 2014-09-18 22:40 - 00000000 ____D () C:\AdwCleaner
2014-09-13 03:05 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:05 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:05 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:05 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:05 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:05 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:05 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:05 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:05 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:05 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:05 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:05 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:05 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:05 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:05 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:05 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:05 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:05 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:05 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:05 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:05 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:05 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:05 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:05 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:05 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:05 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:05 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:05 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:05 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:05 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:05 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:05 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:05 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:05 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:05 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:05 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:05 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:05 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:05 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:05 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:05 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:05 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:05 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:05 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:05 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:05 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:05 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:05 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:05 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:05 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:05 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 03:04 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:04 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:04 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:04 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:04 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 22:55 - 2014-09-12 22:56 - 00000000 ____D () C:\Users\Josh\AppData\Local\PAYDAY 2
2014-09-12 22:55 - 2014-09-12 22:55 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-12 21:20 - 2014-09-12 21:20 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:18 - 2014-09-12 21:18 - 00000000 ____D () C:\Windows\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2014-09-12 20:14 - 2014-09-12 20:14 - 00295608 _____ () C:\Windows\Minidump\091214-18969-01.dmp
2014-09-12 15:33 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 15:33 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 15:33 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 15:33 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 15:33 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 15:33 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 15:33 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 15:33 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 15:33 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 17:23 - 2014-09-10 17:15 - 00688992 _____ (Swearware) C:\Users\Josh\Desktop\dds.com
2014-09-10 17:15 - 2014-09-10 17:15 - 00688992 _____ (Swearware) C:\Users\Josh\Downloads\dds.com
2014-09-10 13:39 - 2014-09-10 14:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 13:39 - 2014-09-10 13:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 13:39 - 2014-09-10 13:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-10 13:39 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-10 13:38 - 2014-09-10 13:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Josh\Downloads\spybot-2.4.exe
2014-09-10 11:16 - 2014-09-10 11:16 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-10 11:14 - 2014-09-10 11:14 - 01922688 _____ () C:\Users\Josh\Downloads\winrar-x64-511.exe
2014-09-06 17:21 - 2014-09-06 17:21 - 00001652 _____ () C:\Windows\system32\ASOROSet.bin
2014-09-06 17:21 - 2014-09-06 17:21 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-09-06 17:15 - 2014-09-06 17:15 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2014-09-06 17:09 - 2014-09-06 17:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-06 16:57 - 2014-09-13 01:21 - 00002502 _____ () C:\Users\Josh\Desktop\Rkill.txt
2014-09-06 16:57 - 2014-09-06 16:57 - 00000000 ____D () C:\Users\Josh\Desktop\RKILL
2014-09-06 16:34 - 2014-09-06 16:34 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Josh\Downloads\rkill.scr
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Josh\AppData\Local\Avg
2014-09-06 14:57 - 2014-09-14 11:00 - 00000600 _____ () C:\Users\Josh\PUTTY.RND
2014-09-02 11:30 - 2014-09-02 11:34 - 00000000 ____D () C:\ComboFix
2014-08-31 00:04 - 2014-08-31 00:04 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Macromedia
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-29 18:05 - 2014-09-02 11:30 - 00000000 ____D () C:\Qoobox
2014-08-29 18:05 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 18:05 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 18:05 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 18:04 - 2014-08-29 18:09 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 ____R (Swearware) C:\Users\Josh\Desktop\ComboFix.exe
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 _____ (Swearware) C:\Users\Josh\Downloads\ComboFix.exe
2014-08-29 16:53 - 2014-09-19 16:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-29 16:53 - 2014-09-19 16:58 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-29 16:53 - 2014-08-29 16:53 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-29 16:53 - 2014-08-29 16:53 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-29 16:53 - 2014-08-29 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-29 16:52 - 2014-09-06 17:03 - 00000000 ____D () C:\Users\Josh\Desktop\backups
2014-08-29 16:51 - 2014-08-29 16:51 - 00000000 ____D () C:\Users\Josh\Desktop\Reg Backup
2014-08-29 16:17 - 2014-09-06 17:00 - 00006227 _____ () C:\Users\Josh\Desktop\hijackthis.log
2014-08-29 16:14 - 2014-08-29 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Josh\Desktop\HijackThis.exe
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Local\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-28 23:06 - 2014-09-18 20:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-28 23:06 - 2014-08-28 23:06 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-28 23:06 - 2014-08-28 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-28 20:02 - 2014-08-28 20:02 - 01141680 _____ () C:\Users\Josh\Downloads\SteamSetup.exe
2014-08-27 22:09 - 2014-08-27 22:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Curse Advertising
2014-08-27 22:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-27 16:54 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 16:54 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 16:54 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 16:00 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 16:00 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 16:00 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 16:00 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 16:00 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 16:00 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 16:00 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 16:00 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 16:00 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 16:00 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 15:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 15:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 15:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 15:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 17:33 - 2014-09-19 17:32 - 00009766 _____ () C:\Users\Josh\Desktop\FRST.txt
2014-09-19 17:33 - 2014-08-10 01:13 - 00000000 ____D () C:\Users\Josh\AppData\Local\Battle.net
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Downloads\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Desktop\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 02105856 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 02105856 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 00000000 ____D () C:\FRST
2014-09-19 17:19 - 2014-08-07 01:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 17:15 - 2014-08-06 20:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Deployment
2014-09-19 17:11 - 2009-07-14 00:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 17:11 - 2009-07-14 00:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 17:00 - 2014-08-06 20:32 - 01329788 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 16:58 - 2014-08-29 16:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 16:58 - 2014-08-29 16:53 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 22:46 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 22:41 - 2014-08-07 11:32 - 00050606 _____ () C:\Windows\PFRO.log
2014-09-18 22:41 - 2014-08-06 21:44 - 00003821 _____ () C:\Windows\setupact.log
2014-09-18 22:41 - 2014-08-06 20:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-18 22:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 22:40 - 2014-09-18 22:40 - 01373475 _____ () C:\Users\Josh\Downloads\AdwCleaner.exe
2014-09-18 22:40 - 2014-09-18 22:40 - 00000000 ____D () C:\AdwCleaner
2014-09-18 22:39 - 2014-08-06 21:43 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Skype
2014-09-18 20:03 - 2014-08-28 23:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-17 18:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-16 17:01 - 2014-08-07 03:20 - 00000000 ____D () C:\Users\Josh\AppData\Local\CrashDumps
2014-09-14 19:44 - 2014-08-10 01:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-14 11:00 - 2014-09-06 14:57 - 00000600 _____ () C:\Users\Josh\PUTTY.RND
2014-09-14 11:00 - 2014-08-11 21:12 - 00000000 ____D () C:\Users\Josh\Desktop\Pandora
2014-09-13 23:45 - 2014-08-08 22:10 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-09-13 03:03 - 2014-08-07 03:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 03:03 - 2014-08-06 21:28 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 03:01 - 2014-08-07 03:55 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 01:21 - 2014-09-06 16:57 - 00002502 _____ () C:\Users\Josh\Desktop\Rkill.txt
2014-09-12 22:56 - 2014-09-12 22:55 - 00000000 ____D () C:\Users\Josh\AppData\Local\PAYDAY 2
2014-09-12 22:55 - 2014-09-12 22:55 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-12 22:55 - 2014-08-06 20:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-12 21:20 - 2014-09-12 21:20 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:18 - 2014-09-12 21:18 - 00000000 ____D () C:\Windows\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2014-09-12 21:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 20:14 - 2014-09-12 20:14 - 00295608 _____ () C:\Windows\Minidump\091214-18969-01.dmp
2014-09-12 20:14 - 2014-08-10 00:17 - 540459584 _____ () C:\Windows\MEMORY.DMP
2014-09-12 20:14 - 2014-08-10 00:17 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 17:15 - 2014-09-10 17:23 - 00688992 _____ (Swearware) C:\Users\Josh\Desktop\dds.com
2014-09-10 17:15 - 2014-09-10 17:15 - 00688992 _____ (Swearware) C:\Users\Josh\Downloads\dds.com
2014-09-10 16:23 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\RemotePackages
2014-09-10 14:20 - 2014-09-10 13:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 13:42 - 2014-09-10 13:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 13:39 - 2014-09-10 13:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-10 13:38 - 2014-09-10 13:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Josh\Downloads\spybot-2.4.exe
2014-09-10 11:36 - 2014-08-06 23:10 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TS3Client
2014-09-10 11:16 - 2014-09-10 11:16 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-10 11:14 - 2014-09-10 11:14 - 01922688 _____ () C:\Users\Josh\Downloads\winrar-x64-511.exe
2014-09-07 22:58 - 2014-08-06 23:31 - 00027446 _____ () C:\Windows\DirectX.log
2014-09-07 16:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-09-06 17:27 - 2014-08-06 20:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-06 17:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-09-06 17:21 - 2014-09-06 17:21 - 00001652 _____ () C:\Windows\system32\ASOROSet.bin
2014-09-06 17:21 - 2014-09-06 17:21 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-09-06 17:15 - 2014-09-06 17:15 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2014-09-06 17:09 - 2014-09-06 17:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-06 17:03 - 2014-08-29 16:52 - 00000000 ____D () C:\Users\Josh\Desktop\backups
2014-09-06 17:00 - 2014-08-29 16:17 - 00006227 _____ () C:\Users\Josh\Desktop\hijackthis.log
2014-09-06 16:57 - 2014-09-06 16:57 - 00000000 ____D () C:\Users\Josh\Desktop\RKILL
2014-09-06 16:34 - 2014-09-06 16:34 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Josh\Downloads\rkill.scr
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Josh\AppData\Local\Avg
2014-09-06 14:57 - 2014-08-06 20:30 - 00000000 ____D () C:\Users\Josh
2014-09-02 11:35 - 2014-08-06 20:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Apps\2.0
2014-09-02 11:34 - 2014-09-02 11:30 - 00000000 ____D () C:\ComboFix
2014-09-02 11:33 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 11:30 - 2014-08-29 18:05 - 00000000 ____D () C:\Qoobox
2014-09-01 03:35 - 2014-08-10 01:13 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Battle.net
2014-08-31 00:04 - 2014-08-31 00:04 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Macromedia
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-29 18:10 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-29 18:09 - 2014-08-29 18:04 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 ____R (Swearware) C:\Users\Josh\Desktop\ComboFix.exe
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 _____ (Swearware) C:\Users\Josh\Downloads\ComboFix.exe
2014-08-29 16:53 - 2014-08-29 16:53 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-29 16:53 - 2014-08-29 16:53 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-29 16:53 - 2014-08-29 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-29 16:53 - 2014-08-06 20:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Google
2014-08-29 16:53 - 2014-08-06 20:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 16:51 - 2014-08-29 16:51 - 00000000 ____D () C:\Users\Josh\Desktop\Reg Backup
2014-08-29 16:17 - 2014-08-06 20:30 - 00000000 ____D () C:\Users\Josh\AppData\Local\VirtualStore
2014-08-29 16:14 - 2014-08-29 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Josh\Desktop\HijackThis.exe
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Local\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-29 01:35 - 2014-08-07 23:22 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-29 01:35 - 2014-08-07 23:22 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-28 23:32 - 2009-07-14 00:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 23:06 - 2014-08-28 23:06 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-28 23:06 - 2014-08-28 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-28 20:02 - 2014-08-28 20:02 - 01141680 _____ () C:\Users\Josh\Downloads\SteamSetup.exe
2014-08-27 22:09 - 2014-08-27 22:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Curse Advertising
2014-08-25 18:38 - 2014-08-13 02:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-25 06:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 22:07 - 2014-08-27 16:54 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 16:54 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 16:54 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 18:42

==================== End Of Log ============================

And here is the addition log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Josh at 2014-09-19 17:33:32
Running from C:\Users\Josh\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.14 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Wireless USB Utility (HKLM-x32\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (x32 Version: 6.3.2.16 - Belkin) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Control Panel 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3927883460-440213185-1545101782-1000_Classes\CLSID\{56f34ffe-58fc-4b2d-b9bc-ccdc5747576c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3927883460-440213185-1545101782-1000_Classes\CLSID\{d8c32691-9d6b-4db0-919f-4e6439d5f211}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-09-2014 07:00:20 Windows Update
16-09-2014 19:53:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-08-29 18:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8A28057A-76DD-4A92-9EA4-883E9C286033} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: {C01A4EB5-42AE-4DDC-B79F-D5ACBDD8F3F2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C51DDDEC-39D1-4092-A2F6-F1DFF30922C6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {CF020C36-E6ED-4F48-88FB-75A1B874F7F6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D3753B0A-CF08-41C1-9E8A-B3F82D2D7B8B} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {D96A4E9E-8E50-4AA6-B047-665DD265FDA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-02 11:44 - 2014-09-02 11:43 - 00014848 _____ () C:\Users\Josh\AppData\Local\Apps\2.0\W75C97V2.HYO\CCJK7TX9.CWQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll
2014-09-02 11:44 - 2014-09-02 11:43 - 00035840 _____ () C:\Users\Josh\AppData\Local\Apps\2.0\W75C97V2.HYO\CCJK7TX9.CWQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll
2014-09-02 11:44 - 2014-09-02 11:43 - 00099840 _____ () C:\Users\Josh\AppData\Local\Apps\2.0\W75C97V2.HYO\CCJK7TX9.CWQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll
2014-09-10 13:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-10 13:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-10 13:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-10 13:39 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-10 13:39 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-13 02:05 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-13 02:05 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-13 02:05 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-13 02:05 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-13 02:05 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-12 16:17 - 2014-09-12 16:17 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5011\libcef.dll
2014-09-12 16:17 - 2014-09-12 16:17 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5011\libglesv2.dll
2014-09-12 16:17 - 2014-09-12 16:17 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5011\libegl.dll
2014-08-13 02:49 - 2014-08-13 02:49 - 23950848 _____ () C:\Program Files (x86)\World of Warcraft\Utils\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 10:42:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 05:01:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11b4

Start Time: 01cfd1f1640559c9

Termination Time: 2

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: a67bea67-3de4-11e4-bdad-e3d87de7f1f4

Error: (09/16/2014 05:01:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370
Exception code: 0xc0000005
Fault offset: 0x000a9965
Faulting process id: 0x1804
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3

Error: (09/13/2014 03:25:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 09:17:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 08:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 08:17:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 04:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 02:59:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1220

Start Time: 01cfcd2953d10d0a

Termination Time: 1

Application Path: C:\Windows\system32\NOTEPAD.EXE

Report Id: 9afc5dbc-391c-11e4-a698-99766edc1cff

Error: (09/10/2014 11:47:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/18/2014 10:42:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.2.0 service failed to start due to the following error: 
%%2

Error: (09/18/2014 10:42:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.1.0 service failed to start due to the following error: 
%%2

Error: (09/16/2014 03:26:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (09/13/2014 03:25:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.2.0 service failed to start due to the following error: 
%%2

Error: (09/13/2014 03:25:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.1.0 service failed to start due to the following error: 
%%2

Error: (09/12/2014 09:17:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.2.0 service failed to start due to the following error: 
%%2

Error: (09/12/2014 09:17:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.1.0 service failed to start due to the following error: 
%%2

Error: (09/12/2014 08:54:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.2.0 service failed to start due to the following error: 
%%2

Error: (09/12/2014 08:54:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.1.0 service failed to start due to the following error: 
%%2

Error: (09/12/2014 08:17:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.2.0 service failed to start due to the following error: 
%%2


Microsoft Office Sessions:
=========================
Error: (09/18/2014 10:42:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 05:01:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.011b401cfd1f1640559c92C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exea67bea67-3de4-11e4-bdad-e3d87de7f1f4

Error: (09/16/2014 05:01:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a9965180401cfd1e724281800C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.109\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.109\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dlla14f3971-3de4-11e4-bdad-e3d87de7f1f4

Error: (09/13/2014 03:25:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 09:17:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 08:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 08:17:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 04:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 02:59:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.16385122001cfcd2953d10d0a1C:\Windows\system32\NOTEPAD.EXE9afc5dbc-391c-11e4-a698-99766edc1cff

Error: (09/10/2014 11:47:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-29 18:08:56.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-29 18:08:56.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 49%
Total physical RAM: 8109.12 MB
Available physical RAM: 4102.12 MB
Total Pagefile: 16216.41 MB
Available Pagefile: 11100.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:486.85 GB) NTFS
Drive d: (GV-N00001_11) (CDROM) (Total:1.26 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 46DEB98A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#4 Azire

Azire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 19 September 2014 - 04:48 PM

aswMBR scan. 

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-19 17:38:28
-----------------------------
17:38:28.606    OS Version: Windows x64 6.1.7601 Service Pack 1
17:38:28.606    Number of processors: 4 586 0x2A07
17:38:28.606    ComputerName: JOSH-PC  UserName: Josh
17:38:29.829    Initialize success
17:38:29.857    VM: initialized successfully
17:38:29.858    VM: Intel CPU supported 
17:38:42.712    VM: supported disk I/O ataport.SYS
17:41:43.252    AVAST engine defs: 14091901
17:41:47.944    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:41:47.946    Disk 0 Vendor: WDC_WD6402AAEX-00Y9A0 01.01V01 Size: 610480MB BusType: 3
17:41:48.048    Disk 0 MBR read successfully
17:41:48.051    Disk 0 MBR scan
17:41:48.054    Disk 0 Windows 7 default MBR code
17:41:48.057    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:41:48.064    Disk 0 default boot code
17:41:48.076    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       610378 MB offset 206848
17:41:48.088    Disk 0 scanning C:\Windows\system32\drivers
17:41:52.918    Service scanning
17:42:04.219    Modules scanning
17:42:04.225    Disk 0 trace - called modules:
17:42:04.239    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
17:42:04.242    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ac5060]
17:42:04.246    3 CLASSPNP.SYS[fffff880018b143f] -> nt!IofCallDriver -> [0xfffffa800781c520]
17:42:04.248    5 ACPI.sys[fffff88000f4c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007810060]
17:42:05.381    AVAST engine scan C:\Windows
17:42:07.153    AVAST engine scan C:\Windows\system32
17:44:03.275    AVAST engine scan C:\Windows\system32\drivers
17:44:09.616    AVAST engine scan C:\Users\Josh
17:45:27.605    AVAST engine scan C:\ProgramData
17:45:36.522    Scan finished successfully
17:47:04.692    Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
17:47:04.696    The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"

Edited by Azire, 19 September 2014 - 04:54 PM.


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 22 September 2014 - 03:50 AM

Looks like your router is infected.

Do you have your ISP´s information to reset and reconfigure it?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Azire

Azire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 22 September 2014 - 11:28 AM

I've reset my router to factory settings before I got this virus, i'll try when I get home, thank you i'll come back if I fix it or if I don't. One question, before I do this should I try to clean my pc then turn it off or should I use DBAN or a simple reformat? Thank you.


Edited by Azire, 22 September 2014 - 11:29 AM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 23 September 2014 - 07:35 AM

Resetting the router only will not do the trick.


1. Very important: First disconnect your computer from the internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

3. Reset the IP/DNS settings of your interent connection:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
  • Under General tab:
  • Select "Obtain an IP address automatically".
  • Select "Obtain DNS server address automatically".
  • Click OK twice to save the settings.
  • Reboot if you had to change any setting.

4. Flush the DNS cache:
  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:

    ipconfig /flushdns
    Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

 

When finished, rescan with FRST and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Azire

Azire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 24 September 2014 - 02:36 AM

Pretty sure it worked, tried to get one to pop-up nothing at all, here's the FRST scan.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Josh (administrator) on JOSH-PC on 24-09-2014 03:35:01
Running from C:\Users\Josh\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Curse) C:\Users\Josh\AppData\Local\Apps\2.0\W75C97V2.HYO\CCJK7TX9.CWQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5011\Battle.net.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Spotify Ltd) C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Codeusa Software) C:\Users\Josh\Desktop\Borderless\BorderlessGaming.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3927883460-440213185-1545101782-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-3927883460-440213185-1545101782-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-3927883460-440213185-1545101782-1000\...\Run: [Spotify] => C:\Users\Josh\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-22] (Spotify Ltd)
HKU\S-1-5-21-3927883460-440213185-1545101782-1000\...\Run: [Spotify Web Helper] => C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-22] (Spotify Ltd)
Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * ROBoot64 \??\C:\Windows\system32\ASOROSet.binsdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A52F224D7B1CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 206.248.154.22 206.248.154.170

FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\x3lurf0t.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Josh\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.ca/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (AdBlock) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
CHR Extension: (Blockulicious) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Josh\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Josh\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 03:34 - 2014-09-24 03:34 - 00000000 ____D () C:\Users\Josh\Desktop\FRST-OlderVersion
2014-09-24 03:32 - 2014-09-24 03:32 - 00002151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys Connect.lnk
2014-09-24 03:32 - 2014-09-24 03:32 - 00000000 ____D () C:\Program Files (x86)\Linksys
2014-09-24 03:25 - 2014-09-24 03:29 - 00001348 _____ () C:\Users\Josh\Desktop\New Text Document.txt
2014-09-24 03:24 - 2014-09-24 03:24 - 21174896 _____ (Belkin International, Inc.) C:\Users\Josh\Downloads\LinksysConnect.E1200.1.5.13291.0.exe
2014-09-24 03:24 - 2014-09-24 03:24 - 21174896 _____ (Belkin International, Inc.) C:\Users\Josh\Desktop\LinksysConnect.E1200.1.5.13291.0.exe
2014-09-24 03:24 - 2014-09-24 03:24 - 00000000 ____D () C:\ProgramData\Linksys
2014-09-23 15:25 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:25 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 23:34 - 2014-09-23 18:06 - 00000000 ____D () C:\Users\Josh\AppData\Local\Warframe
2014-09-22 15:34 - 2014-09-24 00:27 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Spotify
2014-09-22 15:34 - 2014-09-23 15:21 - 00000000 ____D () C:\Users\Josh\AppData\Local\Spotify
2014-09-22 15:34 - 2014-09-22 15:34 - 00001748 _____ () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\ProgramData\Gyazo
2014-09-22 15:10 - 2014-09-22 15:10 - 00136864 _____ (Spotify Ltd) C:\Users\Josh\Downloads\SpotifySetup.exe
2014-09-21 02:22 - 2014-09-21 02:23 - 691624892 _____ () C:\Users\Josh\Downloads\CSS Content Addon (Jul2014).rar
2014-09-21 02:06 - 2014-09-21 02:06 - 12783287 _____ () C:\Users\Josh\Downloads\rp_downtown_v4c_v2.zip
2014-09-19 17:47 - 2014-09-19 17:47 - 00002131 _____ () C:\Users\Josh\Desktop\aswMBR.txt
2014-09-19 17:47 - 2014-09-19 17:47 - 00000512 _____ () C:\Users\Josh\Desktop\MBR.dat
2014-09-19 17:33 - 2014-09-19 17:33 - 00022369 _____ () C:\Users\Josh\Desktop\Addition.txt
2014-09-19 17:32 - 2014-09-24 03:35 - 00010357 _____ () C:\Users\Josh\Desktop\FRST.txt
2014-09-19 17:32 - 2014-09-24 03:35 - 00000000 ____D () C:\FRST
2014-09-19 17:32 - 2014-09-24 03:34 - 02106880 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Downloads\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Desktop\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 02105856 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2014-09-18 22:40 - 2014-09-18 22:40 - 01373475 _____ () C:\Users\Josh\Downloads\AdwCleaner.exe
2014-09-18 22:40 - 2014-09-18 22:40 - 00000000 ____D () C:\AdwCleaner
2014-09-13 03:05 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:05 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:05 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:05 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:05 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:05 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:05 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:05 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:05 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:05 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:05 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:05 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:05 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:05 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:05 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:05 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:05 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:05 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:05 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:05 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:05 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:05 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:05 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:05 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:05 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:05 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:05 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:05 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:05 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:05 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:05 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:05 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:05 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:05 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:05 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:05 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:05 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:05 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:05 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:05 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:05 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:05 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:05 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:05 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:05 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:05 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:05 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:05 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:05 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:05 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:05 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 03:04 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:04 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:04 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:04 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:04 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 22:55 - 2014-09-12 22:56 - 00000000 ____D () C:\Users\Josh\AppData\Local\PAYDAY 2
2014-09-12 21:20 - 2014-09-12 21:20 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:18 - 2014-09-12 21:18 - 00000000 ____D () C:\Windows\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2014-09-12 20:14 - 2014-09-12 20:14 - 00295608 _____ () C:\Windows\Minidump\091214-18969-01.dmp
2014-09-12 15:33 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 15:33 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 15:33 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 15:33 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 15:33 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 15:33 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 15:33 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 15:33 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 15:33 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 17:15 - 2014-09-10 17:15 - 00688992 _____ (Swearware) C:\Users\Josh\Downloads\dds.com
2014-09-10 13:39 - 2014-09-10 14:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 13:39 - 2014-09-10 13:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 13:39 - 2014-09-10 13:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-10 13:39 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-10 13:38 - 2014-09-10 13:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Josh\Downloads\spybot-2.4.exe
2014-09-10 11:16 - 2014-09-10 11:16 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-10 11:14 - 2014-09-10 11:14 - 01922688 _____ () C:\Users\Josh\Downloads\winrar-x64-511.exe
2014-09-06 17:21 - 2014-09-06 17:21 - 00001652 _____ () C:\Windows\system32\ASOROSet.bin
2014-09-06 17:21 - 2014-09-06 17:21 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-09-06 17:09 - 2014-09-06 17:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-06 16:57 - 2014-09-13 01:21 - 00002502 _____ () C:\Users\Josh\Desktop\Rkill.txt
2014-09-06 16:57 - 2014-09-06 16:57 - 00000000 ____D () C:\Users\Josh\Desktop\RKILL
2014-09-06 16:34 - 2014-09-06 16:34 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Josh\Downloads\rkill.scr
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Josh\AppData\Local\Avg
2014-09-06 14:57 - 2014-09-20 15:01 - 00000600 _____ () C:\Users\Josh\PUTTY.RND
2014-09-02 11:30 - 2014-09-02 11:34 - 00000000 ____D () C:\ComboFix
2014-08-31 00:04 - 2014-08-31 00:04 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Macromedia
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-29 18:05 - 2014-09-02 11:30 - 00000000 ____D () C:\Qoobox
2014-08-29 18:05 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 18:05 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 18:05 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 18:05 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 18:04 - 2014-08-29 18:09 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 ____R (Swearware) C:\Users\Josh\Desktop\ComboFix.exe
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 _____ (Swearware) C:\Users\Josh\Downloads\ComboFix.exe
2014-08-29 16:53 - 2014-09-24 02:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-29 16:53 - 2014-09-23 16:58 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-29 16:53 - 2014-08-29 16:53 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-29 16:53 - 2014-08-29 16:53 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-29 16:53 - 2014-08-29 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-29 16:52 - 2014-09-06 17:03 - 00000000 ____D () C:\Users\Josh\Desktop\backups
2014-08-29 16:51 - 2014-08-29 16:51 - 00000000 ____D () C:\Users\Josh\Desktop\Reg Backup
2014-08-29 16:17 - 2014-09-06 17:00 - 00006227 _____ () C:\Users\Josh\Desktop\hijackthis.log
2014-08-29 16:14 - 2014-08-29 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Josh\Desktop\HijackThis.exe
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Local\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-28 23:06 - 2014-09-24 03:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-28 23:06 - 2014-08-28 23:06 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-28 23:06 - 2014-08-28 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-28 20:02 - 2014-08-28 20:02 - 01141680 _____ () C:\Users\Josh\Downloads\SteamSetup.exe
2014-08-27 22:09 - 2014-08-27 22:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Curse Advertising
2014-08-27 22:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-27 16:54 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 16:54 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 16:54 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 03:35 - 2014-09-19 17:32 - 00010357 _____ () C:\Users\Josh\Desktop\FRST.txt
2014-09-24 03:35 - 2014-09-19 17:32 - 00000000 ____D () C:\FRST
2014-09-24 03:34 - 2014-09-24 03:34 - 00000000 ____D () C:\Users\Josh\Desktop\FRST-OlderVersion
2014-09-24 03:34 - 2014-09-19 17:32 - 02106880 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-09-24 03:34 - 2014-08-28 23:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-24 03:34 - 2014-08-06 21:43 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Skype
2014-09-24 03:33 - 2014-08-10 01:13 - 00000000 ____D () C:\Users\Josh\AppData\Local\Battle.net
2014-09-24 03:32 - 2014-09-24 03:32 - 00002151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys Connect.lnk
2014-09-24 03:32 - 2014-09-24 03:32 - 00000000 ____D () C:\Program Files (x86)\Linksys
2014-09-24 03:32 - 2014-08-06 23:10 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TS3Client
2014-09-24 03:29 - 2014-09-24 03:25 - 00001348 _____ () C:\Users\Josh\Desktop\New Text Document.txt
2014-09-24 03:24 - 2014-09-24 03:24 - 21174896 _____ (Belkin International, Inc.) C:\Users\Josh\Downloads\LinksysConnect.E1200.1.5.13291.0.exe
2014-09-24 03:24 - 2014-09-24 03:24 - 21174896 _____ (Belkin International, Inc.) C:\Users\Josh\Desktop\LinksysConnect.E1200.1.5.13291.0.exe
2014-09-24 03:24 - 2014-09-24 03:24 - 00000000 ____D () C:\ProgramData\Linksys
2014-09-24 03:13 - 2009-07-14 00:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 03:13 - 2009-07-14 00:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 03:01 - 2014-08-06 20:32 - 01448946 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 02:58 - 2014-08-29 16:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 00:27 - 2014-09-22 15:34 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Spotify
2014-09-23 23:50 - 2014-08-07 01:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 18:06 - 2014-09-22 23:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Warframe
2014-09-23 16:58 - 2014-08-29 16:53 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 15:21 - 2014-09-22 15:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Spotify
2014-09-22 23:35 - 2014-08-06 23:31 - 00027808 _____ () C:\Windows\DirectX.log
2014-09-22 19:00 - 2014-08-10 01:14 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-22 15:34 - 2014-09-22 15:34 - 00001748 _____ () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\ProgramData\Gyazo
2014-09-22 15:27 - 2014-08-06 23:27 - 00003740 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-09-22 15:27 - 2014-08-06 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-09-22 15:27 - 2014-08-06 23:27 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-09-22 15:10 - 2014-09-22 15:10 - 00136864 _____ (Spotify Ltd) C:\Users\Josh\Downloads\SpotifySetup.exe
2014-09-21 05:49 - 2014-08-06 20:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Deployment
2014-09-21 02:23 - 2014-09-21 02:22 - 691624892 _____ () C:\Users\Josh\Downloads\CSS Content Addon (Jul2014).rar
2014-09-21 02:06 - 2014-09-21 02:06 - 12783287 _____ () C:\Users\Josh\Downloads\rp_downtown_v4c_v2.zip
2014-09-20 15:01 - 2014-09-06 14:57 - 00000600 _____ () C:\Users\Josh\PUTTY.RND
2014-09-20 15:01 - 2014-08-11 21:12 - 00000000 ____D () C:\Users\Josh\Desktop\Pandora
2014-09-19 17:47 - 2014-09-19 17:47 - 00002131 _____ () C:\Users\Josh\Desktop\aswMBR.txt
2014-09-19 17:47 - 2014-09-19 17:47 - 00000512 _____ () C:\Users\Josh\Desktop\MBR.dat
2014-09-19 17:33 - 2014-09-19 17:33 - 00022369 _____ () C:\Users\Josh\Desktop\Addition.txt
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Downloads\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 05185536 _____ (AVAST Software) C:\Users\Josh\Desktop\aswmbr.exe
2014-09-19 17:32 - 2014-09-19 17:32 - 02105856 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2014-09-18 22:46 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 22:41 - 2014-08-07 11:32 - 00050606 _____ () C:\Windows\PFRO.log
2014-09-18 22:41 - 2014-08-06 21:44 - 00003821 _____ () C:\Windows\setupact.log
2014-09-18 22:41 - 2014-08-06 20:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-18 22:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 22:40 - 2014-09-18 22:40 - 01373475 _____ () C:\Users\Josh\Downloads\AdwCleaner.exe
2014-09-18 22:40 - 2014-09-18 22:40 - 00000000 ____D () C:\AdwCleaner
2014-09-17 18:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-16 17:01 - 2014-08-07 03:20 - 00000000 ____D () C:\Users\Josh\AppData\Local\CrashDumps
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 19:44 - 2014-08-10 01:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-13 23:45 - 2014-08-08 22:10 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-09-13 03:03 - 2014-08-07 03:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 03:03 - 2014-08-06 21:28 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 03:01 - 2014-08-07 03:55 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 01:21 - 2014-09-06 16:57 - 00002502 _____ () C:\Users\Josh\Desktop\Rkill.txt
2014-09-12 22:56 - 2014-09-12 22:55 - 00000000 ____D () C:\Users\Josh\AppData\Local\PAYDAY 2
2014-09-12 22:55 - 2014-08-06 20:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-12 21:20 - 2014-09-12 21:20 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:18 - 2014-09-12 21:18 - 00000000 ____D () C:\Windows\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
2014-09-12 21:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 20:14 - 2014-09-12 20:14 - 00295608 _____ () C:\Windows\Minidump\091214-18969-01.dmp
2014-09-12 20:14 - 2014-08-10 00:17 - 540459584 _____ () C:\Windows\MEMORY.DMP
2014-09-12 20:14 - 2014-08-10 00:17 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 17:15 - 2014-09-10 17:15 - 00688992 _____ (Swearware) C:\Users\Josh\Downloads\dds.com
2014-09-10 16:23 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\RemotePackages
2014-09-10 14:20 - 2014-09-10 13:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 13:42 - 2014-09-10 13:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 13:39 - 2014-09-10 13:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-10 13:39 - 2014-09-10 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-10 13:38 - 2014-09-10 13:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Josh\Downloads\spybot-2.4.exe
2014-09-10 11:16 - 2014-09-10 11:16 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-10 11:15 - 2014-09-10 11:15 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-10 11:14 - 2014-09-10 11:14 - 01922688 _____ () C:\Users\Josh\Downloads\winrar-x64-511.exe
2014-09-09 18:11 - 2014-09-23 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 17:47 - 2014-09-23 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-07 16:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-09-06 17:27 - 2014-08-06 20:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-06 17:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-09-06 17:21 - 2014-09-06 17:21 - 00001652 _____ () C:\Windows\system32\ASOROSet.bin
2014-09-06 17:21 - 2014-09-06 17:21 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-09-06 17:09 - 2014-09-06 17:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-06 17:08 - 2014-09-06 17:08 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-06 17:03 - 2014-08-29 16:52 - 00000000 ____D () C:\Users\Josh\Desktop\backups
2014-09-06 17:00 - 2014-08-29 16:17 - 00006227 _____ () C:\Users\Josh\Desktop\hijackthis.log
2014-09-06 16:57 - 2014-09-06 16:57 - 00000000 ____D () C:\Users\Josh\Desktop\RKILL
2014-09-06 16:34 - 2014-09-06 16:34 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Josh\Downloads\rkill.scr
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Josh\AppData\Local\Avg
2014-09-06 14:57 - 2014-08-06 20:30 - 00000000 ____D () C:\Users\Josh
2014-09-02 11:35 - 2014-08-06 20:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Apps\2.0
2014-09-02 11:34 - 2014-09-02 11:30 - 00000000 ____D () C:\ComboFix
2014-09-02 11:33 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 11:30 - 2014-08-29 18:05 - 00000000 ____D () C:\Qoobox
2014-09-01 03:35 - 2014-08-10 01:13 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Battle.net
2014-08-31 00:04 - 2014-08-31 00:04 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Macromedia
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-29 18:10 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-29 18:09 - 2014-08-29 18:04 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 ____R (Swearware) C:\Users\Josh\Desktop\ComboFix.exe
2014-08-29 17:54 - 2014-08-29 17:54 - 05576760 _____ (Swearware) C:\Users\Josh\Downloads\ComboFix.exe
2014-08-29 16:53 - 2014-08-29 16:53 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-29 16:53 - 2014-08-29 16:53 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-29 16:53 - 2014-08-29 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-29 16:53 - 2014-08-06 20:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\Google
2014-08-29 16:53 - 2014-08-06 20:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 16:51 - 2014-08-29 16:51 - 00000000 ____D () C:\Users\Josh\Desktop\Reg Backup
2014-08-29 16:17 - 2014-08-06 20:30 - 00000000 ____D () C:\Users\Josh\AppData\Local\VirtualStore
2014-08-29 16:14 - 2014-08-29 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Josh\Desktop\HijackThis.exe
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\Users\Josh\AppData\Local\Mozilla
2014-08-29 15:54 - 2014-08-29 15:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-29 01:35 - 2014-08-07 23:22 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-29 01:35 - 2014-08-07 23:22 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-28 23:32 - 2009-07-14 00:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 23:06 - 2014-08-28 23:06 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-28 23:06 - 2014-08-28 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-28 20:02 - 2014-08-28 20:02 - 01141680 _____ () C:\Users\Josh\Downloads\SteamSetup.exe
2014-08-27 22:09 - 2014-08-27 22:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Curse Advertising
2014-08-25 18:38 - 2014-08-13 02:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

Some content of TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 18:42

==================== End Of Log ============================


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 24 September 2014 - 07:51 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Azire

Azire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 24 September 2014 - 05:37 PM

Malware Bytes anti-malware log 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/24/2014
Scan Time: 4:29:51 PM
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.24.10
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Josh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312323
Time Elapsed: 5 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ESET didn't find any threats. no pop-ups still I think we got it man :)



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 25 September 2014 - 06:39 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Azire

Azire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 26 September 2014 - 10:31 AM

Adwcleaner

# AdwCleaner v3.310 - Report created 26/09/2014 at 11:13:37
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Josh - JOSH-PC
# Running from : C:\Users\Josh\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\x3lurf0t.default\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1166 octets] - [18/09/2014 22:40:14]
AdwCleaner[R1].txt - [1294 octets] - [26/09/2014 11:12:15]
AdwCleaner[S0].txt - [1235 octets] - [18/09/2014 22:40:39]
AdwCleaner[S1].txt - [1219 octets] - [26/09/2014 11:13:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1279 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.2 (09.26.2014:2)
OS: Windows 7 Ultimate x64
Ran by Josh on Fri 09/26/2014 at 11:18:40.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/26/2014 at 11:20:21.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Security check opened this message after I restarted my PC
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
 


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 29 September 2014 - 04:17 AM


SecurityCheck

Reboot your system before starting!

...

:rolleyes:
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Azire

Azire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 29 September 2014 - 06:46 PM

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 Windows Firewall Enabled!  
 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] 
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 Spybot - Search & Destroy 
 AVG Web TuneUp   
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
 WinPatrol winpatrol.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 [b][color=red]Spybot Teatimer.exe is disabled![/color][/b] 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Ruiware WinPatrol WinPatrol.exe  
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C: 6% 
[b][u]````````````````````End of Log``````````````````````[/b][/u] 

Must have done something wrong last time, I remember restarting my pc.



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 30 September 2014 - 09:04 AM

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users