Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc plagued by malware/trojans


  • This topic is locked This topic is locked
13 replies to this topic

#1 gecko1138

gecko1138

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 12 December 2014 - 07:36 AM

I have a laptop plagues by trojans/malware. Chrome/Ie/Firefox are nearly unusable due to the amount of pop ups and redirects. Any help would be appeciated,,,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Mattawww (administrator) on MATTAWWW-PC on 12-12-2014 04:06:13
Running from C:\Users\Mattawww\Downloads
Loaded Profile: Mattawww (Available profiles: Mattawww)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Spotify Ltd) C:\Users\Mattawww\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Mattawww\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2184520 2013-01-17] (SRS Labs, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [578048 2013-07-12] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Run: [Spotify Web Helper] => C:\Users\Mattawww\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-28] (Spotify Ltd)
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\RunOnce: [Adobe Speed Launcher] => 1418385058
Startup: C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-613778204-4134821113-2817702338-1000 -> {2712D99C-618A-4839-AFC8-6E6AD8FC230F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default
FF SearchEngineOrder.2: 
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-613778204-4134821113-2817702338-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mattawww\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-613778204-4134821113-2817702338-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mattawww\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-613778204-4134821113-2817702338-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mattawww\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\searchplugins\the-pirate-bay.xml
FF SearchPlugin: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\searchplugins\youtube-video-search.xml
FF Extension: choosefun - C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\Extensions\Y7KuPbYC@s.edu [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-10]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google Cast) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-02]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-10-02]
CHR Extension: (Google Search) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Google Wallet) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-21] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2013-10-27] (VSO Software) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 04:06 - 2014-12-12 04:07 - 00016506 _____ () C:\Users\Mattawww\Downloads\FRST.txt
2014-12-12 04:06 - 2014-12-12 04:06 - 00000000 ____D () C:\FRST
2014-12-12 04:04 - 2014-12-12 04:04 - 02119680 _____ (Farbar) C:\Users\Mattawww\Downloads\FRST64 (1).exe
2014-12-12 03:32 - 2014-12-12 03:32 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-12 03:16 - 2014-12-12 03:16 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-12-12 03:16 - 2014-12-12 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-12 03:15 - 2014-12-12 03:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-12 03:12 - 2014-12-12 03:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-12 03:08 - 2014-12-12 03:11 - 11222744 _____ (SurfRight B.V.) C:\Users\Mattawww\Downloads\HitmanPro_x64.exe
2014-12-12 03:01 - 2014-12-12 03:40 - 00000000 ____D () C:\Users\Mattawww\Downloads\22 Jump Street (2014) BRRip (xvid) NL Subs. DMT
2014-12-12 01:34 - 2014-12-12 02:16 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Popcorn-Time
2014-12-12 01:33 - 2014-12-12 01:33 - 00002226 _____ () C:\Users\Mattawww\Desktop\Popcorn Time.lnk
2014-12-12 01:33 - 2014-12-12 01:33 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-12-12 01:31 - 2014-12-12 01:33 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Popcorn Time
2014-12-12 01:30 - 2014-12-12 01:30 - 22926008 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5.3-Setup (2).exe
2014-12-11 03:46 - 2014-12-11 03:46 - 00000000 ____D () C:\Program Files\Nightly
2014-12-10 18:03 - 2014-12-12 03:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 18:03 - 2014-12-10 18:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 18:02 - 2014-12-10 18:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:02 - 2014-12-10 18:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 17:12 - 2014-12-10 17:12 - 00021508 _____ () C:\ComboFix.txt
2014-12-10 16:52 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-10 16:52 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-10 16:52 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-10 16:51 - 2014-12-10 17:12 - 00000000 ____D () C:\Qoobox
2014-12-10 16:51 - 2014-12-10 17:10 - 00000000 ____D () C:\Windows\erdnt
2014-12-10 16:45 - 2014-12-10 16:46 - 05600944 ____R (Swearware) C:\Users\Mattawww\Desktop\ComboFix.exe
2014-12-10 16:16 - 2014-12-10 16:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 10:11 - 2014-12-10 10:11 - 00000000 __SHD () C:\Users\Mattawww\AppData\Local\EmieBrowserModeList
2014-12-10 02:58 - 2014-12-10 14:43 - 00000000 ____D () C:\Users\Mattawww\Downloads\The.Guest.2014.HDRip.XviD.MP3-RARBG
2014-12-09 11:55 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 11:55 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 11:55 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 11:55 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 11:55 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 11:55 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 11:55 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 11:55 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 11:55 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 11:55 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 11:55 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 11:55 - 2014-11-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 11:55 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 11:55 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 11:55 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 11:55 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 11:55 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 11:55 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 11:55 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 11:55 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 11:55 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 11:55 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 11:55 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 11:55 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 11:55 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 11:55 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 11:55 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 11:55 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 11:55 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 11:55 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 11:55 - 2014-11-21 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 11:55 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 11:55 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 11:55 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 11:55 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 11:55 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 11:55 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 11:55 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 11:55 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 11:55 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 11:55 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 11:55 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 11:55 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 11:55 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 11:55 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 11:55 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 11:55 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 11:55 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 11:55 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 11:55 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 11:55 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 11:55 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 11:55 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 11:55 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 11:55 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 11:54 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 11:54 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 11:54 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-08 13:24 - 2014-12-08 13:24 - 00000000 ____D () C:\Users\Mattawww\Downloads\Modest Mouse Discography 320kbps
2014-12-07 19:24 - 2014-12-07 19:24 - 00000000 ____D () C:\Users\Mattawww\Downloads\J. Cole - 2014 Forest Hills Drive - AlbumJams.com
2014-12-07 16:51 - 2014-12-07 16:54 - 00000000 ____D () C:\Users\Mattawww\Downloads\88 Keys-Death Of Adam
2014-12-07 00:49 - 2014-12-07 00:51 - 00000000 ____D () C:\Users\Mattawww\Downloads\Neighbors (2014)
2014-12-05 15:27 - 2014-12-05 15:27 - 52067986 _____ (Popcorn Time ) C:\Users\Mattawww\Downloads\PopcornTime-latest (4).exe
2014-12-05 15:07 - 2014-12-05 15:07 - 22926008 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5.3-Setup (1).exe
2014-12-05 14:58 - 2014-12-05 14:58 - 00002138 _____ () C:\Users\Mattawww\Desktop\TorrenTV.lnk
2014-12-05 14:58 - 2014-12-05 14:58 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TorrenTV
2014-12-05 14:57 - 2014-12-07 00:27 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\TorrenTV
2014-12-05 14:56 - 2014-12-05 14:56 - 00000000 ____D () C:\Users\Mattawww\Downloads\TorrenTV-0.9.9-Win (1)
2014-12-05 14:55 - 2014-12-05 14:56 - 23573624 _____ () C:\Users\Mattawww\Downloads\TorrenTV-0.9.9-Win (1).zip
2014-12-05 14:40 - 2014-12-05 14:41 - 22772569 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn Time-0.3.4-Setup (1).exe
2014-12-05 14:30 - 2014-12-05 14:31 - 22912120 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5-4-d77a46516-Win-Signed-Setup.exe
2014-12-05 13:43 - 2014-12-12 02:48 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000UA.job
2014-12-05 13:43 - 2014-12-11 17:15 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000Core.job
2014-12-05 13:43 - 2014-12-05 13:43 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000UA
2014-12-05 13:43 - 2014-12-05 13:43 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000Core
2014-12-05 13:43 - 2014-12-05 13:43 - 00001218 _____ () C:\Users\Mattawww\Desktop\Chromecast.lnk
2014-12-05 13:43 - 2014-12-05 13:43 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-05 13:42 - 2014-12-05 13:42 - 00880784 _____ (Google Inc.) C:\Users\Mattawww\Downloads\chromecastinstaller.exe
2014-12-03 19:04 - 2014-12-07 16:35 - 00000000 ____D () C:\Users\Mattawww\Downloads\Cursive Discography (1995-2009)
2014-12-03 03:26 - 2014-12-03 03:27 - 00000000 ____D () C:\Users\Mattawww\Downloads\Toy.Story-That.Time.Forgot.2014.HDTV.x264-BATV[ettv]
2014-12-03 03:25 - 2014-12-03 03:25 - 00019662 _____ () C:\Users\Mattawww\Downloads\[kickass.so]toy.story.that.time.forgot.2014.hdtv.x264.batv.ettv.torrent
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\Mattawww\Downloads\7 Meditations Windows 64-bit
2014-12-02 09:36 - 2014-12-02 09:37 - 22926008 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5.3-Setup.exe
2014-12-02 00:31 - 2014-12-02 00:31 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\CrashRpt
2014-12-01 23:13 - 2014-12-01 23:20 - 34775389 _____ () C:\Users\Mattawww\Downloads\7 Meditations Windows 64-bit.zip
2014-11-30 01:03 - 2014-11-30 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
2014-11-30 01:03 - 2014-11-30 01:03 - 00000000 ____D () C:\Program Files (x86)\RegInOut System Utilities
2014-11-29 12:40 - 2014-11-29 12:40 - 00000000 ____D () C:\Users\Mattawww\Downloads\Wu-Tang Clan - A Better Tomorrow - AlbumJams.com
2014-11-29 12:40 - 2014-11-29 12:40 - 00000000 ____D () C:\Users\Mattawww\Downloads\ASAP Ferg - Ferg Forever - MixtapeBooth.com
2014-11-29 11:13 - 2014-11-29 11:19 - 90903527 _____ () C:\Users\Mattawww\Downloads\ASAP Ferg - Ferg Forever - MixtapeBooth.com.zip
2014-11-29 00:09 - 2014-11-29 00:09 - 00034816 _____ () C:\Users\Mattawww\Downloads\VideostreamNetworkRepair.exe
2014-11-27 11:53 - 2014-12-12 03:50 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-26 12:57 - 2014-11-26 12:57 - 02148864 _____ () C:\Users\Mattawww\Downloads\adwcleaner_4.102.exe
2014-11-26 12:55 - 2014-11-26 12:55 - 02117632 _____ (Farbar) C:\Users\Mattawww\Downloads\FRST64.exe
2014-11-26 12:54 - 2014-12-07 00:21 - 00000004 _____ () C:\Users\Mattawww\AppData\Roaming\appdataFr2.bin
2014-11-26 09:55 - 2014-11-26 09:55 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-26 09:54 - 2014-11-26 09:54 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-26 09:54 - 2014-11-26 09:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-19 11:32 - 2014-11-19 11:32 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\app
2014-11-19 11:27 - 2014-11-19 11:27 - 22772569 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn Time-0.3.4-Setup.exe
2014-11-19 11:19 - 2014-11-19 11:19 - 24517123 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5.2-Setup (1).exe
2014-11-19 10:57 - 2014-11-19 10:58 - 35536132 _____ () C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.4-Mac.dmg
2014-11-19 10:42 - 2014-11-19 10:43 - 22959545 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5-2-960559039-Win-Setup.exe
2014-11-19 10:20 - 2014-11-19 10:27 - 24517123 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5.2-Setup.exe
2014-11-19 09:52 - 2014-11-19 09:53 - 52067986 _____ (Popcorn Time ) C:\Users\Mattawww\Downloads\PopcornTime-latest (3).exe
2014-11-18 10:15 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 10:15 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 10:15 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 10:15 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 03:59 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-12 03:59 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-12 03:57 - 2013-06-07 20:21 - 01082577 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 03:53 - 2014-09-24 17:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 03:53 - 2014-07-16 14:07 - 00000000 ___RD () C:\Users\Mattawww\Dropbox
2014-12-12 03:53 - 2014-07-16 13:59 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Dropbox
2014-12-12 03:51 - 2013-08-06 13:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-12 03:50 - 2013-08-06 13:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-12 03:49 - 2014-07-16 21:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 03:49 - 2013-06-09 16:44 - 00366844 _____ () C:\Windows\PFRO.log
2014-12-12 03:49 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2014-12-12 03:49 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 03:49 - 2009-07-13 20:51 - 00086214 _____ () C:\Windows\setupact.log
2014-12-12 03:48 - 2014-01-22 21:18 - 07358864 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-12 03:47 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-12 03:46 - 2013-06-08 22:27 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\uTorrent
2014-12-12 03:32 - 2013-12-29 19:22 - 00000000 ____D () C:\Users\Mattawww\Downloads\Guacamelee
2014-12-12 03:17 - 2013-06-08 23:13 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\vlc
2014-12-12 03:01 - 2014-08-01 11:23 - 00000000 ____D () C:\Users\Mattawww\Documents\Torrents
2014-12-11 23:52 - 2014-05-28 17:35 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\wf-launcher
2014-12-11 23:33 - 2014-05-28 17:35 - 00000000 ____D () C:\ProgramData\GFACE
2014-12-11 20:30 - 2014-09-11 04:19 - 00000000 ____D () C:\Windows\rescache
2014-12-10 19:24 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 18:31 - 2014-04-27 15:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-10 18:03 - 2014-07-16 14:07 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Adobe
2014-12-10 17:09 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-10 16:16 - 2014-07-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 16:16 - 2014-07-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-10 14:33 - 2014-06-12 22:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-10 14:33 - 2014-06-12 22:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 14:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:29 - 2013-07-14 13:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:17 - 2013-06-19 02:02 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 03:15 - 2014-06-12 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-09 10:43 - 2013-09-28 22:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-07 18:04 - 2013-06-18 13:16 - 00000000 ____D () C:\ProgramData\Soulseek
2014-12-07 09:03 - 2014-01-13 11:20 - 00000362 _____ () C:\Windows\Tasks\RegInOut Scheduled Scan - Mattawww.job
2014-12-07 03:07 - 2014-01-13 11:24 - 00000000 ____D () C:\ProgramData\Backup
2014-12-07 03:00 - 2014-01-26 03:00 - 00004271 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-06 10:35 - 2009-07-13 21:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-05 13:43 - 2013-06-22 22:16 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Google
2014-12-04 13:04 - 2013-12-30 15:57 - 00000000 ____D () C:\Users\Mattawww\Desktop\new stuff
2014-12-04 13:04 - 2013-10-03 12:40 - 00000000 ____D () C:\Users\Mattawww\Desktop\progz
2014-12-04 13:03 - 2013-10-03 12:41 - 00000000 ____D () C:\Users\Mattawww\Desktop\gamz
2014-11-30 00:30 - 2014-09-25 03:29 - 00000000 ____D () C:\AdwCleaner
2014-11-26 13:05 - 2013-07-12 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-26 12:44 - 2013-06-23 00:07 - 00000000 ____D () C:\games
2014-11-26 12:43 - 2013-10-29 00:11 - 00000000 ____D () C:\Program Files (x86)\The Wolf Among Us
2014-11-26 12:42 - 2014-04-17 18:01 - 00000000 ____D () C:\Program Files (x86)\The Mighty Quest For Epic Loot
2014-11-26 12:22 - 2014-01-13 11:20 - 00000000 ____D () C:\Program Files (x86)\RegInOut
2014-11-26 12:21 - 2014-01-24 23:02 - 00000000 ____D () C:\Users\Mattawww\Documents\My Extracted Files
2014-11-26 03:24 - 2013-07-04 15:31 - 00000000 ____D () C:\Program Files (x86)\Sharepod
2014-11-26 03:16 - 2014-10-24 15:57 - 00000000 ____D () C:\ProgramData\MediaMall
2014-11-26 03:15 - 2013-06-07 20:24 - 00000000 ____D () C:\Users\Mattawww
2014-11-26 03:11 - 2014-09-13 10:46 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\DVDVideoSoft
2014-11-21 06:14 - 2014-07-14 03:02 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-07-14 03:02 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-08-08 04:21 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 16:57 - 2014-07-16 14:06 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-12 03:29 - 2009-07-13 20:45 - 00269208 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\Users\Mattawww\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\Mattawww\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmtviwg.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 02:33
 
==================== End Of Log ============================
 
 
 
and just in case....
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by Mattawww at 2014-12-12 04:08:17
Running from C:\Users\Mattawww\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.39.50 - Conexant)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
CopyTrans Suite Remove Only (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Costume Quest (HKLM-x32\...\GOGPACKCOSTUMEQUEST_is1) (Version: 2.0.0.20 - GOG.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Defender's Quest (HKLM-x32\...\GOGPACKDEFENDERSQUEST_is1) (Version: 2.1.0.4 - GOG.com)
DJ Intro version 1.2.0 (HKLM-x32\...\{36625871-9D4B-4046-A837-677974F51CAC}_is1) (Version: 1.2.0 - Serato Audio Research)
Dropbox (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ExtractNow (HKLM-x32\...\ExtractNow) (Version:  - Nathan Moinvaziri)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Five Nights at Freddy's (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Five Nights at Freddy's) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Gunpoint_is1) (Version: 2.0.0.0 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{37D0157F-45C6-4DB2-9AE5-489DD98CE169}) (Version: 11.1.2.31 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Meridian - Age of Invention 1.0 (HKLM-x32\...\Meridian - Age of Invention 1.0) (Version: 1.0 - Cat-A-Cat)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31010.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0a1 - Mozilla)
Nightly 37.0a1 (x64 en-US) (HKLM\...\Nightly 37.0a1 (x64 en-US)) (Version: 37.0a1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Pixel Piracy (HKLM-x32\...\UGl4ZWxQaXJhY3k=_is1) (Version: 1 - )
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.7600 - DTS, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RegInOut System Utilities (HKLM-x32\...\RegInOut System Utilities_is1) (Version: 4.0 - SORCIM Technologies Pvt Ltd)
Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.2.0.10 - GOG.com)
Rogue Legacy Demo version 1.0.3 (HKLM-x32\...\Rogue Legacy Demo_is1) (Version: 1.0.3 - )
Setup - Project Zomboid Early Access ... (HKLM-x32\...\Setup - Project Zomboid Early Access ...) (Version: ... - Indie Stone Studios)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
State of Decay - Lifeline (HKLM-x32\...\State of Decay - Lifeline_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Syncios version 2.1.3 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.1.3 - Anvsoft, Inc.)
The Binding of Isaac Rebirth 1.0 (HKLM-x32\...\The Binding of Isaac Rebirth 1.0) (Version: 1.0 - Games on Cat-A-Cat.Net)
The Expendabros (HKLM-x32\...\Steam App 312990) (Version:  - Free Lives)
TOSHIBA Speech Synthesis (HKLM\...\{C7B204A8-F6FE-44AC-A751-ECEDE4507E07}) (Version: 1.5.1.2 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Unity Web Player (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\WinDirStat) (Version:  - )
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mattawww\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mattawww\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-613778204-4134821113-2817702338-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
12-12-2014 11:31:35 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-12-10 17:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {26A2F68D-C911-4C6B-8A5E-A64DDA24D0F0} - System32\Tasks\{9E3972F1-A7CD-43C6-8BE6-906C16F830EC} => pcalua.exe -a "C:\Users\Mattawww\Desktop\gamz\Kudos 2 Setup.exe"
Task: {4E7ACEBA-84D1-4CD3-98C9-E15EBF894FF4} - System32\Tasks\{446B7714-F844-4200-8A07-03BD672BEA73} => pcalua.exe -a C:\Users\Mattawww\Downloads\Install_CopyTrans_Suite.exe -d C:\Users\Mattawww\Downloads
Task: {97F8BFE9-FE74-4464-B336-9DBDDDDF38CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000UA => C:\Users\Mattawww\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {A8736C5E-D2D7-4155-8E5D-4FB510046819} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {A88C9BAF-6249-491B-AF1A-A77C064DCA58} - System32\Tasks\RegInOut Scheduled Scan - Mattawww => C:\Program Files (x86)\RegInOut\RegInOut.exe [2011-05-07] (SORCIM Technologies)
Task: {AF66F0B0-B9C9-4F76-A8B3-1D9A28FA67FD} - System32\Tasks\{3A550E54-4DBC-4F5A-BDC9-423B4608FD5E} => C:\Program Files (x86)\Rogue Legacy Demo\RogueLegacyDemo.exe [2013-05-24] (Cellar Door Games, Inc.)
Task: {B948969E-F67A-4F60-8E62-38390F41FAFE} - System32\Tasks\Origin => C:\Users\Mattawww\AppData\Roaming\Origin\update.vbe [2014-01-28] () <==== ATTENTION
Task: {C3B056B7-FC93-47CC-B5DC-B60840600BED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {D1E70AF6-A1D0-4B60-A52A-E453C3FC6088} - System32\Tasks\{AEEE9C98-A17B-471D-9628-5883DEDB3298} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-10-19] (Apple Inc.)
Task: {D8E96063-97B8-4704-836E-426F3B06A88F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {FDE6D81D-7347-4199-BB6C-EA49A51AAFF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000Core => C:\Users\Mattawww\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000Core.job => C:\Users\Mattawww\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000UA.job => C:\Users\Mattawww\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegInOut Scheduled Scan - Mattawww.job => C:\Program Files (x86)\RegInOut\RegInOut.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-31 11:13 - 2011-08-31 11:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-02 14:52 - 2013-07-12 09:22 - 00578048 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-12 03:51 - 2014-12-12 03:51 - 00043008 _____ () c:\users\mattawww\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmtviwg.dll
2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-02 14:52 - 2013-09-30 12:55 - 00375808 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll
2013-10-02 14:52 - 2013-03-01 09:30 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll
2013-10-02 14:52 - 2013-03-01 09:30 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll
2014-10-28 09:48 - 2014-10-21 20:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 09:48 - 2014-10-21 20:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 09:48 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 09:48 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 09:48 - 2014-10-21 20:04 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libexif.dll
2014-12-10 18:02 - 2014-12-10 18:02 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-613778204-4134821113-2817702338-500 - Administrator - Disabled)
Guest (S-1-5-21-613778204-4134821113-2817702338-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-613778204-4134821113-2817702338-1002 - Limited - Enabled)
Mattawww (S-1-5-21-613778204-4134821113-2817702338-1000 - Administrator - Enabled) => C:\Users\Mattawww
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2014 03:39:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 38.0.2125.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 720
 
Start Time: 01d015ff75780648
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 8ad2abb2-81f3-11e4-b3e9-e89a8f630b8b
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000279EF20.72).  hr = 0x80070005, Access is denied.
.
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000310,(null),0,REG_BINARY,0000000002C2E4A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e75909e5-6605-4c3a-8776-84659d8dc15b}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000310,(null),0,REG_BINARY,0000000002C2E4A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e75909e5-6605-4c3a-8776-84659d8dc15b}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000000028BEB10.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c2aed823-8c66-4f1b-a674-b9077fc4ea80}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000298ED50.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {c73a002d-e5df-405e-aab5-2740163a0cb2}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,00000000026EF300.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {3598847a-5d57-41e1-a2c3-c6eb85fc5173}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007a8,(null),0,REG_BINARY,000000000120E4E0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {f16eeb32-b357-46d6-9f7a-7af4cc5a7d02}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000f3c,(null),0,REG_BINARY,00000000079EE4E0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {acd86f76-1c74-44ab-b0f8-a7296ff999e5}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,00000000026EF300.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {3598847a-5d57-41e1-a2c3-c6eb85fc5173}
 
 
System errors:
=============
Error: (12/12/2014 03:46:30 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
Error: (12/12/2014 03:46:29 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error: 
%%5
 
Error: (12/12/2014 02:11:49 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer PC-CHRISTIAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{85A2FDFB-7693-4E54-AA59-58E70E1FF719}.
The master browser is stopping or an election is being forced.
 
Error: (12/12/2014 02:11:48 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (12/12/2014 01:10:39 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer PC-CHRISTIAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{85A2FDFB-7693-4E54-AA59-58E70E1FF719}.
The master browser is stopping or an election is being forced.
 
Error: (12/11/2014 11:31:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/11/2014 05:11:31 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (12/10/2014 05:09:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/10/2014 05:08:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/10/2014 05:06:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (12/12/2014 03:39:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.11172001d015ff7578064811C:\Program Files (x86)\Google\Chrome\Application\chrome.exe8ad2abb2-81f3-11e4-b3e9-e89a8f630b8b
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000279EF20.72)0x80070005, Access is denied.
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000310,(null),0,REG_BINARY,0000000002C2E4A0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e75909e5-6605-4c3a-8776-84659d8dc15b}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000310,(null),0,REG_BINARY,0000000002C2E4A0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e75909e5-6605-4c3a-8776-84659d8dc15b}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000000028BEB10.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c2aed823-8c66-4f1b-a674-b9077fc4ea80}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001ac,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000298ED50.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {c73a002d-e5df-405e-aab5-2740163a0cb2}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,00000000026EF300.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {3598847a-5d57-41e1-a2c3-c6eb85fc5173}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000007a8,(null),0,REG_BINARY,000000000120E4E0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {f16eeb32-b357-46d6-9f7a-7af4cc5a7d02}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000f3c,(null),0,REG_BINARY,00000000079EE4E0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {acd86f76-1c74-44ab-b0f8-a7296ff999e5}
 
Error: (12/12/2014 03:32:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,00000000026EF300.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {3598847a-5d57-41e1-a2c3-c6eb85fc5173}
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-10 17:08:54.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-10 17:08:54.297
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-26 23:22:11.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-26 23:22:11.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-26 23:22:05.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-26 23:22:05.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-26 23:21:53.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-26 23:21:21.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-26 23:21:20.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-26 22:55:08.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP79.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 69%
Total physical RAM: 4043.86 MB
Available physical RAM: 1243.92 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 4769.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:282.9 GB) (Free:9.4 GB) NTFS
Drive f: (stateofdecaylife) (CDROM) (Total:2.17 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4E59E2AF)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 


BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:21 PM

Posted 16 December 2014 - 10:35 AM

Hello gecko1138,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please give me some time to analyze your logs and draw up our next steps. :)


Edited by TheShooter93, 16 December 2014 - 10:36 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 gecko1138

gecko1138
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 16 December 2014 - 12:30 PM

Thanks Cody, ready when you are. 



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:21 PM

Posted 16 December 2014 - 03:31 PM

Hello gecko1138,
 
Please consider and do the following.  :)
 
=============================================

:step1: P2P Warning
 

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.

If you wish to keep it, please do not use it until your computer is cleaned.

=============================================

:step2: Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • :exclame: You are currently running FRST from: C:\Users\Mattawww\Downloads and it needs to be moved to C:\Users\Mattawww\Desktop in order for this fix to work. Please move FRST.exe to the Desktop before running this fix!
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-613778204-4134821113-2817702338-1000 -> {2712D99C-618A-4839-AFC8-6E6AD8FC230F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Extension: choosefun - C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\Extensions\Y7KuPbYC@s.edu [2014-11-19]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=============================================

 

:step3: Junkware Removal Tool

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

=============================================

:step4: AdwCleaner by Xplode - Delete Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • A logfile should automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt if needed.

=============================================


What I'd like to see in your next post:   :thumbup2:

  • Confirmation you read the warning concerning P2P programs.
  • Fixlog.txt
  • JRT log
  • AdwCleaner[R1].txt

Edited by TheShooter93, 16 December 2014 - 03:32 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 gecko1138

gecko1138
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 16 December 2014 - 05:22 PM

I fully understand the p2p warning. 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Mattawww at 2014-12-16 14:08:00 Run:1
Running from C:\Users\Mattawww\Desktop
Loaded Profile: Mattawww (Available profiles: Mattawww)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-613778204-4134821113-2817702338-1000 -> {2712D99C-618A-4839-AFC8-6E6AD8FC230F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Extension: choosefun - C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\Extensions\Y7KuPbYC@s.edu [2014-11-19]
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-613778204-4134821113-2817702338-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-613778204-4134821113-2817702338-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2712D99C-618A-4839-AFC8-6E6AD8FC230F}" => Key deleted successfully.
"HKCR\CLSID\{2712D99C-618A-4839-AFC8-6E6AD8FC230F}" => Key not found.
Firefox Keyword.URL deleted successfully.
C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\Extensions\Y7KuPbYC@s.edu => Moved successfully.
 
==== End of Fixlog ====
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Mattawww on Tue 12/16/2014 at 14:10:11.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Mattawww\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Mattawww\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\Users\Mattawww\appdata\local\pc_drivers_headquarters"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/16/2014 at 14:15:56.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
# AdwCleaner v4.105 - Report created 16/12/2014 at 14:18:01
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Mattawww - MATTAWWW-PC
# Running from : C:\Users\Mattawww\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal
File Found : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\Mattawww\AppData\Local\CrashRpt
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [3079 octets] - [25/09/2014 03:29:18]
AdwCleaner[R1].txt - [3504 octets] - [26/11/2014 12:58:11]
AdwCleaner[R2].txt - [2067 octets] - [30/11/2014 00:28:39]
AdwCleaner[R3].txt - [2066 octets] - [16/12/2014 14:18:01]
AdwCleaner[S0].txt - [3213 octets] - [25/09/2014 03:56:34]
AdwCleaner[S1].txt - [3589 octets] - [26/11/2014 13:05:16]
AdwCleaner[S2].txt - [2003 octets] - [30/11/2014 00:30:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2306 octets] ##########
 


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:21 PM

Posted 17 December 2014 - 12:47 PM

Hi gecko1138,
 
Looks good so far.   :thumbup2: 
 
After running the scans below please let me know how your computer is doing.
 
======================================

:step1: AdwCleaner by Xplode - Delete Adware

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

======================================

:step2: Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 gecko1138

gecko1138
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 December 2014 - 02:58 PM

# AdwCleaner v4.105 - Report created 17/12/2014 at 11:48:28
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Mattawww - MATTAWWW-PC
# Running from : C:\Users\Mattawww\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Mattawww\AppData\Local\CrashRpt
File Deleted : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3079 octets] - [25/09/2014 03:29:18]
AdwCleaner[R1].txt - [3504 octets] - [26/11/2014 12:58:11]
AdwCleaner[R2].txt - [2067 octets] - [30/11/2014 00:28:39]
AdwCleaner[R3].txt - [2394 octets] - [16/12/2014 14:18:01]
AdwCleaner[R4].txt - [2749 octets] - [17/12/2014 11:45:06]
AdwCleaner[S0].txt - [3213 octets] - [25/09/2014 03:56:34]
AdwCleaner[S1].txt - [3589 octets] - [26/11/2014 13:05:16]
AdwCleaner[S2].txt - [2003 octets] - [30/11/2014 00:30:43]
AdwCleaner[S3].txt - [2686 octets] - [17/12/2014 11:48:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2746 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Mattawww (administrator) on MATTAWWW-PC on 17-12-2014 11:54:47
Running from C:\Users\Mattawww\Desktop
Loaded Profile: Mattawww (Available profiles: Mattawww)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Mattawww\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2184520 2013-01-17] (SRS Labs, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [578048 2013-07-12] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Run: [Spotify Web Helper] => C:\Users\Mattawww\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-28] (Spotify Ltd)
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\...\RunOnce: [Adobe Speed Launcher] => 1418845893
Startup: C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mattawww\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-613778204-4134821113-2817702338-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default
FF SearchEngineOrder.2: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-613778204-4134821113-2817702338-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mattawww\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-613778204-4134821113-2817702338-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mattawww\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-613778204-4134821113-2817702338-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mattawww\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\searchplugins\the-pirate-bay.xml
FF SearchPlugin: C:\Users\Mattawww\AppData\Roaming\Mozilla\Firefox\Profiles\uem7fy9p.default\searchplugins\youtube-video-search.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-10]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (Google Drive) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google Cast) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-02]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-10-02]
CHR Extension: (Google Search) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-06]
CHR Extension: (Google Wallet) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Mattawww\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-21] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2013-10-27] (VSO Software) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 03:07 - 2014-12-17 03:07 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-12-17 03:06 - 2014-12-17 03:07 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Popcorn Time
2014-12-17 03:06 - 2014-12-17 03:06 - 23074040 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5-4-111bade47-Win-Signed-Setup.exe
2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\Users\Mattawww\Downloads\YH
2014-12-16 16:29 - 2014-12-16 16:30 - 05289966 _____ () C:\Users\Mattawww\Downloads\YH.zip
2014-12-16 15:12 - 2014-12-16 15:14 - 121919481 _____ () C:\Users\Mattawww\Downloads\OnCue - Angry Young Man - HotNewHipHop.zip
2014-12-16 14:16 - 2014-12-16 14:16 - 02166272 _____ () C:\Users\Mattawww\Desktop\AdwCleaner.exe
2014-12-16 14:15 - 2014-12-16 14:15 - 00001026 _____ () C:\Users\Mattawww\Desktop\JRT.txt
2014-12-16 14:08 - 2014-12-16 14:08 - 01707646 _____ (Thisisu) C:\Users\Mattawww\Downloads\JRT (2).exe
2014-12-16 14:05 - 2014-12-16 14:05 - 01707646 _____ (Thisisu) C:\Users\Mattawww\Desktop\JRT.exe
2014-12-16 14:03 - 2014-12-16 14:03 - 00031106 _____ () C:\Users\Mattawww\Desktop\Addition.txt
2014-12-16 14:02 - 2014-12-17 11:54 - 00015165 _____ () C:\Users\Mattawww\Desktop\FRST.txt
2014-12-16 14:01 - 2014-12-17 11:54 - 02121216 _____ (Farbar) C:\Users\Mattawww\Desktop\FRST64.exe
2014-12-16 13:59 - 2014-12-17 11:54 - 00000000 ____D () C:\Users\Mattawww\Desktop\FRST-OlderVersion
2014-12-15 16:14 - 2014-12-15 16:21 - 00000325 _____ () C:\ProgramData\DEFRAG_HISTORY.xml
2014-12-15 15:56 - 2014-12-15 15:56 - 00001009 _____ () C:\Users\Mattawww\Desktop\RegInOut System Utilities.lnk
2014-12-15 15:17 - 2014-12-15 15:37 - 00000000 ____D () C:\Users\Mattawww\Downloads\RegInOut System Utilities 4.0.0.1 + Serial
2014-12-15 13:54 - 2014-12-15 13:55 - 00000000 ____D () C:\Users\Mattawww\Downloads\KOOL A.D. - NOT O.K
2014-12-15 13:54 - 2014-12-15 13:54 - 00000000 ____D () C:\Users\Mattawww\Downloads\Ready_For_Xmas-(DatPiff.com)
2014-12-15 13:54 - 2014-12-15 13:54 - 00000000 ____D () C:\Users\Mattawww\Downloads\AC Pt. 1 KL (2013)
2014-12-15 13:54 - 2014-12-15 13:54 - 00000000 ____D () C:\Users\Mattawww\Downloads\2dbz-black-fall-ep
2014-12-15 13:51 - 2014-12-15 13:51 - 00000000 ____D () C:\Users\Mattawww\Downloads\Ear_Drummers-Mike_WiLL_Made-It-Ransom
2014-12-15 12:37 - 2014-12-15 12:38 - 00000000 ____D () C:\Users\Mattawww\Downloads\(D'Angelo and The Vanguard - 2014) Black Messiah
2014-12-15 12:09 - 2014-12-15 12:25 - 178657617 _____ () C:\Users\Mattawww\Downloads\Ear_Drummers-Mike_WiLL_Made-It-Ransom.zip
2014-12-14 14:04 - 2014-12-14 14:04 - 23025384 _____ (Popcorn Official) C:\Users\Mattawww\Downloads\Popcorn-Time-0.3.5-4-c70cb1ffd-Win-Signed-Setup.exe
2014-12-14 13:51 - 2014-12-14 13:51 - 00000000 ____D () C:\Users\Mattawww\Downloads\GlitchhikersWinRelease
2014-12-14 13:50 - 2014-12-14 13:50 - 67643889 _____ () C:\Users\Mattawww\Downloads\GlitchhikersWinRelease.zip
2014-12-12 19:51 - 2014-12-12 20:04 - 00000000 ____D () C:\Users\Mattawww\Downloads\The.Player.1992.720p.BluRay.x264.anoXmous
2014-12-12 18:34 - 2014-12-12 18:40 - 00000000 ____D () C:\Users\Mattawww\Downloads\Gone Girl (2014) WEBDL DVDRip XviD-MAXSPEED
2014-12-12 18:34 - 2014-12-12 18:37 - 00000000 ____D () C:\Users\Mattawww\Downloads\Nightcrawler.2014.DVDScr.x264.AAC-RARBG
2014-12-12 11:07 - 2014-12-12 11:08 - 00000000 ____D () C:\Users\Mattawww\Downloads\22 Jump Street (2014) WEBDL DVDRip XviD-MAXSPEED
2014-12-12 11:05 - 2014-12-12 11:05 - 00018034 _____ () C:\Users\Mattawww\Downloads\[kickass.so]22.jump.street.2014.webdl.dvdrip.xvid.maxspeed.torrent
2014-12-12 04:27 - 2014-12-12 04:27 - 00019249 _____ () C:\Users\Mattawww\Desktop\dds.txt
2014-12-12 04:27 - 2014-12-12 04:27 - 00007190 _____ () C:\Users\Mattawww\Desktop\attach.txt
2014-12-12 04:23 - 2014-12-12 04:23 - 00688992 ____R (Swearware) C:\Users\Mattawww\Downloads\dds.com
2014-12-12 04:08 - 2014-12-12 04:08 - 00035851 _____ () C:\Users\Mattawww\Downloads\Addition.txt
2014-12-12 04:06 - 2014-12-17 11:54 - 00000000 ____D () C:\FRST
2014-12-12 04:06 - 2014-12-12 04:08 - 00040153 _____ () C:\Users\Mattawww\Downloads\FRST.txt
2014-12-12 04:04 - 2014-12-12 04:04 - 02119680 _____ (Farbar) C:\Users\Mattawww\Downloads\FRST64 (1).exe
2014-12-12 03:32 - 2014-12-12 03:32 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-12 03:16 - 2014-12-12 03:16 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-12-12 03:16 - 2014-12-12 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-12 03:15 - 2014-12-12 03:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-12 03:12 - 2014-12-12 03:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-12 03:08 - 2014-12-12 03:11 - 11222744 _____ (SurfRight B.V.) C:\Users\Mattawww\Downloads\HitmanPro_x64.exe
2014-12-12 01:34 - 2014-12-17 03:08 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Popcorn-Time
2014-12-12 01:33 - 2014-12-17 03:07 - 00002226 _____ () C:\Users\Mattawww\Desktop\Popcorn Time.lnk
2014-12-11 03:46 - 2014-12-11 03:46 - 00000000 ____D () C:\Program Files\Nightly
2014-12-10 18:03 - 2014-12-17 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 18:03 - 2014-12-10 18:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 18:02 - 2014-12-10 18:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:02 - 2014-12-10 18:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 17:12 - 2014-12-10 17:12 - 00021508 _____ () C:\ComboFix.txt
2014-12-10 16:52 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-10 16:52 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-10 16:52 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-10 16:52 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-10 16:51 - 2014-12-10 17:12 - 00000000 ____D () C:\Qoobox
2014-12-10 16:51 - 2014-12-10 17:10 - 00000000 ____D () C:\Windows\erdnt
2014-12-10 16:45 - 2014-12-10 16:46 - 05600944 ____R (Swearware) C:\Users\Mattawww\Desktop\ComboFix.exe
2014-12-10 16:16 - 2014-12-10 16:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 10:11 - 2014-12-10 10:11 - 00000000 __SHD () C:\Users\Mattawww\AppData\Local\EmieBrowserModeList
2014-12-10 02:58 - 2014-12-10 14:43 - 00000000 ____D () C:\Users\Mattawww\Downloads\The.Guest.2014.HDRip.XviD.MP3-RARBG
2014-12-09 11:55 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 11:55 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 11:55 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 11:55 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 11:55 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 11:55 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 11:55 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 11:55 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 11:55 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 11:55 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 11:55 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 11:55 - 2014-11-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 11:55 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 11:55 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 11:55 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 11:55 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 11:55 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 11:55 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 11:55 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 11:55 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 11:55 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 11:55 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 11:55 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 11:55 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 11:55 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 11:55 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 11:55 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 11:55 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 11:55 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 11:55 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 11:55 - 2014-11-21 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 11:55 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 11:55 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 11:55 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 11:55 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 11:55 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 11:55 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 11:55 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 11:55 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 11:55 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 11:55 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 11:55 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 11:55 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 11:55 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 11:55 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 11:55 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 11:55 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 11:55 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 11:55 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 11:55 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 11:55 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 11:55 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 11:55 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 11:55 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 11:55 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 11:54 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 11:54 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 11:54 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-08 13:24 - 2014-12-08 13:24 - 00000000 ____D () C:\Users\Mattawww\Downloads\Modest Mouse Discography 320kbps
2014-12-07 19:24 - 2014-12-07 19:24 - 00000000 ____D () C:\Users\Mattawww\Downloads\J. Cole - 2014 Forest Hills Drive - AlbumJams.com
2014-12-07 16:51 - 2014-12-07 16:54 - 00000000 ____D () C:\Users\Mattawww\Downloads\88 Keys-Death Of Adam
2014-12-07 00:49 - 2014-12-07 00:51 - 00000000 ____D () C:\Users\Mattawww\Downloads\Neighbors (2014)
2014-12-05 14:58 - 2014-12-05 14:58 - 00002138 _____ () C:\Users\Mattawww\Desktop\TorrenTV.lnk
2014-12-05 14:58 - 2014-12-05 14:58 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TorrenTV
2014-12-05 14:57 - 2014-12-16 14:45 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\TorrenTV
2014-12-05 14:56 - 2014-12-05 14:56 - 00000000 ____D () C:\Users\Mattawww\Downloads\TorrenTV-0.9.9-Win (1)
2014-12-05 14:55 - 2014-12-05 14:56 - 23573624 _____ () C:\Users\Mattawww\Downloads\TorrenTV-0.9.9-Win (1).zip
2014-12-05 13:43 - 2014-12-17 11:48 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000UA.job
2014-12-05 13:43 - 2014-12-16 14:58 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000Core.job
2014-12-05 13:43 - 2014-12-05 13:43 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000UA
2014-12-05 13:43 - 2014-12-05 13:43 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-613778204-4134821113-2817702338-1000Core
2014-12-05 13:43 - 2014-12-05 13:43 - 00001218 _____ () C:\Users\Mattawww\Desktop\Chromecast.lnk
2014-12-05 13:43 - 2014-12-05 13:43 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-05 13:42 - 2014-12-05 13:42 - 00880784 _____ (Google Inc.) C:\Users\Mattawww\Downloads\chromecastinstaller.exe
2014-12-03 19:04 - 2014-12-07 16:35 - 00000000 ____D () C:\Users\Mattawww\Downloads\Cursive Discography (1995-2009)
2014-12-03 03:26 - 2014-12-03 03:27 - 00000000 ____D () C:\Users\Mattawww\Downloads\Toy.Story-That.Time.Forgot.2014.HDTV.x264-BATV[ettv]
2014-12-03 03:25 - 2014-12-03 03:25 - 00019662 _____ () C:\Users\Mattawww\Downloads\[kickass.so]toy.story.that.time.forgot.2014.hdtv.x264.batv.ettv.torrent
2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\Mattawww\Downloads\7 Meditations Windows 64-bit
2014-12-01 23:13 - 2014-12-01 23:20 - 34775389 _____ () C:\Users\Mattawww\Downloads\7 Meditations Windows 64-bit.zip
2014-11-30 01:03 - 2014-12-15 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
2014-11-30 01:03 - 2014-12-15 14:57 - 00000000 ____D () C:\Program Files (x86)\RegInOut System Utilities
2014-11-29 12:40 - 2014-11-29 12:40 - 00000000 ____D () C:\Users\Mattawww\Downloads\Wu-Tang Clan - A Better Tomorrow - AlbumJams.com
2014-11-29 12:40 - 2014-11-29 12:40 - 00000000 ____D () C:\Users\Mattawww\Downloads\ASAP Ferg - Ferg Forever - MixtapeBooth.com
2014-11-29 11:13 - 2014-11-29 11:19 - 90903527 _____ () C:\Users\Mattawww\Downloads\ASAP Ferg - Ferg Forever - MixtapeBooth.com.zip
2014-11-29 00:09 - 2014-11-29 00:09 - 00034816 _____ () C:\Users\Mattawww\Downloads\VideostreamNetworkRepair.exe
2014-11-27 11:53 - 2014-12-17 11:52 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-26 12:57 - 2014-11-26 12:57 - 02148864 _____ () C:\Users\Mattawww\Downloads\adwcleaner_4.102.exe
2014-11-26 12:54 - 2014-12-07 00:21 - 00000004 _____ () C:\Users\Mattawww\AppData\Roaming\appdataFr2.bin
2014-11-26 09:55 - 2014-11-26 09:55 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-26 09:54 - 2014-11-26 09:54 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-26 09:54 - 2014-11-26 09:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-19 11:32 - 2014-11-19 11:32 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\app
2014-11-18 10:15 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 10:15 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 10:15 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 10:15 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 11:54 - 2014-09-24 17:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 11:53 - 2014-07-16 14:07 - 00000000 ___RD () C:\Users\Mattawww\Dropbox
2014-12-17 11:53 - 2014-07-16 13:59 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Dropbox
2014-12-17 11:51 - 2013-08-06 13:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 11:50 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 11:50 - 2009-07-13 20:51 - 00086662 _____ () C:\Windows\setupact.log
2014-12-17 11:49 - 2013-06-09 16:44 - 00369638 _____ () C:\Windows\PFRO.log
2014-12-17 11:49 - 2013-06-07 20:21 - 01391455 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 11:48 - 2014-09-25 03:29 - 00000000 ____D () C:\AdwCleaner
2014-12-17 11:48 - 2014-01-22 21:18 - 07497322 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-17 11:27 - 2013-08-06 13:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 04:04 - 2014-05-28 17:35 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\wf-launcher
2014-12-17 03:30 - 2014-05-28 17:35 - 00000000 ____D () C:\ProgramData\GFACE
2014-12-16 15:01 - 2013-08-06 13:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-16 14:53 - 2013-08-06 13:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-16 14:53 - 2013-08-06 13:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-15 21:09 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 21:09 - 2009-07-13 20:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 16:23 - 2013-06-07 20:24 - 00000000 ____D () C:\Users\Mattawww
2014-12-15 16:13 - 2014-01-13 11:15 - 00000000 ____D () C:\ProgramData\RegInOut
2014-12-15 16:05 - 2014-01-13 11:24 - 00000000 ____D () C:\ProgramData\Backup
2014-12-15 15:58 - 2013-06-08 22:27 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\uTorrent
2014-12-15 15:56 - 2014-01-13 11:20 - 00001033 _____ () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\RegInOut System Utilities.lnk
2014-12-15 15:56 - 2014-01-13 11:20 - 00000000 ____D () C:\Program Files (x86)\RegInOut
2014-12-15 15:15 - 2014-08-01 11:23 - 00000000 ____D () C:\Users\Mattawww\Documents\Torrents
2014-12-15 13:54 - 2014-02-09 17:57 - 00000000 ____D () C:\Users\Mattawww\Downloads\DJ Kay Slay - The Rise Of A City[TapeJams.com]
2014-12-15 13:54 - 2013-12-31 18:01 - 00000000 ____D () C:\Users\Mattawww\Downloads\☺RYANPACKv.1☺
2014-12-15 13:42 - 2014-06-12 22:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-15 13:42 - 2014-06-12 22:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 14:31 - 2013-06-08 23:13 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\vlc
2014-12-14 11:46 - 2014-01-13 11:20 - 00000362 _____ () C:\Windows\Tasks\RegInOut Scheduled Scan - Mattawww.job
2014-12-14 03:05 - 2014-01-26 03:00 - 00004380 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2014-12-13 03:02 - 2014-06-12 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 12:34 - 2014-07-16 14:06 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 11:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-12 03:49 - 2014-07-16 21:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 03:49 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2014-12-12 03:32 - 2013-12-29 19:22 - 00000000 ____D () C:\Users\Mattawww\Downloads\Guacamelee
2014-12-11 20:30 - 2014-09-11 04:19 - 00000000 ____D () C:\Windows\rescache
2014-12-10 19:24 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 18:31 - 2014-04-27 15:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-10 18:03 - 2014-07-16 14:07 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Adobe
2014-12-10 17:09 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-10 16:16 - 2014-07-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 16:16 - 2014-07-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-10 14:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:29 - 2013-07-14 13:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:17 - 2013-06-19 02:02 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 10:43 - 2013-09-28 22:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-07 18:04 - 2013-06-18 13:16 - 00000000 ____D () C:\ProgramData\Soulseek
2014-12-06 10:35 - 2009-07-13 21:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-05 13:43 - 2013-06-22 22:16 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Google
2014-12-04 13:04 - 2013-12-30 15:57 - 00000000 ____D () C:\Users\Mattawww\Desktop\new stuff
2014-12-04 13:04 - 2013-10-03 12:40 - 00000000 ____D () C:\Users\Mattawww\Desktop\progz
2014-12-04 13:03 - 2013-10-03 12:41 - 00000000 ____D () C:\Users\Mattawww\Desktop\gamz
2014-11-26 13:05 - 2013-07-12 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-26 12:44 - 2013-06-23 00:07 - 00000000 ____D () C:\games
2014-11-26 12:43 - 2013-10-29 00:11 - 00000000 ____D () C:\Program Files (x86)\The Wolf Among Us
2014-11-26 12:42 - 2014-04-17 18:01 - 00000000 ____D () C:\Program Files (x86)\The Mighty Quest For Epic Loot
2014-11-26 12:21 - 2014-01-24 23:02 - 00000000 ____D () C:\Users\Mattawww\Documents\My Extracted Files
2014-11-26 03:24 - 2013-07-04 15:31 - 00000000 ____D () C:\Program Files (x86)\Sharepod
2014-11-26 03:16 - 2014-10-24 15:57 - 00000000 ____D () C:\ProgramData\MediaMall
2014-11-26 03:11 - 2014-09-13 10:46 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\DVDVideoSoft
2014-11-24 14:04 - 2013-06-08 23:37 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 06:14 - 2014-07-14 03:02 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-07-14 03:02 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-08-08 04:21 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Files to move or delete:
====================
C:\Users\Mattawww\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\Mattawww\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthswkj.dll
C:\Users\Mattawww\AppData\Local\Temp\Quarantine.exe
C:\Users\Mattawww\AppData\Local\Temp\reg9CAE.exe
C:\Users\Mattawww\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 00:05
 
==================== End Of Log ============================


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:21 PM

Posted 17 December 2014 - 04:05 PM

While I review your logs, how is your computer running now?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 gecko1138

gecko1138
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 December 2014 - 04:10 PM

Still buggy, Chrome phishing attacks and occasional redirects,fake security warnings. Thanks for the help so far though. 



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:21 PM

Posted 18 December 2014 - 12:57 PM

Hi gecko1138,

 

Would you please give me a detailed description of the problems you're experiencing?

 

For example:

  • What browser(s) you are experiencing re-directs in.
  • What you mean by "Chrome phishing attacks".
  • What fake security warnings? What do they say? Do these happen only while browsing the web? When no applications are open?
  • Any other symptoms.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 gecko1138

gecko1138
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 18 December 2014 - 06:13 PM

I primarilyuse chrome but, ive checked firefox and IE and they seem to be infected as well. I frequently have pages attempting to redirect to various sites,many times resulting in chrome switching to a red screen warning me of a phishing attack. I'm also getting frequent popups warning me of fake issues and trying to get me to call to get them to remove the issues, 



#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:21 PM

Posted 20 December 2014 - 09:47 AM

Hello gecko1138,


Your most recent log indicates that you have accessed websites and/or applications that are typically used to obtain content illegally. The entries I'm referring to specifically are these:

2014-12-17 03:07 - 2014-12-17 03:07 - 00000000 ____D () C:\Users\Mattawww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-12-17 03:06 - 2014-12-17 03:07 - 00000000 ____D () C:\Users\Mattawww\AppData\Local\Popcorn Time

These types of activities are often the cause of infection for a lot of computers. While I will continue to help, it will be fighting an uphill battle if you continue to access these. Please do not do so at least until I have deemed your computer clean.

 
Please do the following.
 
==================================================

TDSS Killer Scan

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

  • Download TDSSKiller.exe and save it to your desktop.
  • Execute TDSSKiller.exe by double-clicking on it.
  • Press Start Scan.
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  • Please post the contents of that log in your next reply.

Edited by TheShooter93, 20 December 2014 - 09:48 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:21 PM

Posted 23 December 2014 - 04:55 PM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:21 AM

Posted 26 December 2014 - 02:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users