Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pricechop gone; PriceChOp won't go away


  • This topic is locked This topic is locked
19 replies to this topic

#1 Rocker_Centauri

Rocker_Centauri

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 13 January 2015 - 09:03 AM

Hello, I am infected with some kind of extension that is throwing ads at me and slowing down my machine. I was asked to make a new topic in the instructions that user "boopme" asked me to follow. And per those instructions, here is the report from DDS but I don't see where the Attachment button is in the thread so I haven't attached the "attach" file that the instructions wanted me to. I will copy/paste it if you want, but the instructions said not to do that.

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Joshua at 8:44:17 on 2015-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2340 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Joshua\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VOICEM~1.LNK - C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4EB07F82-D9CA-4D76-A6C5-F2C6379F2C28} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4EB07F82-D9CA-4D76-A6C5-F2C6379F2C28}\4656661657C647 : DHCPNameServer = 75.75.75.75 75.75.76.76 4.2.2.2
TCP: Interfaces\{4EB07F82-D9CA-4D76-A6C5-F2C6379F2C28}\E45445745414253353D25374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4EB07F82-D9CA-4D76-A6C5-F2C6379F2C28}\E45445745414258373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B1836C5E-03A2-45C7-88B7-C4290DDB68D7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DC0CDB4C-CE05-4D8C-BE37-9404014DBE4D} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\19y0bdt8.default\
FF - prefs.js: browser.startup.homepage - hxxp://snap2013.emcp.com/snap.php#/login/index.php
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Joshua\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-3-2 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-20 244736]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-9-15 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-15 2449592]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 125584]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-12-9 186048]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-11-15 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-15 129600]
R3 A6200;NETGEAR A6200 WiFi Adapter Driver;C:\Windows\System32\drivers\BCMWLHIGH664.SYS [2013-3-5 2263144]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-20 283200]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-4-7 21656]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-9-4 39592]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-4 160424]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-10-27 60640]
R3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [2014-10-12 41192]
R3 VBAudioVMVAIOMME;VB-Audio VoiceMeeter VAIO (WDM);C:\Windows\System32\drivers\vbaudio_vmvaio64_win7.sys [2014-10-12 41192]
S1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-10-31 74432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 WNDA6200;NETGEAR A6200 Service;C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [2013-3-12 53536]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-9-30 110336]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-12-11 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-1-8 43664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-2 19456]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-10-31 129472]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2014-6-9 32768]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-9-30 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-2 1255736]
S4 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2013-4-7 1501144]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-4-25 9216]
S4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
.
=============== Created Last 30 ================
.
2015-01-13 07:28:10 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D43FA45-6E2C-40A5-9F12-3CDF883311FA}\offreg.dll
2015-01-13 07:26:01 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EEA7209-DA2A-4C6A-9F57-CDC2DD87C48A}\gapaengine.dll
2015-01-13 07:25:33 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D43FA45-6E2C-40A5-9F12-3CDF883311FA}\mpengine.dll
2015-01-12 16:21:43 -------- d-----w- C:\Users\Joshua\AppData\Roaming\.mono
2015-01-12 16:17:42 -------- d-----w- C:\Users\Joshua\AppData\Roaming\ftblauncher
2015-01-12 16:17:42 -------- d-----w- C:\Users\Joshua\AppData\Local\ftblauncher
2015-01-12 16:11:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-12 08:36:27 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-11 07:32:28 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACB93345-A15E-4E0E-8C00-AAC2BEA1632B}\gapaengine.dll
2015-01-10 13:14:09 -------- d-----w- C:\Program Files (x86)\Minecraft
2015-01-09 07:26:48 -------- d-----w- C:\Program Files (x86)\ESET
2015-01-08 16:46:03 -------- d-----w- C:\$RECYCLE.BIN
2015-01-08 12:39:00 98816 ----a-w- C:\Windows\sed.exe
2015-01-08 12:39:00 256000 ----a-w- C:\Windows\PEV.exe
2015-01-08 12:39:00 208896 ----a-w- C:\Windows\MBR.exe
2015-01-08 12:33:16 -------- d-----w- C:\FRST
2015-01-08 09:37:36 43664 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2015-01-07 03:10:25 -------- d-----w- C:\Windows\ERUNT
2015-01-07 02:08:52 -------- d-----w- C:\Program Files (x86)\PriceChOp
2015-01-07 02:08:21 -------- d-----w- C:\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa
2015-01-01 21:56:37 -------- d-----w- C:\Users\Joshua\AppData\Roaming\java
2014-12-31 21:39:56 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-12-19 03:22:14 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2014-12-18 01:07:12 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-18 01:07:06 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
.
==================== Find3M  ====================
.
2015-01-08 12:10:46 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-30 22:07:02 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-30 22:07:02 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-09 22:21:53 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2014-12-09 22:01:42 182304 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-21 02:44:42 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-11-21 02:44:42 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-11-21 02:44:40 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-11-21 02:44:40 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-11-21 02:44:28 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-11-21 02:44:26 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-11-21 02:44:24 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-11-21 02:44:22 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-11-21 02:44:20 1348928 ----a-w- C:\Windows\System32\aticfx64.dll
2014-11-21 02:44:16 1127496 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-11-21 02:44:10 11076784 ----a-w- C:\Windows\System32\atidxx64.dll
2014-11-21 02:44:04 9401480 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-11-21 02:43:56 7558816 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-11-21 02:43:50 7077776 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-11-21 02:43:42 8379720 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-11-21 02:43:38 8369408 ----a-w- C:\Windows\System32\atiumd64.dll
2014-11-21 02:41:36 294600 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-11-21 02:40:00 18959360 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-11-21 02:33:12 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-11-21 02:33:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-11-21 02:33:06 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-11-21 02:33:04 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-11-21 02:33:02 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-11-21 02:33:00 47899136 ----a-w- C:\Windows\System32\amdocl64.dll
2014-11-21 02:32:08 40987136 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-11-21 02:31:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-11-21 02:31:16 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-11-21 02:24:50 28354560 ----a-w- C:\Windows\System32\atio6axx.dll
2014-11-21 02:19:36 23621632 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-11-21 02:19:26 49664 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-11-21 02:19:22 38912 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-11-21 02:18:46 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-11-21 02:18:42 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-11-21 02:18:36 5837312 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-11-21 02:17:04 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-11-21 02:17:02 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-11-21 02:17:02 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-11-21 02:16:58 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-11-21 02:16:58 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-11-21 02:16:52 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-11-21 02:16:04 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-11-21 02:15:42 4590592 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-11-21 02:13:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-11-21 02:13:10 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12:50 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-11-21 02:12:50 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-11-21 02:12:48 774656 ----a-w- C:\Windows\System32\atieclxx.exe
2014-11-21 02:12:40 244736 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-11-21 02:12:26 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-11-21 02:10:02 843776 ----a-w- C:\Windows\System32\coinst_14.50.dll
2014-11-21 02:09:06 1214976 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-11-21 02:09:04 903168 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-11-21 02:09:00 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-11-21 02:09:00 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-11-21 02:09:00 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-11-21 02:08:58 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-11-21 02:08:56 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-11-21 02:08:54 589312 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
.
============= FINISH:  8:46:29.79 ===============

Edited by hamluis, 13 January 2015 - 09:23 AM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 13 January 2015 - 10:45 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 13 January 2015 - 12:14 PM

Hi Marius, and thanks for the help. I'll get those scans done and posted right away. I will post each log as individual posts to make them easier to find.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Joshua (administrator) on BIGDADDYPC on 13-01-2015 12:06:45
Running from C:\Users\Joshua\Desktop
Loaded Profile: Joshua (Available profiles: Joshua)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872160 2014-12-03] (Skype Technologies S.A.)
HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1814827725-3219384213-140372767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1814827725-3219384213-140372767-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1814827725-3219384213-140372767-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1814827725-3219384213-140372767-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\19y0bdt8.default
FF Homepage: hxxp://snap2013.emcp.com/snap.php#/login/index.php
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Joshua\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1814827725-3219384213-140372767-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1814827725-3219384213-140372767-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joshua\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Google Wallet) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (PriceChOp) - C:\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa\ [2013-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-09] (EasyAntiCheat Ltd)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1501144 2013-10-14] (Echobit LLC)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [53536 2012-07-27] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-20] (DT Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-05-18] (Echobit, LLC)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-02] (GFI Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-08] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-18] (Duplex Secure Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2014-10-12] (Windows ® Win 7 DDK provider)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Joshua\AppData\Local\Temp\tmpB0E7.tmp [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 12:06 - 2015-01-13 12:07 - 00015978 _____ () C:\Users\Joshua\Desktop\FRST.txt
2015-01-13 08:46 - 2015-01-13 08:46 - 00023410 _____ () C:\Users\Joshua\Desktop\dds.txt
2015-01-13 08:46 - 2015-01-13 08:46 - 00009673 _____ () C:\Users\Joshua\Desktop\attach.txt
2015-01-13 08:39 - 2015-01-13 08:39 - 00688992 ____R (Swearware) C:\Users\Joshua\Downloads\dds.com
2015-01-12 19:45 - 2015-01-12 20:48 - 00000000 ____D () C:\Users\Joshua\Downloads\assets
2015-01-12 19:45 - 2015-01-12 20:03 - 00000000 ____D () C:\Users\Joshua\Downloads\libraries
2015-01-12 19:45 - 2015-01-12 19:45 - 00000000 ____D () C:\Users\Joshua\Downloads\versions
2015-01-12 17:14 - 2015-01-12 20:47 - 00000000 ____D () C:\Users\Joshua\Downloads\direwolf20_17
2015-01-12 11:52 - 2015-01-12 11:52 - 00000000 ____D () C:\Users\Joshua\Downloads\backups
2015-01-12 11:49 - 2015-01-12 11:49 - 00009049 _____ () C:\Users\Joshua\Downloads\hijackthis.log
2015-01-12 11:47 - 2015-01-12 11:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joshua\Downloads\HijackThis.exe
2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\.mono
2015-01-12 11:17 - 2015-01-12 18:28 - 00000000 ____D () C:\Users\Joshua\AppData\Local\ftblauncher
2015-01-12 11:17 - 2015-01-12 11:17 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\ftblauncher
2015-01-12 11:11 - 2015-01-12 11:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-12 11:10 - 2015-01-12 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-12 11:10 - 2015-01-12 11:10 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-12 11:03 - 2015-01-12 11:03 - 00003166 _____ () C:\Windows\System32\Tasks\{425E9EB6-74C7-4618-B38E-30C4AFC2F4B9}
2015-01-12 10:10 - 2015-01-12 10:11 - 06619054 _____ () C:\Users\Joshua\Downloads\FTB_Launcher.exe
2015-01-11 03:25 - 2015-01-12 10:26 - 00007028 _____ () C:\Windows\PFRO.log
2015-01-11 03:11 - 2015-01-11 03:11 - 00448512 _____ (OldTimer Tools) C:\Users\Joshua\Desktop\TFC.exe
2015-01-10 19:58 - 2015-01-13 08:31 - 00000448 _____ () C:\Windows\setupact.log
2015-01-10 19:58 - 2015-01-10 19:58 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-10 08:19 - 2015-01-10 08:19 - 00000000 ____D () C:\Users\Joshua\Desktop\runtime
2015-01-10 08:18 - 2015-01-10 08:20 - 00000000 ____D () C:\Users\Joshua\Desktop\game
2015-01-10 08:16 - 2015-01-10 08:17 - 00000000 ____D () C:\Users\Joshua\Downloads\game
2015-01-10 08:16 - 2015-01-10 08:16 - 00000000 ____D () C:\Users\Joshua\Downloads\runtime
2015-01-10 08:15 - 2015-01-10 08:15 - 01294088 _____ (Mojang) C:\Users\Joshua\Desktop\MinecraftLauncher.exe
2015-01-10 08:14 - 2015-01-10 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-10 08:14 - 2015-01-10 08:14 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-01-09 06:29 - 2015-01-09 06:29 - 00001377 _____ () C:\Users\Joshua\Desktop\ESET.txt
2015-01-09 03:30 - 2015-01-09 03:30 - 02318336 _____ () C:\Users\Joshua\Downloads\MinecraftInstaller.msi
2015-01-09 02:26 - 2015-01-09 02:26 - 00001656 _____ () C:\Users\Joshua\Desktop\AdwCleaner[S2].txt
2015-01-09 02:26 - 2015-01-09 02:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-09 02:24 - 2015-01-09 02:24 - 00000936 _____ () C:\Users\Joshua\Desktop\JRT.txt
2015-01-09 02:19 - 2015-01-09 02:19 - 02347384 _____ (ESET) C:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe
2015-01-09 01:26 - 2015-01-09 01:26 - 00401920 _____ (Farbar) C:\Users\Joshua\Downloads\MiniToolBox.exe
2015-01-08 11:58 - 2015-01-08 11:58 - 00035402 _____ () C:\ComboFix.txt
2015-01-08 07:39 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-08 07:39 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-08 07:39 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-08 07:39 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-08 07:39 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-08 07:39 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-08 07:39 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-08 07:39 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-08 07:37 - 2015-01-08 11:58 - 00000000 ____D () C:\Qoobox
2015-01-08 07:37 - 2015-01-08 11:54 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 07:33 - 2015-01-13 12:06 - 00000000 ____D () C:\FRST
2015-01-08 07:33 - 2015-01-08 07:33 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Joshua\Downloads\rkill.exe
2015-01-08 07:31 - 2015-01-08 07:32 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Joshua\Downloads\tdsskiller.exe
2015-01-08 07:31 - 2015-01-08 07:31 - 05609736 ____R (Swearware) C:\Users\Joshua\Downloads\ComboFix.exe
2015-01-08 07:30 - 2015-01-08 07:30 - 02124288 _____ (Farbar) C:\Users\Joshua\Desktop\FRST64.exe
2015-01-08 07:15 - 2015-01-08 07:15 - 00019078 _____ () C:\Users\Joshua\Documents\cc_20150108_071500.reg
2015-01-08 04:49 - 2015-01-08 04:49 - 00001084 _____ () C:\Windows\system32\.crusader
2015-01-08 04:37 - 2015-01-08 04:51 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-08 04:34 - 2015-01-08 04:36 - 11222744 _____ (SurfRight B.V.) C:\Users\Joshua\Downloads\HitmanPro_x64.exe
2015-01-06 22:10 - 2015-01-06 22:10 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 21:51 - 2015-01-06 21:52 - 01707939 _____ (Thisisu) C:\Users\Joshua\Desktop\JRT.exe
2015-01-06 21:30 - 2015-01-06 21:30 - 00003154 _____ () C:\Windows\System32\Tasks\{474B2341-A366-4C96-91BF-7DB3E1804C7A}
2015-01-06 21:14 - 2014-10-18 10:24 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-06 21:14 - 2014-10-18 10:24 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-06 21:10 - 2015-01-06 21:10 - 00014944 _____ () C:\Users\Joshua\Documents\cc_20150106_211014.reg
2015-01-06 21:08 - 2015-01-09 06:09 - 00000000 ____D () C:\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa
2015-01-06 21:08 - 2015-01-08 04:49 - 00000000 ____D () C:\Program Files (x86)\PriceChOp
2015-01-02 21:32 - 2015-01-02 21:50 - 110942603 _____ () C:\Users\Joshua\Downloads\6thbasic.rar
2015-01-01 16:56 - 2015-01-01 16:56 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\java
2014-12-31 16:39 - 2014-12-31 16:40 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-12-29 01:45 - 2014-12-31 01:22 - 00000934 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-12-29 01:43 - 2014-12-29 01:44 - 04282672 _____ (Black Tree Gaming ) C:\Users\Joshua\Downloads\Nexus Mod Manager-0.52.3.exe
2014-12-22 17:41 - 2014-12-22 17:41 - 00025354 _____ () C:\Users\Joshua\Documents\cc_20141222_174120.reg
2014-12-18 22:22 - 2014-12-18 22:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-17 20:07 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 20:07 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 11:48 - 2013-11-13 06:05 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\Skype
2015-01-13 11:22 - 2013-06-20 01:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-13 11:14 - 2013-10-11 14:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 10:39 - 2013-09-12 22:59 - 01557271 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 12:35 - 2014-10-12 03:40 - 00001094 _____ () C:\Users\Joshua\AppData\Roaming\VoiceMeeterDefault.xml
2015-01-12 10:35 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 10:35 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 10:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 13:56 - 2013-03-04 01:16 - 00000000 ____D () C:\Users\Joshua\Desktop\Random Text Files
2015-01-09 13:53 - 2013-03-03 00:53 - 00000000 ____D () C:\Users\Joshua\Desktop\Random Folders
2015-01-09 13:48 - 2014-09-23 01:56 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-09 13:47 - 2014-10-28 06:00 - 00000000 ____D () C:\Users\Joshua\Desktop\Sort this
2015-01-09 13:45 - 2014-01-29 12:50 - 00000000 ____D () C:\Users\Joshua\Desktop\Work Stuff
2015-01-09 06:08 - 2013-09-02 15:59 - 00000000 ____D () C:\Program Files (x86)\Free Screen To Video
2015-01-09 06:04 - 2014-09-15 21:34 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\.minecraft
2015-01-09 02:11 - 2014-09-28 10:19 - 00000000 ____D () C:\AdwCleaner
2015-01-08 11:59 - 2013-03-15 02:08 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Apps\2.0
2015-01-08 11:58 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-08 11:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-08 08:08 - 2009-07-13 21:34 - 92536832 _____ () C:\Windows\system32\config\software.bak
2015-01-08 08:08 - 2009-07-13 21:34 - 22282240 _____ () C:\Windows\system32\config\system.bak
2015-01-08 08:08 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-01-08 08:08 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-08 08:08 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-08 07:10 - 2014-07-05 16:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 04:49 - 2014-09-28 08:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-08 03:57 - 2014-12-02 15:00 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\Curse Client
2015-01-08 03:51 - 2013-03-04 20:10 - 00000000 ____D () C:\Windows\Minidump
2015-01-08 03:47 - 2013-03-15 02:08 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Deployment
2015-01-06 20:56 - 2013-06-04 16:41 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-06 02:43 - 2014-02-08 09:16 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Battle.net
2015-01-06 02:04 - 2014-11-09 00:16 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-01-05 09:41 - 2009-07-14 00:13 - 00801022 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 01:46 - 2013-11-29 03:02 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Skyrim
2015-01-02 02:51 - 2013-06-19 22:41 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Warframe
2015-01-01 03:52 - 2009-07-14 00:08 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 00:45 - 2014-10-10 15:38 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-12-30 17:28 - 2014-10-12 01:28 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Adobe
2014-12-30 17:07 - 2013-03-02 20:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 17:07 - 2013-03-02 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 21:26 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-29 01:45 - 2013-11-30 02:34 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Black_Tree_Gaming
2014-12-29 01:45 - 2013-11-30 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-12-29 01:45 - 2013-11-30 02:34 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-12-28 22:48 - 2014-01-29 12:46 - 00000000 ____D () C:\Users\Joshua\Desktop\Games
2014-12-26 15:48 - 2014-07-05 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-26 15:48 - 2013-03-02 15:17 - 00000000 ____D () C:\Users\Joshua
2014-12-26 06:08 - 2014-09-15 15:09 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-23 09:42 - 2013-12-10 11:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-22 17:38 - 2013-03-12 19:29 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\uTorrent
2014-12-22 15:51 - 2014-10-28 01:06 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-22 15:51 - 2014-07-05 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 18:07 - 2013-07-20 20:14 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\OBS
2014-12-21 17:36 - 2013-09-02 20:22 - 00000000 ____D () C:\Users\Joshua\Desktop\OBS Video Recordings
2014-12-19 05:51 - 2014-10-19 03:40 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-16 08:06 - 2014-12-13 00:41 - 00007633 _____ () C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
2014-12-14 03:15 - 2014-10-08 18:51 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\IMVU
2014-12-14 03:14 - 2014-10-08 18:51 - 00001882 _____ () C:\Users\Joshua\Desktop\IMVU.lnk
2014-12-14 03:14 - 2014-10-08 18:51 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\IMVUClient
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 05:32
 
==================== End Of Log ============================

This one is the Addition.txt that was created with FRST
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Joshua at 2015-01-13 12:07:54
Running from C:\Users\Joshua\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ancient Weapon Sounds (HKLM-x32\...\{D91802D9-6A42-4563-BC37-B3E2D04DC95B}) (Version: 2.1.0 - Screaming Bee)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blue Satin Skin (HKLM-x32\...\{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Broforce (HKLM-x32\...\Steam App 274190) (Version:  - Free Lives)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Character Builder (HKLM-x32\...\{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}) (Version: 1.10.0000 - Wizards of the Coast)
Comic Sound Pack (HKLM-x32\...\{79A743FA-FF99-42DF-8C35-BA40EAEA6668}) (Version: 2.1.0 - Screaming Bee)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Deep Space Voices (HKLM-x32\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DragonNest (HKLM-x32\...\DragonNest) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.6.1 - Echobit, LLC)
Fantasy Sound Pack (HKLM-x32\...\{06ACD0D6-537A-4831-9608-AA74A5795698}) (Version: 1.1.0 - Screaming Bee)
Fantasy Voice Pack (HKLM-x32\...\{8061C2C9-C2A3-4550-A3FC-585B646840CB}) (Version: 1.3.0 - Screaming Bee)
Farm Animal Sounds (HKLM-x32\...\{20052CA0-FF43-4901-8261-E6DBF0A09ED1}) (Version: 1.1.0 - Screaming Bee)
Female Voice Pack (HKLM-x32\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)
Furry Voices for Second Life (HKLM-x32\...\{0DB44859-4112-4946-BE5E-A4275B3FFB5E}) (Version: 1.3.0 - Screaming Bee)
Galactic Voices (HKLM-x32\...\{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}) (Version: 1.3.0 - Screaming Bee)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
IMVU Avatar Chat Software (HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Lone Survivor (HKLM-x32\...\Steam App 209830) (Version:  - Jasper Byrne)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{63227E62-F417-497E-9060-22B3A9A52D7A}) (Version: 1.0.1.0 - Mojang)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NETGEAR A6200 Genie (HKLM-x32\...\{638CBDD4-5014-44D1-930A-1E5AC6083542}) (Version: 1.0.0.0 - NETGEAR)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Personality Voices (HKLM-x32\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sci-Fi 2 Sound Pack (HKLM-x32\...\{E7E76513-335F-4995-86CF-A85B77D8D975}) (Version: 1.3.0 - Screaming Bee)
Sci-Fi Sound Pack (HKLM-x32\...\{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}) (Version: 1.1.0 - Screaming Bee)
Sci-Fi Voice Pack (HKLM-x32\...\{216E21F4-0489-4311-92D6-20D1FB950FCE}) (Version: 1.3.0 - Screaming Bee)
Shoot Many Robots (HKLM-x32\...\Steam App 96400) (Version:  - Demiurge Studios)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimpleMU MUD Client (HKLM-x32\...\SimpleMU MUD Client) (Version: 4.4 - Kathleen MacMahon)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2436.0 - Hi-Rez Studios)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Spooky Sounds (HKLM-x32\...\{D813EF9B-69CF-4996-893C-B400AE7292FA}) (Version: 2.1.0 - Screaming Bee)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version:  - Telltale Games)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Translator Fun Voice Pack (HKLM-x32\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
Unity Web Player (HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
VASSAL (3.2.11) (HKLM\...\VASSAL (3.2.11)) (Version: 3.2.11 - vassalengine.org)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{D31032BD-B70C-4E1E-8BE3-0B870A910983}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{74870974-832F-42D3-8047-D87A5A722CC3}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
Vindictus (HKLM-x32\...\Vindictus) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Wakfu (HKU\S-1-5-21-1814827725-3219384213-140372767-1000\...\wakfu) (Version:  - Ankama Games)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1814827725-3219384213-140372767-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1814827725-3219384213-140372767-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1814827725-3219384213-140372767-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1814827725-3219384213-140372767-1000_Classes\CLSID\{e3e01267-b2ae-451f-8d61-2f9b6b9cc86e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1814827725-3219384213-140372767-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1814827725-3219384213-140372767-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
07-01-2015 22:08:50 Windows Update
08-01-2015 04:48:53 Checkpoint by HitmanPro
08-01-2015 04:49:42 Checkpoint by HitmanPro
09-01-2015 03:31:17 Installed Minecraft
09-01-2015 03:33:03 Installed Minecraft
10-01-2015 08:09:46 Removed Minecraft
10-01-2015 08:11:04 Removed Minecraft
10-01-2015 08:13:26 Removed Minecraft
10-01-2015 08:13:55 Installed Minecraft
11-01-2015 02:25:08 Windows Update
12-01-2015 10:21:10 Removed Java 8 Update 25
12-01-2015 10:58:45 Removed Java 8 Update 25
12-01-2015 11:03:07 Removed Java 8 Update 25
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-01-08 11:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01D80448-FE84-4D75-AE33-4E8DAF495B1E} - System32\Tasks\{8209AEE9-5BA5-414E-B305-C735F74A8FD4} => pcalua.exe -a C:\Users\Joshua\Desktop\GES\USA_21.07.77_full_201075.exe -d C:\Users\Joshua\Desktop\GES
Task: {07A777EC-4ED0-4CF3-ACB9-FBBB3CC606C3} - System32\Tasks\{8403F99A-C3E9-444E-AAEF-ACDE219E3D1E} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(04)Apr_2009.exe
Task: {25E388F9-AB28-4159-A8F0-2EA8736ACDD4} - System32\Tasks\{20E48D38-288D-47F9-BEA3-070D1C937F49} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(11)Nov_2009.exe
Task: {26935096-51A5-44E3-8487-DD406734DDBE} - System32\Tasks\{5DF3D386-DE7D-4AC1-AAA8-65C1BBE3E5CB} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(04)Apr_2009.exe
Task: {2970FC00-BBB6-4D2D-933B-34C3EA9F7B28} - System32\Tasks\{425E9EB6-74C7-4618-B38E-30C4AFC2F4B9} => pcalua.exe -a "C:\Users\Joshua\Downloads\chromeinstall-8u25 (3).exe" -d C:\Users\Joshua\Downloads
Task: {2A007FF1-2481-4403-AB42-0D8CA89AF498} - System32\Tasks\{A3C38AC5-0DF0-420E-BED5-03FE9EB6DF62} => pcalua.exe -a "C:\Users\Joshua\Desktop\Random Folders\Pictures\setupcurse.exe" -d "C:\Users\Joshua\Desktop\Random Folders\Pictures"
Task: {3DA75590-9244-4541-B04B-C5BE2770CF85} - System32\Tasks\{474B2341-A366-4C96-91BF-7DB3E1804C7A} => pcalua.exe -a C:\Users\Joshua\Downloads\chromeinstall-8u25.exe -d C:\Users\Joshua\Downloads
Task: {4CEE4467-E48A-4C7F-A06A-96EB0C7121FA} - System32\Tasks\{136D160D-3D32-4963-B61E-D2946046632A} => pcalua.exe -a "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND\CB_(11)Nov_2009.exe" -d "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND"
Task: {4D802046-4EC3-4034-B102-C97BEB05E4E5} - System32\Tasks\{2108FB38-9A61-422C-A223-9C0C8DF4FB93} => C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe [2012-09-26] ()
Task: {5E78DA69-B9C6-4750-85D8-A9F33866B3B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {62FD9331-984F-43E1-AB4A-F30A2637A247} - System32\Tasks\{E581C076-BF10-457D-8433-42752E80DBA1} => pcalua.exe -a "C:\Program Files (x86)\Granado Espada Online\unins000.exe"
Task: {6344F10C-7D28-41C1-ADF5-01F56E84E05F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {65EAD957-D0FC-43F1-BC38-51B2018FD62E} - System32\Tasks\{25E78D54-32E3-4D03-96DD-E888925FA8BE} => pcalua.exe -a "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND\CB_(09)Sep_2009.exe" -d "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND"
Task: {694360BC-6FB0-4A5E-A7CC-A57FBAF87612} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6CD82DA8-38E4-490F-AA01-AC1055C94FEE} - System32\Tasks\{7424ED4C-E57D-4258-87DD-404DF6AEACC2} => C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe [2012-09-26] ()
Task: {736A5AA6-3A1D-42C7-8B5A-BD584E3A9091} - System32\Tasks\{D3D056A8-27C4-4D85-8EFD-C6D89EE39E94} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(05)May_2009.exe
Task: {7CC420A9-33AE-44D7-B66B-CA6E0B79FFD6} - System32\Tasks\{93D2BB30-8CAD-4B07-94CD-FEADB608D3B8} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(07)Jul_2009.exe
Task: {867029AA-1621-435D-A7E2-FE3B0BD8F487} - System32\Tasks\{A9E6F36D-414E-4632-B054-31D0B69F8CCE} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(09)Sep_2009.exe
Task: {A03BCC41-44EC-49E6-87F0-EE49630FF1B3} - System32\Tasks\{6452D9A4-F0D1-4413-9169-7400A39E5584} => pcalua.exe -a "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND\CB_(04)Apr_2009 - Copy.exe" -d "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND"
Task: {AEF18B7B-3E6E-48CA-8F04-175635683537} - System32\Tasks\{69CB3D3E-3F83-4FED-919B-E06C6EF00952} => C:\Riot Games\League of Legends\lol.launcher.exe [2011-04-28] ()
Task: {B5144765-4204-4CC9-8C4B-A57C42EE49D7} - System32\Tasks\{08C85050-03F4-4E14-AF51-AB71386F88D2} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(07)Jul_2009.exe
Task: {B9C8944C-DE73-4AF9-8E90-6725E7D4CD24} - System32\Tasks\{642DEDD3-57A5-4E11-A6EB-5BBD01DA040A} => pcalua.exe -a C:\Users\Joshua\Desktop\Games\GEO\Unbroken\USA_21.77.84_full_201440.exe -d C:\Users\Joshua\Desktop\Games\GEO\Unbroken
Task: {BDB9B47C-9C85-4A95-A05B-61857FA564E0} - System32\Tasks\{67A7704F-8969-428E-8EC5-079737189CC5} => pcalua.exe -a C:\AeriaGames\DynastyWarriorsOnline\Uninst.exe
Task: {C3C14AA4-548E-40EF-A959-3225E592EF7C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C73B3880-285A-4B1F-8A62-744701237735} - System32\Tasks\{F49BCD8D-B443-448D-862F-2523921E6614} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(08)Aug_2009.exe
Task: {C91B8889-E77A-41C7-AF90-E24B145984F1} - System32\Tasks\{7F63A395-04E7-40CC-A8D0-C463F9C90E8B} => pcalua.exe -a "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND\CB_(10)Oct_2009.exe" -d "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND"
Task: {CF0DAEDC-F998-437F-8C2D-422EAFA9ECB9} - System32\Tasks\{AEA6C021-9D77-4DE6-A444-A24F55A7472D} => pcalua.exe -a "C:\Users\Joshua\Desktop\Games\Grenado Espada\Granado Espada\B1.0.7_SEA.exe" -d "C:\Users\Joshua\Desktop\Games\Grenado Espada\Granado Espada"
Task: {CF8393A6-36C3-4B64-B76E-BF9C203254EA} - System32\Tasks\{1D15DB25-CDF8-418A-8136-7F2EE20B064B} => pcalua.exe -a C:\Users\Joshua\Desktop\Games\GEO\USA_21.77.84_full_201440.exe -d C:\Users\Joshua\Desktop\Games\GEO
Task: {D8940B5E-D8FA-4849-880C-CB06A3E93811} - System32\Tasks\{ADB5E8F8-1302-4BF9-8899-F39DA33315A5} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(10)Oct_2009.exe
Task: {E4E3CA6F-B0E1-441F-BCE7-CB9794803ACF} - System32\Tasks\{A5EA51C8-BB90-4178-95D2-3C35B4632C84} => pcalua.exe -a C:\Users\Joshua\Desktop\Games\GEO\USA_21.07.77_full_201075.exe -d C:\Users\Joshua\Desktop\Games\GEO
Task: {E5DF808A-A371-40FA-B37F-970588AFEB1C} - System32\Tasks\{03736516-8A50-42C7-AAE6-92587DCA78E4} => C:\Users\Joshua\Desktop\Dungeons and Dragons\Character Builder DND\CB_(06)Jun_2009.exe
Task: {F0883EB6-490F-44E9-9827-17C2510237A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {F0DEB54D-CC8D-4B1A-8DC0-352ABF70146A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {F6136357-1665-42BF-AFB0-7156A912B80B} - System32\Tasks\{AA625CDE-7729-484E-8EFC-F9386FF2315E} => pcalua.exe -a "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND\CB_(08)Aug_2009.exe" -d "C:\Users\Joshua\Desktop\Games\Dungeons and Dragons\Character Builder DND"
Task: {FAEDF9E1-B8DB-49CC-ADF2-4CDCEA0637C3} - System32\Tasks\{19910CB0-F7D8-40AB-9F1E-7B1CC79C01DA} => pcalua.exe -a C:\Users\Joshua\Downloads\chromeinstall-8u25.exe -d C:\Users\Joshua\Downloads
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-15 17:13 - 2014-09-15 17:13 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-15 15:09 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-09 17:22 - 2014-12-09 17:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-19 22:03 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-09-15 17:13 - 2014-09-15 17:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-12-12 19:16 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 19:16 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 19:16 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 19:16 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-09-06 15:24 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-06 15:24 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-06 15:24 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-06 15:24 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-05-06 16:05 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-12 11:42 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-12 11:42 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-12 11:42 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 21:48 - 2015-01-09 22:21 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-06 15:24 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 13:06 - 2015-01-09 22:21 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 15:16 - 2014-12-19 18:38 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 13:59 - 2014-12-19 18:38 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-12-12 19:16 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-07-05 21:40 - 2011-11-12 10:52 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-12-02 21:16 - 2014-12-11 03:01 - 02465272 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.231\deploy\LoLLauncher.exe
2014-12-20 11:29 - 2014-12-20 11:29 - 04214776 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\LoLPatcher.exe
2014-12-20 11:29 - 2014-12-20 11:29 - 01628152 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\RiotLauncher.dll
2014-12-20 11:29 - 2014-12-20 11:29 - 03233272 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\LoLPatcherUx.exe
2014-11-19 22:50 - 2014-11-19 22:50 - 43366400 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\libcef.dll
2014-11-19 22:50 - 2014-11-19 22:50 - 01564160 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\icui18n.dll
2014-11-19 22:50 - 2014-11-19 22:50 - 01246208 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\icuuc.dll
2014-11-19 22:50 - 2014-11-19 22:50 - 05081088 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\v8.dll
2014-12-20 11:29 - 2014-12-20 11:29 - 01736184 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\RiotRadsIO.dll
2014-11-19 22:50 - 2014-11-19 22:50 - 01767424 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\libglesv2.dll
2014-11-19 22:50 - 2014-11-19 22:50 - 00163840 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\libegl.dll
2014-11-19 22:50 - 2014-11-19 22:50 - 01048576 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: EvoSvc => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^Users^Joshua^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Joshua^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\Windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1814827725-3219384213-140372767-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1814827725-3219384213-140372767-1006 - Limited - Enabled)
Guest (S-1-5-21-1814827725-3219384213-140372767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1814827725-3219384213-140372767-1003 - Limited - Enabled)
Joshua (S-1-5-21-1814827725-3219384213-140372767-1000 - Administrator - Enabled) => C:\Users\Joshua
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2015 00:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Exception code: 0xc0000005
Fault offset: 0x000b8554
Faulting process id: 0x279c
Faulting application start time: 0xrads_user_kernel.exe0
Faulting application path: rads_user_kernel.exe1
Faulting module path: rads_user_kernel.exe2
Report Id: rads_user_kernel.exe3
 
Error: (01/13/2015 08:40:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1f94
 
Start Time: 01d02ed2ee2e344b
 
Termination Time: 963
 
Application Path: C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
 
Report Id: 70486f21-9b28-11e4-ace0-6c626d9cd922
 
Error: (01/13/2015 00:04:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (01/13/2015 00:04:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/12/2015 05:31:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d20
 
Start Time: 01d02eb5a6684ffd
 
Termination Time: 30
 
Application Path: C:\Users\Joshua\Desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
 
Report Id: c1ec7831-9aaa-11e4-ace0-6c626d9cd922
 
Error: (01/12/2015 10:28:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 10:23:35 AM) (Source: MsiInstaller) (EventID: 11719) (User: BigDaddyPC)
Description: Product: Java Auto Updater -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (01/12/2015 00:56:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (01/12/2015 00:55:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/11/2015 02:53:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DragonNest.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a00
 
Start Time: 01d02dd2c480ee18
 
Termination Time: 207
 
Application Path: C:\Nexon\DragonNest\DragonNest.exe
 
Report Id:
 
 
System errors:
=============
Error: (01/12/2015 11:43:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/12/2015 11:43:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/12/2015 10:27:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (01/12/2015 10:27:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NETGEAR A6200 Service service failed to start due to the following error: 
%%1053
 
Error: (01/12/2015 10:27:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NETGEAR A6200 Service service to connect.
 
Error: (01/12/2015 10:24:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (01/11/2015 03:25:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (01/11/2015 03:25:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NETGEAR A6200 Service service failed to start due to the following error: 
%%1053
 
Error: (01/11/2015 03:25:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NETGEAR A6200 Service service to connect.
 
Error: (01/11/2015 03:21:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/13/2015 00:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b8554279c01d02f52d5e3e5b8C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe155149a3-9b46-11e4-ace0-6c626d9cd922
 
Error: (01/13/2015 08:40:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe8.0.25.181f9401d02ed2ee2e344b963C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe70486f21-9b28-11e4-ace0-6c626d9cd922
 
Error: (01/13/2015 00:04:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
 
Error: (01/13/2015 00:04:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/12/2015 05:31:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe8.0.25.181d2001d02eb5a6684ffd30C:\Users\Joshua\Desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exec1ec7831-9aaa-11e4-ace0-6c626d9cd922
 
Error: (01/12/2015 10:28:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 10:23:35 AM) (Source: MsiInstaller) (EventID: 11719) (User: BigDaddyPC)
Description: Product: Java Auto Updater -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/12/2015 00:56:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
 
Error: (01/12/2015 00:55:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/11/2015 02:53:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DragonNest.exe1.0.0.1a0001d02dd2c480ee18207C:\Nexon\DragonNest\DragonNest.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-08 07:53:52.060
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-08 07:53:51.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-13 08:03:34.102
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-13 08:03:33.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-02 17:15:59.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\videoprt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-02 17:15:58.943
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\videoprt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-02 17:15:56.853
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\videoprt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-02 17:15:56.759
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\videoprt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-02 17:15:56.666
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\videoprt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-02 17:15:56.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\videoprt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 630 Processor
Percentage of memory in use: 70%
Total physical RAM: 4095.18 MB
Available physical RAM: 1211.57 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 3951.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.27 GB) (Free:52.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FF560ADE)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 13 January 2015 - 12:29 PM

This post is the Gmer scan
 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-13 12:28:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00WWPA0 rev.01.03B01 465.76GB
Running: zzryedmo.exe; Driver: C:\Users\Joshua\AppData\Local\Temp\uwliyfob.sys
 
 
---- Devices - GMER 2.1 ----
 
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                                                                      fffffa80042e42c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2                                                                                                                                                      fffffa80042e42c0
Device  \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                               fffffa80042e42c0
Device  \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                               fffffa80042e42c0
Device  \Driver\atapi \Device\Ide\IdePort2                                                                                                                                                               fffffa80042e42c0
Device  \Driver\atapi \Device\Ide\IdePort3                                                                                                                                                               fffffa80042e42c0
Device  \Driver\atapi \Device\ScsiPort0                                                                                                                                                                  fffffa80042e42c0
Device  \Driver\atapi \Device\ScsiPort1                                                                                                                                                                  fffffa80042e42c0
Device  \Driver\atapi \Device\ScsiPort2                                                                                                                                                                  fffffa80042e42c0
Device  \Driver\atapi \Device\ScsiPort3                                                                                                                                                                  fffffa80042e42c0
Device  \Driver\cdrom \Device\CdRom0                                                                                                                                                                     fffffa8004ef72c0
Device  \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                                                                                         fffffa80051b32c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{4EB07F82-D9CA-4D76-A6C5-F2C6379F2C28}                                                                                                                         fffffa8004b2c2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{5E61F331-3B0E-42D2-8FB6-1A35D4FF12CC}                                                                                                                         fffffa8004b2c2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{911C074E-C4FC-4F41-B699-4B1629F9D25E}                                                                                                                         fffffa8004b2c2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{B80181E1-A7BC-4AA0-B066-C8365CC88A32}                                                                                                                         fffffa8004b2c2c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                          fffffa8004b2c2c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                                                                                                                 fffffa80050eb2c0
Device  \Driver\usbehci \Device\USBFDO-5                                                                                                                                                                 fffffa80050eb2c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                                                                                                                 fffffa80050eb2c0
Device  \Driver\usbehci \Device\USBPDO-5                                                                                                                                                                 fffffa80050eb2c0
Device  \Driver\usbohci \Device\USBFDO-0                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBFDO-1                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBFDO-3                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBFDO-4                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBFDO-6                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBPDO-0                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBPDO-1                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBPDO-3                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBPDO-4                                                                                                                                                                 fffffa80051632c0
Device  \Driver\usbohci \Device\USBPDO-6                                                                                                                                                                 fffffa80051632c0
Device  \Driver\USBSTOR \Device\0000008d                                                                                                                                                                 fffffa80059572c0
Device  \Driver\USBSTOR \Device\00000091                                                                                                                                                                 fffffa80059572c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                                                                                           fffffa80042e82c0
 
---- Registry - GMER 2.1 ----
 
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Joshua\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe  1
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                             
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                  0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                               0xD2 0x2A 0xA0 0x40 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                  0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                    
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                      0x3E 0xAF 0x13 0x5E ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                               
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                 0x92 0xC5 0xB1 0x5C ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                              0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                           0xD2 0x2A 0xA0 0x40 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                              C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                              0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                  0x3E 0xAF 0x13 0x5E ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                             0x92 0xC5 0xB1 0x5C ...
 
---- Trace I/O - GMER 2.1 ----
 
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a46060]                                                                                                                                  fffffa8004a46060
Trace   3 CLASSPNP.SYS[fffff88001ab343f] -> nt!IofCallDriver -> [0xfffffa80043e7d10]                                                                                                                     fffffa80043e7d10
Trace   5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043fa060]                                                                                            fffffa80043fa060
Trace   \Driver\atapi[0xfffffa80043e2270] -> IRP_MJ_CREATE -> 0xfffffa80042e42c0                                                                                                                         fffffa80042e42c0
Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80042e42c0]<< sptd.sys ataport.SYS pciide.sys                                                                                     fffffa80042e42c0
 
---- EOF - GMER 2.1 ----


#5 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 13 January 2015 - 12:37 PM

I've run into a problem with running TDSS-Killer; I don't have a zip program to be able to extract this file to my desktop to run it.

 

What zip program would you like me to get, and where can I get it from?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 14 January 2015 - 02:31 AM

Skip TDSS-Killer.

Windows should be able to handle zipped files. In your case, this feature seems to be damaged.

We´ll try to fix that later.

 

 

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
 

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 15 January 2015 - 07:57 AM

Hey there, here is the FRST log you requested. I'll run the Malware Bytes scan immediately after I post this.
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
Ran by Joshua at 2015-01-15 07:49:02 Run:1
Running from C:\Users\Joshua\Desktop\FRST
Loaded Profiles: Joshua (Available profiles: Joshua)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR Extension: (PriceChOp) - C:\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa\ [2013-08-21]
Toolbar: HKU\S-1-5-21-1814827725-3219384213-140372767-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1814827725-3219384213-140372767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
 
S3 WinRing0_1_2_0; \??\C:\Users\Joshua\AppData\Local\Temp\tmpB0E7.tmp [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
 
C:\ProgramData\hash.dat
2015-01-06 21:08 - 2015-01-09 06:09 - 00000000 ____D () C:\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa
2015-01-06 21:08 - 2015-01-08 04:49 - 00000000 ____D () C:\Program Files (x86)\PriceChOp
 
EmptyTemp:
*****************
 
C:\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa\ => Moved successfully.
HKU\S-1-5-21-1814827725-3219384213-140372767-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
"HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1814827725-3219384213-140372767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
"C:\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa" => File/Directory not found.
C:\Program Files (x86)\PriceChOp => Moved successfully.
EmptyTemp: => Removed 605.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 07:49:29 ====


#8 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 15 January 2015 - 10:26 AM

Here is the log from the MBAM scan. Should I restart my computer and see if the problem is still happening?
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/15/2015
Scan Time: 8:53:08 AM
Logfile: MBAMscan.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.15.08
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joshua
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399383
Time Elapsed: 33 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 15 January 2015 - 03:12 PM

Ended up restarting my computer by accident, I have a cat and it kind of happens when they decide the power strip is a good place to sleep. 

 

Anyways, problem seems to be gone now; I appreciate the help Marius. Many thanks ^^



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 17 January 2015 - 06:07 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 20 January 2015 - 01:00 AM

Sorry, I've been busy with work and not really home the past couple of days. I'll get that scan done right away and have the results posted as soon as possible.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 20 January 2015 - 06:30 AM

OK :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 21 January 2015 - 11:36 AM

This scan has been running for 19 hours and still hasn't finished. This isn't normal, is it?



#14 Rocker_Centauri

Rocker_Centauri
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nowheresville, Michigan. USA
  • Local time:09:48 PM

Posted 22 January 2015 - 01:09 AM

Alright, I seem to have whatever it was that was messing with the scan fixed. I restarted my computer and reopened ESET and it started working fine.

Here is the log from ESET you requested.
 

C:\FRST\Quarantine\C\ProgramData\agkplhdjopcknlmgaecmjollgdjhpooa\agkplhdjopcknlmgaecmjollgdjhpooa\content.js JS/Adware.MultiPlug.B application


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 22 January 2015 - 04:34 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!





Are any problems left or may I post the final reply? :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users