Jump to content

"Windows Media Center" virus, Malwarebytes failed to detect.


Leper

Recommended Posts

Hi! first time poster.
been having quite a few problems with this. i first noticed it yesterday and immediately knew it was a virus. after some research, it seems very serious.

I Ran Malwarebytes, both a quick and full scan, and they didn't find it.
Unable to touch any of its files/services/ ect as they are blocked by "TrustedInstaller"

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Beau at 14:35:51 on 2014-01-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8167.6804 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F9076583-7963-4486-83EF-00765B8E6A18} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beau\AppData\Roaming\Mozilla\Firefox\Profiles\ax6ocy8m.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Beau\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Beau\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-3 52760]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2012-4-20 15872]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-15 283200]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2012-5-4 922240]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2012-5-4 915584]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-5-4 586880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-7-30 204552]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-4 161560]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-11 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-11 701512]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
S2 WinisoCDBus;WinISO Virtual CD Drive;C:\Windows\System32\drivers\WinisoCDBus.sys [2013-11-9 204032]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-11 25928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-6-6 121416]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-11 620544]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-21 1255736]
.
=============== Created Last 30 ================
.
2014-01-11 03:09:13    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7508C305-B50E-4F2D-8E4F-F67281DCBA1B}\offreg.dll
2014-01-10 16:05:53    --------    d-----w-    C:\Users\Beau\AppData\Roaming\Malwarebytes
2014-01-10 16:05:45    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-10 16:05:44    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-10 16:05:44    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-10 03:06:34    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7508C305-B50E-4F2D-8E4F-F67281DCBA1B}\mpengine.dll
2014-01-08 13:29:32    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-30 05:52:35    --------    d-----w-    C:\Users\Beau\AppData\Roaming\Might & Magic Heroes VI
2013-12-30 01:22:21    --------    d-----w-    C:\ProgramData\Package Cache
2013-12-25 19:19:01    --------    d-----w-    C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2013-12-22 15:28:09    --------    d-----w-    C:\Users\Beau\AppData\Local\Blizzard
2013-12-22 13:40:24    --------    d-----w-    C:\Program Files (x86)\Hearthstone
2013-12-22 12:53:53    --------    d-----w-    C:\Users\Beau\AppData\Local\Blizzard Entertainment
2013-12-22 12:53:49    --------    d-----w-    C:\Users\Beau\AppData\Roaming\Battle.net
2013-12-22 12:53:49    --------    d-----w-    C:\Users\Beau\AppData\Local\Battle.net
2013-12-22 12:53:43    --------    d-----w-    C:\Program Files (x86)\Battle.net
2013-12-18 16:13:43    8300544    ----a-w-    C:\Windows\SysWow64\DxtoryCodec.dll
2013-12-18 16:13:43    8043008    ----a-w-    C:\Windows\System32\DxtoryCodec.dll
2013-12-18 16:13:42    --------    d-----w-    C:\Program Files (x86)\Dxtory Software
2013-12-18 16:07:40    --------    d-----w-    C:\Users\Beau\AppData\Local\Dxtory Software
2013-12-18 16:07:36    --------    d-----w-    C:\Program Files (x86)\ExKode
2013-12-12 11:56:31    553784    ----a-w-    C:\Windows\System32\PROUnstl.exe
2013-12-12 09:46:32    302080    ----a-w-    C:\Windows\lwd.exe
2013-12-12 09:45:36    --------    d-----w-    C:\Program Files (x86)\D-Link
2013-12-12 03:51:49    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-12 03:51:49    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-12 03:51:49    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-12 03:51:49    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-12 03:51:49    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-12 03:51:49    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-12 03:51:49    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-12-12 03:51:49    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-12 03:48:28    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-12 03:48:25    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-12 03:48:25    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-12 03:45:54    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-12 03:45:54    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-12 03:45:28    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-12 03:45:28    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
.
==================== Find3M  ====================
.
2013-12-11 08:03:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 08:03:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 16:03:00    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-12-10 16:03:00    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2012-10-04 02:38:51    325952    ----a-w-    C:\Program Files (x86)\lua5.1.dll
2012-10-04 02:38:51    1341440    ----a-w-    C:\Program Files (x86)\uninstall.exe
2012-01-19 15:21:32    321024    ----a-w-    C:\Program Files (x86)\gproxy.exe
2011-09-25 20:18:06    98816    ----a-w-    C:\Program Files (x86)\euroloader.exe
2011-05-13 08:33:57    3336    ----a-w-    C:\Program Files (x86)\eurobattle.reg
2011-04-23 22:30:39    68608    ----a-w-    C:\Program Files (x86)\w3lh.dll
2010-03-11 08:00:40    118784    ----a-w-    C:\Program Files (x86)\pdcurses.dll
2003-04-10 14:56:02    351744    ----a-w-    C:\Program Files (x86)\winmpq.exe
.
============= FINISH: 14:35:55.39 ===============
 

Attach is attached

 

Thanks a ton for any help, it's much appreciated.

attach.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 03
Ran by Beau (administrator) on BEAU-PC on 12-01-2014 01:26:33
Running from C:\Users\Beau\Desktop\fabar
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(RAIDCALL.COM) C:\Program Files (x86)\RaidCall\raidcall.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-08] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
MountPoints2: {a2f48247-a923-11e1-8f42-e122446b395d} - H:\LaunchU3.exe -a
MountPoints2: {ae4568fa-8a92-11e1-93db-806e6f6e6963} - D:\AUTORUN.EXE
HKU\Hayley\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-08] (Valve Corporation)
HKU\Hayley\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Kai\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\UpdatusUser\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-08] (Valve Corporation)
HKU\UpdatusUser\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
SearchScopes: HKLM-x32 - DefaultScope {47B434DB-A49A-4EA4-A0DE-F39341F0AD8E} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Beau\AppData\Roaming\Mozilla\Firefox\Profiles\ax6ocy8m.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Beau\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: BYOND - C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Beau\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Lightbeam - C:\Users\Beau\AppData\Roaming\Mozilla\Firefox\Profiles\ax6ocy8m.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2012-06-03]
FF Extension: Adblock Plus - C:\Users\Beau\AppData\Roaming\Mozilla\Firefox\Profiles\ax6ocy8m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Kai\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-10-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2011-10-07] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2011-10-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2011-10-07] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-10-07] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-15] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-06-15] (Duplex Secure Ltd.)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-08-09] (WinISO.com)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 01:26 - 2014-01-12 01:26 - 00000000 ____D C:\Users\Beau\Desktop\fabar
2014-01-12 01:26 - 2014-01-12 01:26 - 00000000 ____D C:\FRST
2014-01-11 15:33 - 2014-01-11 15:33 - 00002376 _____ C:\Users\Kai\Documents\MumbleAutomaticCertificateBackup.p12
2014-01-11 15:33 - 2014-01-11 15:33 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Mumble
2014-01-11 14:35 - 2014-01-11 14:47 - 00015149 _____ C:\Users\Beau\Desktop\attach.txt
2014-01-11 14:35 - 2014-01-11 14:35 - 00018168 _____ C:\Users\Beau\Desktop\dds.txt
2014-01-11 14:35 - 2014-01-11 14:35 - 00013545 _____ C:\Users\Beau\Desktop\dds - Shortcut.lnk
2014-01-11 13:15 - 2014-01-11 13:15 - 00007030 _____ C:\Windows\PFRO.log
2014-01-11 03:05 - 2014-01-11 03:05 - 00001224 _____ C:\Users\Beau\Desktop\virussteps.txt
2014-01-11 03:05 - 2014-01-11 03:05 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-11 03:05 - 2014-01-11 03:05 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Malwarebytes
2014-01-11 03:05 - 2014-01-11 03:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-11 03:05 - 2014-01-11 03:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-11 03:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-08 18:02 - 2014-01-08 18:10 - 00000000 ____D C:\Users\Beau\Downloads\Captain Phillips (2013) DVDRip XviD-MAXSPEED
2014-01-08 12:47 - 2014-01-08 12:47 - 00000218 _____ C:\Users\Hayley\AppData\Local\recently-used.xbel
2014-01-08 12:35 - 2014-01-08 12:36 - 00000000 ____D C:\Users\Hayley\Downloads\Supernatural S09E02 HDTV x264-LOL[ettv]
2014-01-08 12:15 - 2014-01-08 12:25 - 00000000 ____D C:\Users\Hayley\Downloads\Justin Timberlake - The 20-20 Experience 2 of 2 (Deluxe Edition) 2013 Pop 320kbos CBR MP3 [VX] [P2PDL]
2014-01-08 12:13 - 2014-01-08 12:15 - 00000000 ____D C:\Users\Hayley\Downloads\Sevyn Streeter - Call Me Crazy But…
2014-01-08 12:11 - 2014-01-08 12:11 - 00278408 _____ (Hotger) C:\Users\Hayley\Downloads\firefox_plugin.exe
2014-01-08 12:11 - 2014-01-08 12:11 - 00278408 _____ (Hotger) C:\Users\Hayley\Downloads\firefox_plugin(1).exe
2014-01-08 11:55 - 2014-01-08 12:13 - 00000000 ____D C:\Users\Hayley\Downloads\Supernatural S09E01 HDTV x264-LOL[ettv]
2014-01-08 11:53 - 2014-01-08 11:54 - 00000000 ____D C:\Users\Hayley\Downloads\Lorde
2014-01-08 11:49 - 2014-01-08 11:51 - 00000000 ____D C:\Users\Hayley\Downloads\channel ORANGE (Explicit Version)
2014-01-08 11:40 - 2014-01-08 11:47 - 259764534 _____ C:\Users\Hayley\Downloads\Supernatural.S08E23.HDTV.x264-LOL.mp4
2014-01-08 06:10 - 2014-01-08 06:16 - 225497735 _____ C:\Users\Beau\Downloads\Elementary.S02E12.HDTV.x264-LOL.mp4
2014-01-07 18:27 - 2014-01-07 18:30 - 00000000 ____D C:\Users\Beau\Downloads\The Hobbit The Desolation of Smaug (2013) DVDSCR XviD-MAXSPEED
2014-01-07 15:21 - 2014-01-07 15:47 - 238875087 _____ C:\Users\Kai\Downloads\Elementary.S02E08.HDTV.x264-LOL.[VTV].mp4
2014-01-07 15:19 - 2014-01-07 15:37 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E11 HDTV x264-LOL[ettv]
2014-01-07 15:18 - 2014-01-07 15:28 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E10 HDTV x264-LOL[ettv]
2014-01-07 15:17 - 2014-01-07 15:34 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E09 HDTV x264-LOL[ettv]
2014-01-07 14:54 - 2014-01-07 15:09 - 228380407 _____ C:\Users\Kai\Downloads\Elementary.S02E06.HDTV.x264-LOL.mp4
2014-01-07 14:53 - 2014-01-07 15:16 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E07 HDTV x264-LOL[ettv]
2014-01-07 14:53 - 2014-01-07 15:14 - 314186888 _____ C:\Users\Kai\Downloads\Elementary.S02E05.HDTV.x264-LOL.mp4
2014-01-07 14:51 - 2014-01-07 15:03 - 246037256 _____ C:\Users\Kai\Downloads\Elementary.S02E04.HDTV.x264-LOL.mp4
2014-01-06 13:00 - 2014-01-11 15:30 - 00000336 _____ C:\Windows\setupact.log
2014-01-06 13:00 - 2014-01-06 13:00 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 05:55 - 2014-01-06 05:55 - 00000218 _____ C:\Users\Beau\AppData\Local\recently-used.xbel
2014-01-05 17:33 - 2014-01-08 18:15 - 00000000 ____D C:\Users\Beau\Downloads\Gravity 2013 DVDSCR  XVID AC3-MiLLENiUM
2014-01-05 17:33 - 2014-01-05 17:34 - 00000000 ____D C:\Users\Beau\Downloads\Paranormal Activity 4 (2012) [1080p]
2014-01-05 17:33 - 2014-01-05 17:33 - 00000000 ____D C:\Users\Beau\Downloads\Captain Phillips 2013 WEBRip x264 AC3-MiLLENiUM
2014-01-05 12:57 - 2014-01-05 12:57 - 00031306 _____ C:\Users\Beau\Documents\cc_20140105_125708.reg
2014-01-05 00:56 - 2014-01-05 01:01 - 00000000 ____D C:\Users\Beau\Downloads\Jackass Presents Bad Grandpa (2013) DVDRip XviD-MAXSPEED
2014-01-04 03:14 - 2014-01-04 03:15 - 00000000 ____D C:\Users\Beau\Downloads\[130906][Milky] 催眠術ZERO kamma.2「村越学園」+映像特典
2014-01-03 09:14 - 2014-01-03 09:14 - 00000222 _____ C:\Users\Beau\Desktop\Risk of Rain.url
2014-01-03 04:29 - 2014-01-03 04:29 - 00000218 _____ C:\Users\Kai\AppData\Local\recently-used.xbel
2013-12-31 00:30 - 2014-01-02 19:32 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Might & Magic Heroes VI
2013-12-31 00:30 - 2013-12-31 00:36 - 00000000 ____D C:\Users\Kai\Documents\Might & Magic Heroes VI
2013-12-31 00:30 - 2013-12-31 00:31 - 00000000 ____D C:\Users\Kai\AppData\Local\Ubisoft Game Launcher
2013-12-30 16:52 - 2013-12-30 17:40 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Might & Magic Heroes VI
2013-12-30 16:52 - 2013-12-30 17:10 - 00000000 ____D C:\Users\Beau\Documents\Might & Magic Heroes VI
2013-12-30 12:22 - 2013-12-30 12:23 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-27 08:33 - 2013-12-27 08:33 - 00000223 _____ C:\Users\Beau\Desktop\Dark Messiah of Might & Magic Single Player.url
2013-12-27 04:55 - 2013-12-27 04:55 - 00000000 ____D C:\Users\Beau\Downloads\Delphic - Acolyte (2010)
2013-12-27 02:36 - 2013-12-27 02:37 - 00000000 ____D C:\Users\Beau\Downloads\Delphic - Collections (2013)
2013-12-27 02:31 - 2013-12-27 02:37 - 00000000 ____D C:\Users\Beau\Downloads\Wrong.Cops.2013.HDRip.XviD-AQOS
2013-12-26 06:29 - 2013-12-26 12:18 - 2357198848 _____ C:\Users\Beau\Downloads\[EG]Cowbop_Bebop_01_1080p_(10bit.DualAudio)[433ADDA2].mkv
2013-12-26 06:29 - 2013-12-26 12:18 - 201441280 _____ C:\Users\Beau\Downloads\[EG]Cowbop_Bebop_02_1080p_(10bit.DualAudio)[0AB5EDC0].mkv
2013-12-26 06:19 - 2013-12-26 06:19 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2013-12-26 05:32 - 2013-12-26 05:32 - 00000222 _____ C:\Users\Beau\Desktop\Kingdoms Rise.url
2013-12-26 03:15 - 2013-12-26 03:19 - 00000000 ____D C:\Users\Beau\Downloads\Saving Mr Banks 2013 DVDSCR[AC3] juggs
2013-12-23 02:28 - 2013-12-23 02:28 - 00000000 ____D C:\Users\Beau\AppData\Local\Blizzard
2013-12-23 00:40 - 2013-12-23 02:28 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-12-22 23:53 - 2013-12-26 02:57 - 00000000 ____D C:\Users\Beau\AppData\Local\Battle.net
2013-12-22 23:53 - 2013-12-23 00:40 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Battle.net
2013-12-22 23:53 - 2013-12-22 23:53 - 00000000 ____D C:\Users\Beau\AppData\Local\Blizzard Entertainment
2013-12-22 23:53 - 2013-12-22 23:53 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-12-21 02:09 - 2013-12-21 12:15 - 00000000 ____D C:\Users\Beau\Downloads\Cowboy Bebop [EG]
2013-12-20 16:16 - 2013-12-20 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 06:34 - 2013-12-19 06:44 - 00000000 ____D C:\Users\Beau\Downloads\Lucky Number Slevin (2006) [1080p]
2013-12-19 03:13 - 2013-12-19 03:13 - 00001146 _____ C:\Users\Beau\Desktop\Dxtory.lnk
2013-12-19 03:13 - 2013-12-19 03:13 - 00000000 ____D C:\Program Files (x86)\Dxtory Software
2013-12-19 03:13 - 2013-02-15 22:44 - 08300544 _____ (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2013-12-19 03:13 - 2013-02-15 22:44 - 08043008 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec.dll
2013-12-19 03:12 - 2013-12-19 03:13 - 00000000 ____D C:\Users\Beau\Desktop\dxtory
2013-12-19 03:07 - 2013-12-19 03:07 - 00000000 ____D C:\Users\Beau\AppData\Local\Dxtory Software
2013-12-19 03:07 - 2013-12-19 03:07 - 00000000 ____D C:\Program Files (x86)\ExKode
2013-12-18 01:37 - 2014-01-08 04:25 - 00004608 _____ C:\Users\Beau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-15 04:16 - 2013-12-15 04:31 - 00000000 ____D C:\Users\Beau\Downloads\The.Dictator.2012.UNRATED.BDRip.XviD-AMIABLE
2013-12-14 22:56 - 2013-12-14 23:10 - 00000000 ____D C:\Users\Beau\Downloads\The Lovely Bones[2009]DvDrip[Eng]-FXG
2013-12-14 07:37 - 2013-12-14 14:45 - 586412552 _____ C:\Users\Beau\Downloads\[HorribleSubs] Kill la Kill - 09 [1080p].mkv
2013-12-14 07:37 - 2013-12-14 14:43 - 586484128 _____ C:\Users\Beau\Downloads\[HorribleSubs] Kill la Kill - 10 [1080p].mkv
2013-12-14 07:35 - 2013-12-14 07:51 - 586615514 _____ C:\Users\Beau\Downloads\[HorribleSubs] Kill la Kill - 11 [1080p].mkv
2013-12-14 05:44 - 2013-12-14 06:09 - 586430663 _____ C:\Users\Beau\Downloads\Kill La Kill S01E08 (1920x1080) [Phr0stY].mkv
2013-12-14 05:25 - 2013-12-14 05:55 - 584235790 _____ C:\Users\Beau\Downloads\Kill La Kill S01E07 (1920x1080) [Phr0stY].mkv
2013-12-14 04:54 - 2013-12-14 05:48 - 586013034 _____ C:\Users\Beau\Downloads\Kill La Kill S01E05 (1920x1080) [Phr0stY].mkv
2013-12-14 04:54 - 2013-12-14 05:43 - 585084187 _____ C:\Users\Beau\Downloads\Kill La Kill S01E04 (1920x1080) [Phr0stY].mkv
2013-12-14 04:54 - 2013-12-14 05:18 - 584272569 _____ C:\Users\Beau\Downloads\Kill La Kill S01E06 (1920x1080) [Phr0stY].mkv
2013-12-14 03:43 - 2013-12-14 04:16 - 584446859 _____ C:\Users\Beau\Downloads\Kill La Kill S01E03 (1920x1080) [Phr0stY].mkv
2013-12-14 03:30 - 2013-12-14 04:26 - 585883977 _____ C:\Users\Beau\Downloads\Kill La Kill S01E02 (1920x1080) [Phr0stY].mkv
2013-12-14 03:25 - 2013-12-14 04:14 - 585653924 _____ C:\Users\Beau\Downloads\Kill La Kill S01E01 (1920x1080) [Phr0stY].mkv

==================== One Month Modified Files and Folders =======

2014-01-12 01:26 - 2014-01-12 01:26 - 00000000 ____D C:\Users\Beau\Desktop\fabar
2014-01-12 01:26 - 2014-01-12 01:26 - 00000000 ____D C:\FRST
2014-01-12 01:26 - 2013-06-18 02:21 - 00000000 ____D C:\Users\Beau\Desktop\Kais
2014-01-12 01:20 - 2013-01-02 00:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 01:03 - 2012-04-20 18:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 19:02 - 2012-04-20 13:51 - 02092520 _____ C:\Windows\WindowsUpdate.log
2014-01-11 18:41 - 2012-05-06 19:09 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Mumble
2014-01-11 18:20 - 2013-01-02 00:42 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 16:29 - 2012-04-20 15:30 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-11 15:36 - 2009-07-14 16:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 15:35 - 2009-07-14 15:45 - 00027184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 15:35 - 2009-07-14 15:45 - 00027184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 15:33 - 2014-01-11 15:33 - 00002376 _____ C:\Users\Kai\Documents\MumbleAutomaticCertificateBackup.p12
2014-01-11 15:33 - 2014-01-11 15:33 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Mumble
2014-01-11 15:30 - 2014-01-06 13:00 - 00000336 _____ C:\Windows\setupact.log
2014-01-11 15:30 - 2012-04-20 21:09 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-11 15:30 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 14:47 - 2014-01-11 14:35 - 00015149 _____ C:\Users\Beau\Desktop\attach.txt
2014-01-11 14:35 - 2014-01-11 14:35 - 00018168 _____ C:\Users\Beau\Desktop\dds.txt
2014-01-11 14:35 - 2014-01-11 14:35 - 00013545 _____ C:\Users\Beau\Desktop\dds - Shortcut.lnk
2014-01-11 14:33 - 2013-05-10 20:07 - 00000000 ____D C:\Users\Beau\Desktop\games and crap
2014-01-11 13:15 - 2014-01-11 13:15 - 00007030 _____ C:\Windows\PFRO.log
2014-01-11 03:29 - 2012-07-08 04:51 - 00000000 ____D C:\Users\Beau\AppData\Roaming\vlc
2014-01-11 03:13 - 2013-08-20 03:02 - 00000000 ____D C:\Windows\pss
2014-01-11 03:05 - 2014-01-11 03:05 - 00001224 _____ C:\Users\Beau\Desktop\virussteps.txt
2014-01-11 03:05 - 2014-01-11 03:05 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-11 03:05 - 2014-01-11 03:05 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Malwarebytes
2014-01-11 03:05 - 2014-01-11 03:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-11 03:05 - 2014-01-11 03:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 06:16 - 2012-04-28 23:15 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Skype
2014-01-08 18:15 - 2014-01-05 17:33 - 00000000 ____D C:\Users\Beau\Downloads\Gravity 2013 DVDSCR  XVID AC3-MiLLENiUM
2014-01-08 18:10 - 2014-01-08 18:02 - 00000000 ____D C:\Users\Beau\Downloads\Captain Phillips (2013) DVDRip XviD-MAXSPEED
2014-01-08 18:02 - 2012-10-02 00:15 - 00000000 ____D C:\Users\Beau\AppData\Roaming\deluge
2014-01-08 17:03 - 2012-05-06 02:26 - 00000000 ____D C:\Users\Hayley\AppData\Roaming\Skype
2014-01-08 12:47 - 2014-01-08 12:47 - 00000218 _____ C:\Users\Hayley\AppData\Local\recently-used.xbel
2014-01-08 12:47 - 2012-10-24 17:43 - 00000000 ____D C:\Users\Hayley\AppData\Roaming\deluge
2014-01-08 12:36 - 2014-01-08 12:35 - 00000000 ____D C:\Users\Hayley\Downloads\Supernatural S09E02 HDTV x264-LOL[ettv]
2014-01-08 12:25 - 2014-01-08 12:15 - 00000000 ____D C:\Users\Hayley\Downloads\Justin Timberlake - The 20-20 Experience 2 of 2 (Deluxe Edition) 2013 Pop 320kbos CBR MP3 [VX] [P2PDL]
2014-01-08 12:15 - 2014-01-08 12:13 - 00000000 ____D C:\Users\Hayley\Downloads\Sevyn Streeter - Call Me Crazy But…
2014-01-08 12:13 - 2014-01-08 11:55 - 00000000 ____D C:\Users\Hayley\Downloads\Supernatural S09E01 HDTV x264-LOL[ettv]
2014-01-08 12:11 - 2014-01-08 12:11 - 00278408 _____ (Hotger) C:\Users\Hayley\Downloads\firefox_plugin.exe
2014-01-08 12:11 - 2014-01-08 12:11 - 00278408 _____ (Hotger) C:\Users\Hayley\Downloads\firefox_plugin(1).exe
2014-01-08 11:54 - 2014-01-08 11:53 - 00000000 ____D C:\Users\Hayley\Downloads\Lorde
2014-01-08 11:51 - 2014-01-08 11:49 - 00000000 ____D C:\Users\Hayley\Downloads\channel ORANGE (Explicit Version)
2014-01-08 11:47 - 2014-01-08 11:40 - 259764534 _____ C:\Users\Hayley\Downloads\Supernatural.S08E23.HDTV.x264-LOL.mp4
2014-01-08 11:37 - 2012-05-28 17:07 - 00113992 _____ C:\Users\Hayley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 06:16 - 2014-01-08 06:10 - 225497735 _____ C:\Users\Beau\Downloads\Elementary.S02E12.HDTV.x264-LOL.mp4
2014-01-08 04:25 - 2013-12-18 01:37 - 00004608 _____ C:\Users\Beau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-07 18:30 - 2014-01-07 18:27 - 00000000 ____D C:\Users\Beau\Downloads\The Hobbit The Desolation of Smaug (2013) DVDSCR XviD-MAXSPEED
2014-01-07 15:47 - 2014-01-07 15:21 - 238875087 _____ C:\Users\Kai\Downloads\Elementary.S02E08.HDTV.x264-LOL.[VTV].mp4
2014-01-07 15:37 - 2014-01-07 15:19 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E11 HDTV x264-LOL[ettv]
2014-01-07 15:34 - 2014-01-07 15:17 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E09 HDTV x264-LOL[ettv]
2014-01-07 15:28 - 2014-01-07 15:18 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E10 HDTV x264-LOL[ettv]
2014-01-07 15:17 - 2013-05-25 23:32 - 00000000 ____D C:\Users\Kai\AppData\Roaming\deluge
2014-01-07 15:16 - 2014-01-07 14:53 - 00000000 ____D C:\Users\Kai\Downloads\Elementary S02E07 HDTV x264-LOL[ettv]
2014-01-07 15:14 - 2014-01-07 14:53 - 314186888 _____ C:\Users\Kai\Downloads\Elementary.S02E05.HDTV.x264-LOL.mp4
2014-01-07 15:09 - 2014-01-07 14:54 - 228380407 _____ C:\Users\Kai\Downloads\Elementary.S02E06.HDTV.x264-LOL.mp4
2014-01-07 15:03 - 2014-01-07 14:51 - 246037256 _____ C:\Users\Kai\Downloads\Elementary.S02E04.HDTV.x264-LOL.mp4
2014-01-06 13:00 - 2014-01-06 13:00 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 05:55 - 2014-01-06 05:55 - 00000218 _____ C:\Users\Beau\AppData\Local\recently-used.xbel
2014-01-05 17:34 - 2014-01-05 17:33 - 00000000 ____D C:\Users\Beau\Downloads\Paranormal Activity 4 (2012) [1080p]
2014-01-05 17:33 - 2014-01-05 17:33 - 00000000 ____D C:\Users\Beau\Downloads\Captain Phillips 2013 WEBRip x264 AC3-MiLLENiUM
2014-01-05 12:57 - 2014-01-05 12:57 - 00031306 _____ C:\Users\Beau\Documents\cc_20140105_125708.reg
2014-01-05 12:17 - 2012-09-18 09:55 - 00000000 ____D C:\Windows\Minidump
2014-01-05 12:17 - 2012-04-21 07:43 - 00000000 ____D C:\Windows\Panther
2014-01-05 01:01 - 2014-01-05 00:56 - 00000000 ____D C:\Users\Beau\Downloads\Jackass Presents Bad Grandpa (2013) DVDRip XviD-MAXSPEED
2014-01-04 03:15 - 2014-01-04 03:14 - 00000000 ____D C:\Users\Beau\Downloads\[130906][Milky] 催眠術ZERO kamma.2「村越学園」+映像特典
2014-01-03 09:14 - 2014-01-03 09:14 - 00000222 _____ C:\Users\Beau\Desktop\Risk of Rain.url
2014-01-03 09:14 - 2012-04-20 15:37 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 04:29 - 2014-01-03 04:29 - 00000218 _____ C:\Users\Kai\AppData\Local\recently-used.xbel
2014-01-02 20:16 - 2013-11-16 16:26 - 00000000 ____D C:\Users\Kai\AppData\Roaming\vlc
2014-01-02 19:32 - 2013-12-31 00:30 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Might & Magic Heroes VI
2014-01-01 21:57 - 2013-02-05 19:27 - 00000000 ____D C:\FFOutput
2014-01-01 21:56 - 2013-11-23 13:31 - 00000000 ____D C:\Users\Kai\AppData\Local\Apple Computer
2014-01-01 18:05 - 2009-07-14 15:45 - 00441136 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-01 18:01 - 2012-11-25 21:54 - 00113992 _____ C:\Users\Kai\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-01 10:55 - 2012-04-21 00:29 - 00113992 _____ C:\Users\Beau\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-31 00:36 - 2013-12-31 00:30 - 00000000 ____D C:\Users\Kai\Documents\Might & Magic Heroes VI
2013-12-31 00:31 - 2013-12-31 00:30 - 00000000 ____D C:\Users\Kai\AppData\Local\Ubisoft Game Launcher
2013-12-30 18:11 - 2012-04-20 21:47 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-30 18:11 - 2012-04-20 21:47 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-30 17:40 - 2013-12-30 16:52 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Might & Magic Heroes VI
2013-12-30 17:10 - 2013-12-30 16:52 - 00000000 ____D C:\Users\Beau\Documents\Might & Magic Heroes VI
2013-12-30 16:56 - 2012-04-20 21:51 - 00000000 ____D C:\Users\Beau\Documents\My Games
2013-12-30 16:55 - 2012-05-13 09:24 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-30 12:23 - 2013-12-30 12:22 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-30 00:00 - 2013-05-10 19:43 - 00000000 ____D C:\Users\Kai\AppData\Local\Mozilla
2013-12-29 23:51 - 2012-11-25 21:53 - 00001417 _____ C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-28 09:41 - 2012-09-02 15:37 - 00000000 ____D C:\Users\Beau\AppData\Roaming\TS3Client
2013-12-27 08:33 - 2013-12-27 08:33 - 00000223 _____ C:\Users\Beau\Desktop\Dark Messiah of Might & Magic Single Player.url
2013-12-27 04:55 - 2013-12-27 04:55 - 00000000 ____D C:\Users\Beau\Downloads\Delphic - Acolyte (2010)
2013-12-27 02:37 - 2013-12-27 02:36 - 00000000 ____D C:\Users\Beau\Downloads\Delphic - Collections (2013)
2013-12-27 02:37 - 2013-12-27 02:31 - 00000000 ____D C:\Users\Beau\Downloads\Wrong.Cops.2013.HDRip.XviD-AQOS
2013-12-26 12:18 - 2013-12-26 06:29 - 2357198848 _____ C:\Users\Beau\Downloads\[EG]Cowbop_Bebop_01_1080p_(10bit.DualAudio)[433ADDA2].mkv
2013-12-26 12:18 - 2013-12-26 06:29 - 201441280 _____ C:\Users\Beau\Downloads\[EG]Cowbop_Bebop_02_1080p_(10bit.DualAudio)[0AB5EDC0].mkv
2013-12-26 06:19 - 2013-12-26 06:19 - 00000000 ____D C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2013-12-26 06:18 - 2012-05-21 16:35 - 00764734 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-26 05:32 - 2013-12-26 05:32 - 00000222 _____ C:\Users\Beau\Desktop\Kingdoms Rise.url
2013-12-26 03:19 - 2013-12-26 03:15 - 00000000 ____D C:\Users\Beau\Downloads\Saving Mr Banks 2013 DVDSCR[AC3] juggs
2013-12-26 02:57 - 2013-12-22 23:53 - 00000000 ____D C:\Users\Beau\AppData\Local\Battle.net
2013-12-26 02:39 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-25 21:39 - 2012-04-22 16:25 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Apple Computer
2013-12-23 02:28 - 2013-12-23 02:28 - 00000000 ____D C:\Users\Beau\AppData\Local\Blizzard
2013-12-23 02:28 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-12-23 02:27 - 2012-04-21 18:25 - 00000000 ____D C:\Program Files (x86)\Diablo III Beta
2013-12-23 00:40 - 2013-12-22 23:53 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Battle.net
2013-12-22 23:53 - 2013-12-22 23:53 - 00000000 ____D C:\Users\Beau\AppData\Local\Blizzard Entertainment
2013-12-22 23:53 - 2013-12-22 23:53 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-12-22 13:40 - 2012-04-27 01:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 12:15 - 2013-12-21 02:09 - 00000000 ____D C:\Users\Beau\Downloads\Cowboy Bebop [EG]
2013-12-20 16:16 - 2013-12-20 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 06:44 - 2013-12-19 06:34 - 00000000 ____D C:\Users\Beau\Downloads\Lucky Number Slevin (2006) [1080p]
2013-12-19 03:13 - 2013-12-19 03:13 - 00001146 _____ C:\Users\Beau\Desktop\Dxtory.lnk
2013-12-19 03:13 - 2013-12-19 03:13 - 00000000 ____D C:\Program Files (x86)\Dxtory Software
2013-12-19 03:13 - 2013-12-19 03:12 - 00000000 ____D C:\Users\Beau\Desktop\dxtory
2013-12-19 03:07 - 2013-12-19 03:07 - 00000000 ____D C:\Users\Beau\AppData\Local\Dxtory Software
2013-12-19 03:07 - 2013-12-19 03:07 - 00000000 ____D C:\Program Files (x86)\ExKode
2013-12-18 15:07 - 2013-08-06 12:35 - 00000000 ____D C:\Users\Beau\Desktop\dsmods
2013-12-17 03:02 - 2013-08-15 09:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 03:00 - 2012-04-23 08:57 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 04:31 - 2013-12-15 04:16 - 00000000 ____D C:\Users\Beau\Downloads\The.Dictator.2012.UNRATED.BDRip.XviD-AMIABLE
2013-12-14 23:10 - 2013-12-14 22:56 - 00000000 ____D C:\Users\Beau\Downloads\The Lovely Bones[2009]DvDrip[Eng]-FXG
2013-12-14 14:45 - 2013-12-14 07:37 - 586412552 _____ C:\Users\Beau\Downloads\[HorribleSubs] Kill la Kill - 09 [1080p].mkv
2013-12-14 14:43 - 2013-12-14 07:37 - 586484128 _____ C:\Users\Beau\Downloads\[HorribleSubs] Kill la Kill - 10 [1080p].mkv
2013-12-14 07:51 - 2013-12-14 07:35 - 586615514 _____ C:\Users\Beau\Downloads\[HorribleSubs] Kill la Kill - 11 [1080p].mkv
2013-12-14 06:09 - 2013-12-14 05:44 - 586430663 _____ C:\Users\Beau\Downloads\Kill La Kill S01E08 (1920x1080) [Phr0stY].mkv
2013-12-14 05:55 - 2013-12-14 05:25 - 584235790 _____ C:\Users\Beau\Downloads\Kill La Kill S01E07 (1920x1080) [Phr0stY].mkv
2013-12-14 05:48 - 2013-12-14 04:54 - 586013034 _____ C:\Users\Beau\Downloads\Kill La Kill S01E05 (1920x1080) [Phr0stY].mkv
2013-12-14 05:43 - 2013-12-14 04:54 - 585084187 _____ C:\Users\Beau\Downloads\Kill La Kill S01E04 (1920x1080) [Phr0stY].mkv
2013-12-14 05:18 - 2013-12-14 04:54 - 584272569 _____ C:\Users\Beau\Downloads\Kill La Kill S01E06 (1920x1080) [Phr0stY].mkv
2013-12-14 04:26 - 2013-12-14 03:30 - 585883977 _____ C:\Users\Beau\Downloads\Kill La Kill S01E02 (1920x1080) [Phr0stY].mkv
2013-12-14 04:16 - 2013-12-14 03:43 - 584446859 _____ C:\Users\Beau\Downloads\Kill La Kill S01E03 (1920x1080) [Phr0stY].mkv
2013-12-14 04:14 - 2013-12-14 03:25 - 585653924 _____ C:\Users\Beau\Downloads\Kill La Kill S01E01 (1920x1080) [Phr0stY].mkv

Files to move or delete:
====================
C:\Users\Beau\jagex_cl_loginapplet_LIVE.dat
C:\Users\Beau\jagex_cl_runescape_LIVE.dat
C:\Users\Beau\jagex_cl_runescape_LIVE1.dat
C:\Users\Beau\jagex_cl_runescape_LIVE2.dat
C:\Users\Beau\random.dat


Some content of TEMP:
====================
C:\Users\Kai\AppData\Local\Temp\down.4192.assistant_v3.exe
C:\Users\Kai\AppData\Local\Temp\TsuCFC410FD.dll
C:\Users\Kai\AppData\Local\Temp\utt32E.tmp.exe
C:\Users\Kai\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-31 18:29

==================== End Of Log ============================

 

 

 

 

 

 

Addition is Attached

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 


Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs in next reply, also give update on any remaining issues or concerns..

 

Kevin

 

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.