Jump to content

Recommended Posts

I've found a couple posts about this and I tried doing what I could after reading them, but I'm still seeing the notifications.  Neither Malwarebytes or Microsoft Security Essentials is finding anything.  I would really appreciate some help...apparently my email sent out spam recently, lol.  So I'm pretty sure it's something!

 

DDS:

 

 DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2

Run by Mike at 18:43:42 on 2014-02-24

Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.16336.13636 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 24.178.162.3 66.189.0.100 24.217.201.67

TCP: Interfaces\{1D93015D-CA6A-4790-9EFA-924E27D50E0C} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67

TCP: Interfaces\{54AD56E6-5AF2-45D5-9F6C-0A87BEDC17AA} : DHCPNameServer = 192.0.0.0 24.178.162.3 66.189.0.100

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: TubeoAdblocker: {C865AD04-1B05-E827-212A-6BFCC1989954} -

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-6 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-23 283064]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-6 13592]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-2 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-2 701512]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-6 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-6 788760]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-2 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-6 677480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 def8540c;Winclean performap;C:\Windows\System32\rundll32.exe [2009-7-13 45568]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2011-6-8 1600064]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-9-7 150464]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-6 331264]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-14 19456]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-14 29696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-14 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-14 30208]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-6 1255736]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2014-02-24 23:42:38 -------- d-----w- C:\Windows\System32\appmgmt

2014-02-24 23:39:26 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAE03F23-7C77-4885-87A8-93518F03E940}\mpengine.dll

2014-02-22 04:44:17 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-02-21 17:16:52 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-02-21 17:16:02 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-02-19 21:49:08 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69A69D59-F7F4-4DE8-A300-8C7450DAA995}\gapaengine.dll

2014-02-15 16:06:12 -------- d-----w- C:\Windows\pss

2014-02-12 13:42:12 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-02-04 22:48:12 -------- d-----w- C:\Users\Mike\AppData\Local\Blizzard

2014-02-04 22:40:03 -------- d-----w- C:\Program Files (x86)\Hearthstone

2014-02-04 22:29:01 -------- d-----w- C:\Users\Mike\AppData\Local\Blizzard Entertainment

2014-02-04 22:29:00 -------- d-----w- C:\Users\Mike\AppData\Roaming\Battle.net

2014-02-04 22:29:00 -------- d-----w- C:\Users\Mike\AppData\Local\Battle.net

2014-02-04 22:28:56 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2014-02-04 22:28:56 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2014-02-04 22:28:56 -------- d-----w- C:\Program Files (x86)\Battle.net

2014-02-04 22:27:51 -------- d-----w- C:\ProgramData\Battle.net

2014-02-02 16:24:32 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes

2014-02-02 16:24:21 -------- d-----w- C:\ProgramData\Malwarebytes

2014-02-02 16:24:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-02-02 16:24:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-30 22:17:16 -------- d-----w- C:\Users\Mike\AppData\Local\Packages

2014-01-30 22:17:16 -------- d-----w- C:\ProgramData\TubeoAdblocker

2014-01-30 22:17:16 -------- d-----w- C:\ProgramData\ae818f4e7f7fb3a6

2014-01-30 22:17:15 -------- d-----w- C:\ProgramData\fgiejfenkjjomnhnplmlnkppeilhjihh

.

==================== Find3M ====================

.

2014-02-20 23:35:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-20 23:35:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll

2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll

2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll

2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll

2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe

2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe

2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe

2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll

2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll

2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll

2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe

2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe

2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe

2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2012-09-07 03:05:36 3993600 ----a-w- C:\Program Files (x86)\GUT890D.tmp

.

============= FINISH: 18:43:49.09 ===============

 

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/6/2012 10:35:25 PM

System Uptime: 2/24/2014 5:47:50 PM (1 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V LK

Processor: Intel® Core i7-2700K CPU @ 3.50GHz | LGA1155 | 3501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1397 GiB total, 1082.789 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP215: 2/12/2014 11:19:00 PM - Windows Update

RP216: 2/15/2014 10:50:29 AM - Windows Update

RP217: 2/18/2014 4:33:46 PM - Windows Update

RP218: 2/21/2014 11:43:45 PM - Windows Update

RP219: 2/24/2014 6:41:18 PM - Removed BoneCraft

.

==== Installed Programs ======================

.

3DMark 11

7-Zip 9.20 (x64 edition)

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader X (10.1.9)

Adobe Shockwave Player 11.6

Asmedia ASM104x USB 3.0 Host Controller Driver

Audacity 2.0.3

Battle.net

C3

DAEMON Tools Pro

DC Universe Online

DC Universe Online Live

Deus Ex: Human Revolution - Director's Cut

Dishonored

EP2v1.4

EPSON Scan

EverQuest Titanium

Fallout Collection

Fallout: New Vegas

Far Cry 3

FTL: Faster Than Light

Futuremark SystemInfo

Google Chrome

Google Update Helper

Hearthstone

Intel® Control Center

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 51

Java Auto Updater

Java 7 (64-bit)

Java SE Development Kit 7 (64-bit)

LAME v3.99.3 (for Windows)

Logitech GamePanel Software 3.06.109

Malwarebytes Anti-Malware version 1.75.0.1300

Mass Effect 2

Mass Effect? 3

MechWarrior Online

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

OnsenHimeSP

Origin

PlayFKiSS

Pretty Soldier Wars A.D. 2048

Prison Architect

PunkBuster Services

Realtek Ethernet Controller Driver

RGSS-RTP Standard

Risk of Rain

RPG Maker VX

RPG MAKER VX Ace RTP

RPG Maker VX RTP

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition

Shadowrun Returns

Skype? 6.11

Spectromancer: Gathering of Power

Star Wars: The Old Republic

Steam

swMSM

The Bureau: XCOM Declassified

The Elder Scrolls V: Skyrim

Unreal Development Kit: 2012-10

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

Viva Pinata

WhoreCraft

Winclean performap

Windows Live ID Sign-in Assistant

WinRAR 4.20 (64-bit)

World of Goo

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

2/24/2014 5:50:36 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/24/2014 5:50:36 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

2/24/2014 5:48:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Winclean performap service to connect.

2/21/2014 5:24:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

2/21/2014 5:24:42 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/18/2014 5:29:23 PM, Error: Schannel [36887] - The following fatal alert was received: 80.

2/18/2014 5:25:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

Thanks for your time on this!

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here's the Malwarebytes log.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2014.02.25.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Mike :: MIKE-PC [administrator]

Protection: Enabled

2/24/2014 8:56:58 PM

mbam-log-2014-02-24 (20-56-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247485

Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Working on the RogueKiller next... And thanks again for the help.

Link to post
Share on other sites

And here's the RogueKiller

RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Mike [Admin rights]

Mode : Scan -- Date : 02/24/2014 21:09:27

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[APPINIT][sUSP PATH] HKLM\[...]\Windows : AppInit_DLLs ( C:\PROGRA~3\WINCLE~1\WINCLE~2.DLL [-]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1502FAEX-007BA0 +++++

--- User ---

[MBR] 74e05ec597200614fc78f9b90926d4c9

[bSP] 826ccda415a117cc878acd5c52cc9ae8 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_02242014_210927.txt >>

Link to post
Share on other sites

OK, lets run a series of scans to clear out the malware:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Here's the first log:

17:45:48.0536 0x08a8 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41

17:46:09.0490 0x08a8 ============================================================

17:46:09.0490 0x08a8 Current date / time: 2014/02/25 17:46:09.0490

17:46:09.0490 0x08a8 SystemInfo:

17:46:09.0490 0x08a8

17:46:09.0490 0x08a8 OS Version: 6.1.7601 ServicePack: 1.0

17:46:09.0490 0x08a8 Product type: Workstation

17:46:09.0490 0x08a8 ComputerName: MIKE-PC

17:46:09.0490 0x08a8 UserName: Mike

17:46:09.0490 0x08a8 Windows directory: C:\Windows

17:46:09.0490 0x08a8 System windows directory: C:\Windows

17:46:09.0490 0x08a8 Running under WOW64

17:46:09.0490 0x08a8 Processor architecture: Intel x64

17:46:09.0490 0x08a8 Number of processors: 8

17:46:09.0490 0x08a8 Page size: 0x1000

17:46:09.0490 0x08a8 Boot type: Normal boot

17:46:09.0490 0x08a8 ============================================================

17:46:09.0583 0x08a8 KLMD registered as C:\Windows\system32\drivers\25963101.sys

17:46:09.0802 0x08a8 System UUID: {E71D4F28-07DB-ABA9-5FF0-5DB5D7DEAB7C}

17:46:10.0332 0x08a8 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:46:10.0332 0x08a8 ============================================================

17:46:10.0332 0x08a8 \Device\Harddisk0\DR0:

17:46:10.0332 0x08a8 MBR partitions:

17:46:10.0332 0x08a8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:46:10.0332 0x08a8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800

17:46:10.0332 0x08a8 ============================================================

17:46:10.0348 0x08a8 C: <-> \Device\Harddisk0\DR0\Partition2

17:46:10.0348 0x08a8 ============================================================

17:46:10.0348 0x08a8 Initialize success

17:46:10.0348 0x08a8 ============================================================

17:46:49.0385 0x1154 KLMD registered as C:\Windows\system32\drivers\80840676.sys

17:46:49.0947 0x1154 Deinitialize success

Link to post
Share on other sites

Clean.....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here's the ComboFix:

ComboFix 14-02-24.02 - Mike 6/2014 Wed 17:18:27.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.16336.14077 [GMT -5:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

c:\programdata\Download okeeper

c:\programdata\Winclean performap

c:\programdata\Winclean performap\Wincleanperformap_x64.dll

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh\1.0_0\background.html

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh\1.0_0\content.js

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh\1.0_0\CtNWBT58FbwN.js

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh\1.0_0\lsdb.js

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh\1.0_0\manifest.json

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fgiejfenkjjomnhnplmlnkppeilhjihh_0.localstorage-journal

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fgiejfenkjjomnhnplmlnkppeilhjihh_0.localstorage

c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

.

.

((((((((((((((((((((((((( Files Created from 2014-01-26 to 2014-02-26 )))))))))))))))))))))))))))))))

.

.

2014-02-26 03:15 . 2014-02-26 03:15 -------- d-----w- c:\windows\Migration

2014-02-26 02:06 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF7B73A5-81CA-422C-BAEC-2232440FE184}\mpengine.dll

2014-02-26 00:49 . 2014-02-26 00:49 -------- d-----w- c:\users\Mike\AppData\Local\CrashDumps

2014-02-24 23:47 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-02-24 23:42 . 2014-02-24 23:42 -------- d-----w- c:\windows\system32\appmgmt

2014-02-21 17:16 . 2014-02-21 17:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-02-21 17:16 . 2014-02-21 17:16 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-02-19 21:49 . 2014-02-19 21:48 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69A69D59-F7F4-4DE8-A300-8C7450DAA995}\gapaengine.dll

2014-02-12 13:42 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-02-04 22:48 . 2014-02-04 22:48 -------- d-----w- c:\users\Mike\AppData\Local\Blizzard

2014-02-04 22:40 . 2014-02-04 22:48 -------- d-----w- c:\program files (x86)\Hearthstone

2014-02-04 22:29 . 2014-02-04 22:29 -------- d-----w- c:\users\Mike\AppData\Local\Blizzard Entertainment

2014-02-04 22:29 . 2014-02-09 18:12 -------- d-----w- c:\users\Mike\AppData\Local\Battle.net

2014-02-04 22:29 . 2014-02-04 22:39 -------- d-----w- c:\users\Mike\AppData\Roaming\Battle.net

2014-02-04 22:28 . 2014-02-04 22:40 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2014-02-04 22:28 . 2014-02-04 22:29 -------- d-----w- c:\program files (x86)\Battle.net

2014-02-04 22:28 . 2014-02-04 22:28 -------- d-----w- c:\programdata\Blizzard Entertainment

2014-02-04 22:27 . 2014-02-04 22:27 -------- d-----w- c:\programdata\Battle.net

2014-02-02 16:24 . 2014-02-02 16:24 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes

2014-02-02 16:24 . 2014-02-02 16:24 -------- d-----w- c:\programdata\Malwarebytes

2014-02-02 16:24 . 2014-02-02 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-02 16:24 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-30 22:17 . 2014-02-03 01:26 -------- d-----w- c:\programdata\TubeoAdblocker

2014-01-30 22:17 . 2014-01-30 22:17 -------- d-----w- c:\users\Mike\AppData\Local\Packages

2014-01-30 22:17 . 2014-01-30 22:17 -------- d-----w- c:\programdata\ae818f4e7f7fb3a6

2014-01-30 22:17 . 2014-01-30 22:17 -------- d-----w- c:\programdata\fgiejfenkjjomnhnplmlnkppeilhjihh

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-20 23:35 . 2012-09-09 00:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-20 23:35 . 2012-09-09 00:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-15 15:51 . 2012-09-07 03:14 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

2013-12-19 02:09 . 2014-01-16 22:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-04 02:41 . 2013-12-04 02:41 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-04 02:41 . 2013-12-04 02:41 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-12-04 02:41 . 2013-12-04 02:41 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-12-04 02:41 . 2013-12-04 02:41 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-12-04 02:41 . 2013-12-04 02:41 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-12-04 02:41 . 2013-12-04 02:41 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-12-04 02:41 . 2013-12-04 02:41 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-12-04 02:41 . 2013-12-04 02:41 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-12-04 02:41 . 2013-12-04 02:41 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-12-04 02:41 . 2013-12-04 02:41 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-04 02:41 . 2013-12-04 02:41 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-12-04 02:41 . 2013-12-04 02:41 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-12-04 02:41 . 2013-12-04 02:41 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-12-04 02:41 . 2013-12-04 02:41 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-12-04 02:41 . 2013-12-04 02:41 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-12-04 02:41 . 2013-12-04 02:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-12-04 02:41 . 2013-12-04 02:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-12-04 02:41 . 2013-12-04 02:41 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-12-04 02:41 . 2013-12-04 02:41 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-12-04 02:41 . 2013-12-04 02:41 247808 ----a-w- c:\windows\system32\msls31.dll

2013-12-04 02:41 . 2013-12-04 02:41 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-12-04 02:41 . 2013-12-04 02:41 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-12-04 02:41 . 2013-12-04 02:41 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-12-04 02:41 . 2013-12-04 02:41 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-12-04 02:41 . 2013-12-04 02:41 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-12-04 02:41 . 2013-12-04 02:41 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-12-04 02:41 . 2013-12-04 02:41 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-12-04 02:41 . 2013-12-04 02:41 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-12-04 02:41 . 2013-12-04 02:41 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-12-04 02:41 . 2013-12-04 02:41 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-12-04 02:41 . 2013-12-04 02:41 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-12-04 02:41 . 2013-12-04 02:41 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-04 02:41 . 2013-12-04 02:41 81408 ----a-w- c:\windows\system32\icardie.dll

2013-12-04 02:41 . 2013-12-04 02:41 774144 ----a-w- c:\windows\system32\jscript.dll

2013-12-04 02:41 . 2013-12-04 02:41 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-12-04 02:41 . 2013-12-04 02:41 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-12-04 02:41 . 2013-12-04 02:41 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-12-04 02:41 . 2013-12-04 02:41 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-12-04 02:41 . 2013-12-04 02:41 413696 ----a-w- c:\windows\system32\html.iec

2013-12-04 02:41 . 2013-12-04 02:41 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-04 02:41 . 2013-12-04 02:41 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-12-04 02:41 . 2013-12-04 02:41 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-12-04 02:41 . 2013-12-04 02:41 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-12-04 02:41 . 2013-12-04 02:41 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-12-04 02:41 . 2013-12-04 02:41 235520 ----a-w- c:\windows\system32\url.dll

2013-12-04 02:41 . 2013-12-04 02:41 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-12-04 02:41 . 2013-12-04 02:41 147968 ----a-w- c:\windows\system32\occache.dll

2013-12-04 02:41 . 2013-12-04 02:41 143872 ----a-w- c:\windows\system32\wextract.exe

2013-12-04 02:41 . 2013-12-04 02:41 13824 ----a-w- c:\windows\system32\mshta.exe

2013-12-04 02:41 . 2013-12-04 02:41 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-12-04 02:41 . 2013-12-04 02:41 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-04 02:41 . 2013-12-04 02:41 101376 ----a-w- c:\windows\system32\inseng.dll

2012-09-07 03:05 . 2012-09-07 03:05 3993600 ----a-w- c:\program files (x86)\GUT890D.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2013-10-17 3125280]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpUninstallDeleteDir"="rmdir" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 def8540c;Winclean performap;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys;c:\windows\SYSNATIVE\DRIVERS\ae1000w7.sys [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-29 13:16 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 23:35]

.

2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 03:00]

.

2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 03:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

Trusted Zone: sony.com\account.station

TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-28478532.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{C865AD04-1B05-E827-212A-6BFCC1989954} - c:\programdata\TubeoAdblocker\IlgC6jqqBK.x64.dll

AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{def8540c} - c:\progra~3\WINCLE~1\WINCLE~1.DLL

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-02-26 17:23:14

ComboFix-quarantined-files.txt 2014-02-26 22:23

.

Pre-Run: 1,162,813,370,368 bytes free

Post-Run: 1,164,085,264,384 bytes free

.

- - End Of File - - 6AB3DA74B1E03CEF57730D98FA757391

Link to post
Share on other sites

Please delete this folder:

c:\programdata\fgiejfenkjjomnhnplmlnkppeilhjihh

You may have to enable hidden files to see it:
http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ <--Hidden files W7 Vista

------------------------------------------

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

 MrC

Link to post
Share on other sites

AdwCleaner:

# AdwCleaner v3.019 - Report created 26/02/2014 at 18:40:37

# Updated 17/02/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Mike - MIKE-PC

# Running from : C:\Users\Mike\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

[#] Service Deleted : def8540c

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\TubeoAdblocker

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\WebSearch

Folder Deleted : C:\Windows\SysWOW64\Searchprotect

Folder Deleted : C:\Users\Mike\AppData\Local\Conduit

Folder Deleted : C:\Users\Mike\AppData\Local\Searchprotect

Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Mike\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp

File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage

File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp

Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab

Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{def8540c}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4324 octets] - [26/02/2014 18:38:47]

AdwCleaner[s0].txt - [4154 octets] - [26/02/2014 18:40:37]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4214 octets] ##########

Running the Malwarebytes next...

Link to post
Share on other sites

@RaxBoon....

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02

Ran by Mike (administrator) on MIKE-PC on 27-02-2014 17:23:09

Running from C:\Users\Mike\Desktop\malwarebytes

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)

HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"

HKU\S-1-5-21-3672383469-3676910527-2891148338-1000\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3125280 2013-10-17] (Disc Soft Ltd)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {13B587C4-20F0-4C79-A279-13FCF72502B2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN39095214362838918&UM=2

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.privitize.com/?aff=7&q={searchTerms}

SearchScopes: HKCU - {13B587C4-20F0-4C79-A279-13FCF72502B2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN39095214362838918&UM=2

SearchScopes: HKCU - {8C413333-DC9E-4447-8435-1D9C5B62152D} URL = https://www.google.com/search?q={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: TubeoAdblocker - {C865AD04-1B05-E827-212A-6BFCC1989954} - C:\ProgramData\TubeoAdblocker\IlgC6jqqBK.x64.dll No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 66.189.0.100 24.217.201.67

Chrome:

=======

CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-26]

CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-26]

CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-26]

CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-26]

CHR Extension: (TubeoAdblocker) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh [2014-02-26]

CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]

CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-26]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-01-27] ()

==================== Drivers (Whitelisted) ====================

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1600064 2011-06-08] (Ralink Technology Corp.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-23] (Disc Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-27 17:23 - 2014-02-27 17:23 - 00000000 ____D () C:\FRST

2014-02-26 19:49 - 2014-02-26 19:55 - 00000000 ____D () C:\Users\Mike\Desktop\FTB

2014-02-26 19:49 - 2014-02-26 19:50 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\ftblauncher

2014-02-26 18:38 - 2014-02-26 18:40 - 00000000 ____D () C:\AdwCleaner

2014-02-26 18:37 - 2014-02-26 18:37 - 01241834 _____ () C:\Users\Mike\Desktop\adwcleaner.exe

2014-02-26 17:47 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2014-02-26 17:47 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-02-26 17:47 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-02-26 17:47 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2014-02-26 17:47 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2014-02-26 17:47 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-02-26 17:47 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-02-26 17:47 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-02-26 17:47 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-02-26 17:47 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-02-26 17:47 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2014-02-26 17:47 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2014-02-26 17:47 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-02-26 17:47 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-02-26 17:47 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-02-26 17:47 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-02-26 17:47 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-02-26 17:47 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-02-26 17:40 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-02-26 17:40 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-02-26 17:23 - 2014-02-26 17:23 - 00023186 _____ () C:\ComboFix.txt

2014-02-26 17:16 - 2014-02-26 17:23 - 00000000 ____D () C:\Qoobox

2014-02-26 17:16 - 2014-02-26 17:22 - 00000000 ____D () C:\Windows\erdnt

2014-02-26 17:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-02-26 17:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-02-26 17:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-02-26 17:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-02-26 17:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-02-26 17:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-02-26 17:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-02-26 17:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-02-25 19:51 - 2014-02-25 19:51 - 05185084 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe

2014-02-25 19:49 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps

2014-02-24 21:09 - 2014-02-24 21:09 - 00001644 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_02242014_210927.txt

2014-02-24 21:07 - 2014-02-24 21:10 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine

2014-02-24 18:42 - 2014-02-24 18:42 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-02-24 18:31 - 2014-02-24 18:46 - 00017403 _____ () C:\Users\Mike\Desktop\dds.txt

2014-02-24 18:31 - 2014-02-24 18:44 - 00011384 _____ () C:\Users\Mike\Desktop\attach.txt

2014-02-21 12:16 - 2014-02-21 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-02-21 12:16 - 2014-02-21 12:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-02-21 12:15 - 2014-02-21 12:44 - 00000000 ____D () C:\Users\Mike\Desktop\mbar

2014-02-21 12:14 - 2014-02-27 17:23 - 00000000 ____D () C:\Users\Mike\Desktop\malwarebytes

2014-02-16 19:03 - 2014-02-16 19:03 - 00003356 _____ () C:\Windows\System32\Tasks\{38B4056F-53B1-4679-9F22-7753369453F8}

2014-02-15 22:34 - 2014-02-15 22:43 - 211233146 _____ () C:\Users\Mike\Desktop\Pixelmon 3.0.0.zip

2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\Windows\pss

2014-02-12 23:19 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-12 23:19 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-12 23:19 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-12 23:19 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-12 23:19 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-12 23:19 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-12 23:19 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-12 23:19 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-12 23:19 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-12 23:19 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-12 23:19 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-12 23:19 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-12 23:19 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-12 23:19 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-12 23:19 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-12 23:19 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-12 23:19 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-12 23:19 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-12 23:19 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-12 23:19 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-12 23:19 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-12 23:19 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-12 23:19 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-12 23:19 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-12 23:19 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-12 23:19 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-12 23:19 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-12 23:19 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-12 23:19 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-12 23:19 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-12 23:19 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-12 23:19 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-12 23:19 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-12 23:19 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-12 23:19 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-12 23:19 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-12 23:19 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-12 23:19 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-12 23:19 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-12 23:19 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-12 23:19 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-12 08:42 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-12 08:42 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-12 08:42 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-12 08:42 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-12 08:42 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-12 08:42 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-12 08:42 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-12 08:42 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-12 08:42 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-12 08:42 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-12 08:42 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-12 08:42 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-12 08:42 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-12 08:42 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-12 08:42 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-12 08:42 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-12 08:42 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-12 08:42 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-12 08:42 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-12 08:42 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-12 08:42 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-12 08:42 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-12 08:42 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-12 08:42 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-12 08:42 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-12 08:42 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-12 08:42 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-12 08:42 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-04 17:48 - 2014-02-04 17:48 - 00000000 ____D () C:\Users\Mike\AppData\Local\Blizzard

2014-02-04 17:40 - 2014-02-04 17:48 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-02-04 17:40 - 2014-02-04 17:40 - 00001187 _____ () C:\Users\Public\Desktop\Hearthstone.lnk

2014-02-04 17:29 - 2014-02-09 13:12 - 00000000 ____D () C:\Users\Mike\AppData\Local\Battle.net

2014-02-04 17:29 - 2014-02-04 17:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Battle.net

2014-02-04 17:29 - 2014-02-04 17:29 - 00000000 ____D () C:\Users\Mike\AppData\Local\Blizzard Entertainment

2014-02-04 17:28 - 2014-02-04 17:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-02-04 17:28 - 2014-02-04 17:28 - 00001150 _____ () C:\Users\Public\Desktop\Battle.net.lnk

2014-02-04 17:28 - 2014-02-04 17:28 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2014-02-04 17:27 - 2014-02-04 17:27 - 00000000 ____D () C:\ProgramData\Battle.net

2014-02-02 11:24 - 2014-02-02 11:24 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-02 11:24 - 2014-02-02 11:24 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes

2014-02-02 11:24 - 2014-02-02 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-02 11:24 - 2014-02-02 11:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-02 11:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-30 17:17 - 2014-01-30 17:17 - 00002446 __RSH () C:\ProgramData\ntuser.pol

2014-01-30 17:17 - 2014-01-30 17:17 - 00000000 ____D () C:\Users\Mike\AppData\Local\Packages

2014-01-30 17:17 - 2014-01-30 17:17 - 00000000 ____D () C:\ProgramData\ae818f4e7f7fb3a6

==================== One Month Modified Files and Folders =======

2014-02-27 17:23 - 2014-02-27 17:23 - 00000000 ____D () C:\FRST

2014-02-27 17:23 - 2014-02-21 12:14 - 00000000 ____D () C:\Users\Mike\Desktop\malwarebytes

2014-02-27 17:15 - 2012-09-06 22:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-27 16:35 - 2012-09-08 19:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-27 16:28 - 2012-09-06 21:35 - 01548990 _____ () C:\Windows\WindowsUpdate.log

2014-02-27 16:28 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-27 16:28 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-27 16:25 - 2013-09-14 16:41 - 00416842 _____ () C:\Windows\system32\perfh011.dat

2014-02-27 16:25 - 2013-09-14 16:41 - 00122224 _____ () C:\Windows\system32\perfc011.dat

2014-02-27 16:25 - 2009-07-14 00:13 - 01313238 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-27 16:21 - 2012-09-06 23:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-02-27 16:21 - 2012-09-06 22:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-27 16:21 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-27 16:21 - 2009-07-13 23:51 - 00060318 _____ () C:\Windows\setupact.log

2014-02-26 21:29 - 2012-09-08 19:13 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-02-26 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-02-26 19:55 - 2014-02-26 19:49 - 00000000 ____D () C:\Users\Mike\Desktop\FTB

2014-02-26 19:50 - 2014-02-26 19:49 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\ftblauncher

2014-02-26 19:47 - 2014-02-25 19:49 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps

2014-02-26 18:40 - 2014-02-26 18:38 - 00000000 ____D () C:\AdwCleaner

2014-02-26 18:37 - 2014-02-26 18:37 - 01241834 _____ () C:\Users\Mike\Desktop\adwcleaner.exe

2014-02-26 17:45 - 2012-09-06 23:42 - 01297750 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-26 17:44 - 2012-09-06 23:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-02-26 17:43 - 2012-09-06 23:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-02-26 17:34 - 2010-11-20 22:47 - 00193856 _____ () C:\Windows\PFRO.log

2014-02-26 17:23 - 2014-02-26 17:23 - 00023186 _____ () C:\ComboFix.txt

2014-02-26 17:23 - 2014-02-26 17:16 - 00000000 ____D () C:\Qoobox

2014-02-26 17:23 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2014-02-26 17:22 - 2014-02-26 17:16 - 00000000 ____D () C:\Windows\erdnt

2014-02-26 17:22 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

2014-02-25 21:17 - 2014-01-22 21:05 - 00000000 ____D () C:\Users\Mike\Desktop\Pixelmon Server

2014-02-25 21:17 - 2013-05-26 16:40 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Skype

2014-02-25 21:17 - 2012-09-08 18:38 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\.minecraft

2014-02-25 19:51 - 2014-02-25 19:51 - 05185084 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe

2014-02-24 21:10 - 2014-02-24 21:07 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine

2014-02-24 21:09 - 2014-02-24 21:09 - 00001644 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_02242014_210927.txt

2014-02-24 18:46 - 2014-02-24 18:31 - 00017403 _____ () C:\Users\Mike\Desktop\dds.txt

2014-02-24 18:44 - 2014-02-24 18:31 - 00011384 _____ () C:\Users\Mike\Desktop\attach.txt

2014-02-24 18:42 - 2014-02-24 18:42 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-02-24 18:42 - 2012-09-16 14:10 - 00000000 ____D () C:\Program Files (x86)\BoneCraft

2014-02-24 18:38 - 2012-12-30 14:23 - 00000000 ____D () C:\Users\Mike\Documents\NewStuff

2014-02-24 18:26 - 2013-07-07 07:24 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\uTorrent

2014-02-21 12:44 - 2014-02-21 12:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-02-21 12:44 - 2014-02-21 12:15 - 00000000 ____D () C:\Users\Mike\Desktop\mbar

2014-02-21 12:16 - 2014-02-21 12:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-02-20 18:35 - 2012-09-08 19:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-20 18:35 - 2012-09-08 19:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-20 18:35 - 2012-09-08 19:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-18 17:27 - 2012-12-10 15:37 - 00000000 ____D () C:\Users\Mike\Desktop\MineCraft

2014-02-16 19:03 - 2014-02-16 19:03 - 00003356 _____ () C:\Windows\System32\Tasks\{38B4056F-53B1-4679-9F22-7753369453F8}

2014-02-15 22:43 - 2014-02-15 22:34 - 211233146 _____ () C:\Users\Mike\Desktop\Pixelmon 3.0.0.zip

2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\Windows\pss

2014-02-15 10:52 - 2013-08-15 20:34 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-15 10:51 - 2012-09-06 22:14 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-09 16:03 - 2012-09-08 19:37 - 00000000 ____D () C:\Users\Mike\Documents\my games

2014-02-09 13:12 - 2014-02-04 17:29 - 00000000 ____D () C:\Users\Mike\AppData\Local\Battle.net

2014-02-08 09:30 - 2012-10-15 17:53 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-02-06 07:16 - 2014-02-12 23:19 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-06 06:30 - 2014-02-12 23:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-06 06:30 - 2014-02-12 23:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-06 06:12 - 2014-02-12 23:19 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-06 06:07 - 2014-02-12 23:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-06 06:06 - 2014-02-12 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-06 05:57 - 2014-02-12 23:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-06 05:56 - 2014-02-12 23:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-06 05:52 - 2014-02-12 23:19 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-06 05:49 - 2014-02-12 23:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-06 05:48 - 2014-02-12 23:19 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-06 05:48 - 2014-02-12 23:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-06 05:38 - 2014-02-12 23:19 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-06 05:32 - 2014-02-12 23:19 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-06 05:20 - 2014-02-12 23:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-06 05:17 - 2014-02-12 23:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-06 05:11 - 2014-02-12 23:19 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-06 05:01 - 2014-02-12 23:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-06 05:00 - 2014-02-12 23:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-06 04:57 - 2014-02-12 23:19 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-06 04:57 - 2014-02-12 23:19 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-06 04:52 - 2014-02-12 23:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-06 04:52 - 2014-02-12 23:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-06 04:50 - 2014-02-12 23:19 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-06 04:49 - 2014-02-12 23:19 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-06 04:47 - 2014-02-12 23:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-06 04:46 - 2014-02-12 23:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-06 04:25 - 2014-02-12 23:19 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-06 04:25 - 2014-02-12 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-06 04:24 - 2014-02-12 23:19 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-06 04:22 - 2014-02-12 23:19 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-06 04:13 - 2014-02-12 23:19 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-06 04:09 - 2014-02-12 23:19 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-06 04:03 - 2014-02-12 23:19 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-06 03:55 - 2014-02-12 23:19 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-06 03:41 - 2014-02-12 23:19 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-06 03:40 - 2014-02-12 23:19 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-06 03:36 - 2014-02-12 23:19 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-06 03:34 - 2014-02-12 23:19 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-04 17:48 - 2014-02-04 17:48 - 00000000 ____D () C:\Users\Mike\AppData\Local\Blizzard

2014-02-04 17:48 - 2014-02-04 17:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-02-04 17:40 - 2014-02-04 17:40 - 00001187 _____ () C:\Users\Public\Desktop\Hearthstone.lnk

2014-02-04 17:39 - 2014-02-04 17:29 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Battle.net

2014-02-04 17:29 - 2014-02-04 17:29 - 00000000 ____D () C:\Users\Mike\AppData\Local\Blizzard Entertainment

2014-02-04 17:29 - 2014-02-04 17:28 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-02-04 17:28 - 2014-02-04 17:28 - 00001150 _____ () C:\Users\Public\Desktop\Battle.net.lnk

2014-02-04 17:28 - 2014-02-04 17:28 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2014-02-04 17:27 - 2014-02-04 17:27 - 00000000 ____D () C:\ProgramData\Battle.net

2014-02-02 11:24 - 2014-02-02 11:24 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-02 11:24 - 2014-02-02 11:24 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes

2014-02-02 11:24 - 2014-02-02 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-02 11:24 - 2014-02-02 11:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-31 06:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-01-30 17:17 - 2014-01-30 17:17 - 00002446 __RSH () C:\ProgramData\ntuser.pol

2014-01-30 17:17 - 2014-01-30 17:17 - 00000000 ____D () C:\Users\Mike\AppData\Local\Packages

2014-01-30 17:17 - 2014-01-30 17:17 - 00000000 ____D () C:\ProgramData\ae818f4e7f7fb3a6

2014-01-30 17:17 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-01-30 17:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-01-29 22:58 - 2012-09-08 20:26 - 00000000 ____D () C:\Users\Mike\Desktop\MineCraft Server

2014-01-29 08:17 - 2012-09-06 22:00 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:

====================

C:\Users\Mike\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 20:36

==================== End Of Log ============================

Link to post
Share on other sites

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02

Ran by Mike at 2014-02-27 17:23:42

Running from C:\Users\Mike\Desktop\malwarebytes

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)

Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

C3 (HKLM-x32\...\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}) (Version: 0.4.1493 - Vivox Inc.)

DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd)

DC Universe Online (HKCU\...\soe-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)

DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment)

Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)

Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)

EP2v1.4 (HKLM\...\UDK-fff5ab99-0845-41b2-b078-18885c070985) (Version: - Epic Games, Inc.)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )

EverQuest Titanium (HKLM-x32\...\{32714287-4234-412A-877B-D33AFABFDE2B}) (Version: 1.00.000 - )

Fallout Collection (HKLM-x32\...\Fallout Collection) (Version: - )

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)

Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - )

Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.11.0 - Futuremark Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)

Java SE Development Kit 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)

Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)

MechWarrior Online (HKCU\...\{4f004f4a-1930-4b55-83e6-61660211787f}) (Version: 1.1.1.0 - Piranha Games Inc.)

MechWarrior Online (x32 Version: 1.1.1.0 - Piranha Games Inc.) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (JPN) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden

OnsenHimeSP (HKLM-x32\...\OnsenHimeSP) (Version: 1.00 - Privateer)

Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)

PlayFKiSS (HKLM-x32\...\PlayFKiSS) (Version: - )

Pretty Soldier Wars A.D. 2048 (HKLM-x32\...\Pretty Soldier Wars A.D. 2048) (Version: - )

Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)

RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)

Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )

RPG Maker VX (HKLM-x32\...\RPG Maker VX_is1) (Version: 1.02 - Enterbrain)

RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)

RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)

Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Spectromancer: Gathering of Power (HKLM-x32\...\['{F634E3D7-B968-497B-A888-685597C901F6}']) (Version: - Apus Software)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version: - 2K Marin)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

Unreal Development Kit: 2012-10 (HKLM\...\UDK-f7100924-86e5-4f53-8db6-9aa66c27a290) (Version: - Epic Games, Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

Viva Piñata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios)

Viva Pinata (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

WhoreCraft (HKLM-x32\...\WhoreCraft1.6.1r) (Version: 1.6.1r - DaemiaCo)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY)

XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - )

==================== Restore Points =========================

15-02-2014 15:50:29 Windows Update

18-02-2014 21:33:46 Windows Update

22-02-2014 04:43:45 Windows Update

24-02-2014 23:41:18 Removed BoneCraft

26-02-2014 02:05:38 Windows Update

26-02-2014 03:14:40 Windows Update

26-02-2014 22:40:39 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-02-26 17:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {25030EB9-7BB9-4422-B101-BC464B4364AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)

Task: {785DBF0A-F5CA-4287-A514-6BF407FC0A26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)

Task: {D14C82B6-DC6D-4E22-8917-3543F3546F4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-27 18:34 - 2013-01-27 18:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2012-09-06 23:28 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-02-13 10:22 - 2014-02-13 10:22 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll

2012-09-06 21:57 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: C3 => C:\Program Files (x86)\Vivox\C3\c3.exe

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: uTorrent => "C:\Users\Mike\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/27/2014 04:23:00 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2014 09:20:32 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 09:29:28 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

Error: (02/26/2014 07:47:38 PM) (Source: Application Error) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16518, time stamp: 0x52f347b2

Faulting module name: Flash32_12_0_0_70.ocx, version: 12.0.0.70, time stamp: 0x53016215

Exception code: 0xc0000005

Fault offset: 0x00191a94

Faulting process id: 0x1344

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Error: (02/26/2014 07:29:45 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 06:58:46 PM) (Source: Steam Client Service) (User: )

Description: Error: Failed to poke open firewall

Error: (02/26/2014 06:43:46 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 05:50:59 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 05:36:21 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 04:58:58 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80004005

System errors:

=============

Error: (02/26/2014 05:52:08 PM) (Source: DCOM) (User: )

Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/26/2014 05:49:52 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Winclean performap service to connect.

Error: (02/26/2014 05:37:04 PM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error:

%%1069

Error: (02/26/2014 05:37:04 PM) (Source: Service Control Manager) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:

%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/26/2014 05:22:16 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/26/2014 05:21:43 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/26/2014 05:20:44 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/26/2014 04:46:37 PM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error:

%%1069

Error: (02/26/2014 04:46:37 PM) (Source: Service Control Manager) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:

%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/26/2014 04:44:31 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Winclean performap service to connect.

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2014-02-26 17:21:43.383

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-26 17:21:43.336

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 16335.79 MB

Available physical RAM: 13757.82 MB

Total Pagefile: 32669.75 MB

Available Pagefile: 29980.05 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1397.17 GB) (Free:1079.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: F1EF1C82)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Here's the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02

Ran by Mike at 2014-02-27 19:07:07 Run:1

Running from C:\Users\Mike\Desktop\malwarebytes

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

BHO: TubeoAdblocker - {C865AD04-1B05-E827-212A-6BFCC1989954} - C:\ProgramData\TubeoAdblocker\IlgC6jqqBK.x64.dll No File

CHR Extension: (TubeoAdblocker) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh [2014-02-26]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C865AD04-1B05-E827-212A-6BFCC1989954} => Key deleted successfully.

HKCR\CLSID\{C865AD04-1B05-E827-212A-6BFCC1989954} => Key deleted successfully.

C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh => Moved successfully.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

The system needs a manual reboot.

==== End of Fixlog ====

I'm going to give it a bit and see how everything goes. If you don't mind me asking (and if you have the time) what exactly was done with that last step? I know some files were deleted, but I was just curious how obvious they were as errors...granted a list of random letters seems like a giveaway. My knowledge of computers isn't limited, but this is just an area that I haven't have much time to put in to researching problems/fixes. If you don't have the time no offense is taken. You've done this out of the kindness of your heart and I (and many many others) really appreciate what you do. I'll let you know how everything's running either later tonight or tomorrow.

Link to post
Share on other sites

These were some restriction on your Google Chrome which we removed:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION



This is just a left over entry that was already deleted:
BHO: TubeoAdblocker - {C865AD04-1B05-E827-212A-6BFCC1989954} - C:\ProgramData\TubeoAdblocker\IlgC6jqqBK.x64.dll No File

This is malware which was deleted: (Google Chrome Extension, unique to your computer)
CHR Extension: (TubeoAdblocker) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgiejfenkjjomnhnplmlnkppeilhjihh [2014-02-26]

Let me know.....MrC

Link to post
Share on other sites

Internet Explorer mostly. Though a couple days ago it would happen with Chrome as well.

Here's the log...I guess it happened a little more then the twice that I noticed.

2014/02/28 16:24:47 -0500 MIKE-PC Mike MESSAGE Executing scheduled update: Daily

2014/02/28 16:24:48 -0500 MIKE-PC Mike MESSAGE Starting protection

2014/02/28 16:24:48 -0500 MIKE-PC Mike MESSAGE Protection started successfully

2014/02/28 16:24:48 -0500 MIKE-PC Mike MESSAGE Starting IP protection

2014/02/28 16:24:49 -0500 MIKE-PC Mike MESSAGE IP Protection started successfully

2014/02/28 16:25:00 -0500 MIKE-PC Mike MESSAGE Scheduled update executed successfully: database updated from version v2014.02.27.05 to version v2014.02.28.10

2014/02/28 16:25:00 -0500 MIKE-PC Mike MESSAGE Starting database refresh

2014/02/28 16:25:01 -0500 MIKE-PC Mike MESSAGE Stopping IP protection

2014/02/28 16:25:01 -0500 MIKE-PC Mike MESSAGE IP Protection stopped successfully

2014/02/28 16:25:04 -0500 MIKE-PC Mike MESSAGE Database refreshed successfully

2014/02/28 16:25:04 -0500 MIKE-PC Mike MESSAGE Starting IP protection

2014/02/28 16:25:04 -0500 MIKE-PC Mike MESSAGE IP Protection started successfully

2014/02/28 17:45:31 -0500 MIKE-PC Mike IP-BLOCK 162.210.192.76 (Type: outgoing, Port: 53986, Process: iexplore.exe)

2014/02/28 17:45:31 -0500 MIKE-PC Mike IP-BLOCK 162.210.192.76 (Type: outgoing, Port: 53987, Process: iexplore.exe)

2014/02/28 17:45:31 -0500 MIKE-PC Mike IP-BLOCK 162.210.192.76 (Type: outgoing, Port: 54148, Process: iexplore.exe)

2014/02/28 17:46:03 -0500 MIKE-PC Mike IP-BLOCK 162.210.192.76 (Type: outgoing, Port: 54227, Process: iexplore.exe)

2014/02/28 17:46:11 -0500 MIKE-PC Mike IP-BLOCK 162.210.192.76 (Type: outgoing, Port: 54275, Process: iexplore.exe)

2014/02/28 17:46:19 -0500 MIKE-PC Mike IP-BLOCK 162.210.192.76 (Type: outgoing, Port: 54320, Process: iexplore.exe)

2014/02/28 17:46:35 -0500 MIKE-PC Mike IP-BLOCK 162.210.192.76 (Type: outgoing, Port: 54386, Process: iexplore.exe)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.