Jump to content

Recommended Posts

I noticed my computer running very slow on multiple websites (I have a pretty fast computer and my internet is decent, so my roomate suggested it may be a rootkit).  Me, being the worrisome person I am, decided to do some scans.  Avast! picked up nothing, Malwarebytes' Anti-Rootkit picked up nothing (I still wasn't convinced, though), and Malwarebytes Anti-Malware picked up three items.  Another thing, Malewarebytes Anti-Malware was having a hard time scanning.  During a full scan, it would get two or sometimes four seconds in, and the program would freeze.  Other times, it would get through an entire scan, but when I went to remove the infected files, it would freeze.  The program is updated, so this was also something that creates the suspicion of a rootkit.  I finally got it to remove the items, but I want to be sure it removed everything completely. 

 

Here is the scan log from my most current scan:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.17.02

Windows 8 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.16521
rattlehead29 :: CODY [administrator]

3/17/2014 12:22:46 AM
MBAM-log-2014-03-17 (01-19-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429703
Time elapsed: 49 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\Search Protection (PUP.Optional.MyEmoticons.A) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtection (PUP.Optional.SearchProtection.A) -> Data: "C:\Users\rattlehead29\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\rattlehead29\AppData\Roaming\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> No action taken.

(end)
 

Any help would be greatly appreciated.  If you need any more information, I will gladly provide what I can.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

FRST.txt Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by rattlehead29 (administrator) on CODY on 17-03-2014 10:44:36
Running from C:\Users\rattlehead29\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Sendori) C:\Program Files (x86)\PureLeads\plsapp.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\rattlehead29\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(BitTorrent Inc.) C:\Users\rattlehead29\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Spigot, Inc.) C:\Users\rattlehead29\AppData\Roaming\Search Protection\SearchProtection.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
() C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PureLeads Tray] - C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-23] (SUPERAntiSpyware)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [spotify] - C:\Users\rattlehead29\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-08] (Spotify Ltd)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [spotify Web Helper] - C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-08] (Spotify Ltd)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [bitTorrent] - C:\Users\rattlehead29\AppData\Roaming\BitTorrent\BitTorrent.exe [1615448 2014-03-14] (BitTorrent Inc.)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [searchProtection] - C:\Users\rattlehead29\AppData\Roaming\Search Protection\SearchProtection.EXE [840552 2014-02-20] (Spigot, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB8D2F2734D1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {4253F560-7401-4F94-9F1B-F05B29610207} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {4253F560-7401-4F94-9F1B-F05B29610207} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.yahoo.com/?type=586383&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default\searchplugins\yahoo_ff.xml
FF Extension: Lightbeam - C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-11-05]
FF Extension: Adblock Plus - C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-23]

Chrome:
=======


CHR Extension: (Google Docs) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-23]
CHR Extension: (Google Search) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (avast! Online Security) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (Gmail) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] ()

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-22] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [104184 2012-12-21] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-09-12] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-03-16] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2936536 2013-09-05] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-06] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 10:44 - 2014-03-17 10:45 - 00016588 _____ () C:\Users\rattlehead29\Desktop\FRST.txt
2014-03-17 10:41 - 2014-03-17 10:41 - 02157056 _____ (Farbar) C:\Users\rattlehead29\Desktop\FRST64.exe
2014-03-17 10:40 - 2014-03-17 10:44 - 00000000 ____D () C:\FRST
2014-03-17 10:29 - 2014-03-17 10:40 - 00017713 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 01:47 - 2014-03-17 01:47 - 00002786 _____ () C:\WINDOWS\PFRO.log
2014-03-17 01:21 - 2014-03-17 01:21 - 00000000 ____D () C:\SUPERDelete
2014-03-16 23:20 - 2014-03-16 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 23:19 - 2014-03-16 23:52 - 00000000 ____D () C:\Users\rattlehead29\Desktop\mbar
2014-03-16 23:19 - 2014-03-16 23:38 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-16 23:17 - 2014-03-16 23:18 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rattlehead29\Downloads\mbar-1.07.0.1009.exe
2014-03-14 00:58 - 2014-03-14 00:58 - 00000893 _____ () C:\Users\rattlehead29\Desktop\BitTorrent.lnk
2014-03-14 00:58 - 2014-03-14 00:58 - 00000873 _____ () C:\Users\rattlehead29\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-03-14 00:58 - 2014-03-14 00:58 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\Search Protection
2014-03-14 00:57 - 2014-03-17 10:43 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\BitTorrent
2014-03-14 00:56 - 2014-03-14 00:56 - 01615448 _____ (BitTorrent Inc.) C:\Users\rattlehead29\Downloads\BitTorrent.exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00002786 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-13 15:39 - 2014-03-13 15:39 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-13 15:39 - 2014-03-13 15:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-13 15:38 - 2014-03-13 15:39 - 04765152 _____ (Piriform Ltd) C:\Users\rattlehead29\Downloads\ccsetup411.exe
2014-03-13 14:01 - 2014-03-17 10:45 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4721CBF-98C7-4313-9FB8-E52455E9061A}
2014-03-12 23:49 - 2014-03-12 23:49 - 00000000 ____D () C:\Users\rattlehead29\Documents\Poop Balls
2014-03-12 22:51 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 22:51 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 22:51 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 22:51 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 22:51 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 22:51 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 22:51 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 22:51 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 22:51 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 22:51 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 22:51 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 22:51 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 22:51 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 22:51 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 22:51 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 22:51 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 22:51 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 22:51 - 2014-02-10 22:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 22:51 - 2014-02-10 21:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 22:51 - 2014-02-10 21:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 22:51 - 2014-01-31 11:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 22:51 - 2014-01-31 11:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 22:51 - 2014-01-31 11:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 22:51 - 2014-01-31 08:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 22:51 - 2014-01-31 04:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 22:51 - 2014-01-29 04:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 22:51 - 2014-01-29 03:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 22:51 - 2014-01-29 03:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 22:51 - 2014-01-29 03:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 22:51 - 2014-01-29 03:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 22:51 - 2014-01-29 02:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 22:51 - 2014-01-29 02:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 22:51 - 2014-01-29 02:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 22:51 - 2014-01-29 01:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 22:51 - 2014-01-28 19:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 22:51 - 2014-01-27 14:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 22:51 - 2014-01-27 14:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 22:51 - 2014-01-27 14:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 22:51 - 2014-01-27 13:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 22:51 - 2014-01-27 13:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 22:51 - 2014-01-27 13:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 22:51 - 2014-01-27 13:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 22:51 - 2014-01-27 13:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 22:51 - 2014-01-27 12:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 22:51 - 2014-01-27 12:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 22:51 - 2014-01-27 12:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 22:51 - 2014-01-27 10:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 22:51 - 2014-01-27 10:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 22:51 - 2014-01-27 06:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 22:51 - 2014-01-17 18:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 22:51 - 2014-01-17 16:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 22:51 - 2013-12-21 09:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 22:51 - 2013-12-21 03:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 22:51 - 2013-12-20 05:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 22:51 - 2013-12-20 05:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 22:51 - 2013-10-30 19:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 22:51 - 2013-10-30 19:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 22:51 - 2013-10-30 19:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-03 14:14 - 2014-03-03 14:14 - 00000220 _____ () C:\Users\rattlehead29\Desktop\Garry's Mod.url
2014-03-03 13:27 - 2014-03-03 13:27 - 00000219 _____ () C:\Users\rattlehead29\Desktop\Counter-Strike Source.url
2014-02-23 09:41 - 2014-02-23 09:41 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\3909
2014-02-23 09:14 - 2014-02-23 09:14 - 00000222 _____ () C:\Users\rattlehead29\Desktop\Papers, Please.url
2014-02-22 21:35 - 2014-02-22 21:35 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-02-22 21:35 - 2014-02-22 21:35 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-17 23:43 - 2014-02-17 23:43 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\steamvr
2014-02-15 10:43 - 2013-11-27 10:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-15 10:43 - 2013-11-27 10:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-15 10:43 - 2013-11-27 09:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-15 10:43 - 2013-11-27 08:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-15 10:43 - 2013-11-27 05:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-15 10:43 - 2013-11-27 04:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-15 10:43 - 2013-11-27 04:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-15 10:43 - 2013-11-27 03:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-15 10:43 - 2013-11-26 08:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-15 10:43 - 2013-11-26 08:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-15 10:43 - 2013-11-26 06:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-15 10:43 - 2013-11-26 04:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-15 10:43 - 2013-11-26 03:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-15 10:43 - 2013-11-24 20:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-15 10:43 - 2013-11-23 07:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-15 10:43 - 2013-11-23 06:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-15 10:43 - 2013-11-23 03:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-15 10:43 - 2013-11-23 02:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-15 10:43 - 2013-11-22 23:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-15 10:43 - 2013-11-22 22:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-15 10:43 - 2013-11-22 22:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-15 10:43 - 2013-11-22 22:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-15 10:43 - 2013-11-22 22:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-15 10:43 - 2013-11-22 22:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-15 10:43 - 2013-11-22 22:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-15 10:43 - 2013-11-21 01:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-15 10:43 - 2013-11-15 09:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-15 10:43 - 2013-11-15 09:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-15 10:43 - 2013-11-15 08:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-15 10:43 - 2013-10-30 19:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-15 10:42 - 2013-12-08 19:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-15 10:42 - 2013-12-08 19:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-15 10:42 - 2013-11-27 07:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-15 10:42 - 2013-11-27 05:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-15 10:42 - 2013-11-27 05:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-15 10:42 - 2013-11-27 04:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-15 10:42 - 2013-11-27 04:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-15 10:42 - 2013-11-27 03:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-15 10:42 - 2013-11-24 20:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-15 10:42 - 2013-11-24 18:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-15 10:42 - 2013-11-24 18:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-15 10:42 - 2013-11-23 02:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-15 10:42 - 2013-11-23 02:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-15 10:42 - 2013-11-21 01:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-15 10:42 - 2013-11-15 09:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-15 10:42 - 2013-10-30 18:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-15 10:40 - 2014-02-15 10:40 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-15 00:34 - 2014-02-15 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 10:45 - 2014-03-17 10:44 - 00016588 _____ () C:\Users\rattlehead29\Desktop\FRST.txt
2014-03-17 10:45 - 2014-03-13 14:01 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4721CBF-98C7-4313-9FB8-E52455E9061A}
2014-03-17 10:44 - 2014-03-17 10:40 - 00000000 ____D () C:\FRST
2014-03-17 10:43 - 2014-03-14 00:57 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\BitTorrent
2014-03-17 10:41 - 2014-03-17 10:41 - 02157056 _____ (Farbar) C:\Users\rattlehead29\Desktop\FRST64.exe
2014-03-17 10:40 - 2014-03-17 10:29 - 00017713 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 10:33 - 2013-10-22 12:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2291321612-1494556600-2428750246-1002
2014-03-17 10:29 - 2013-10-24 08:49 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\Spotify
2014-03-17 10:28 - 2013-10-24 08:50 - 00000000 ____D () C:\Users\rattlehead29\AppData\Local\Spotify
2014-03-17 10:28 - 2013-10-23 22:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-17 10:28 - 2013-10-23 03:48 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 10:28 - 2013-10-23 03:47 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 10:26 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-17 02:03 - 2013-10-23 03:47 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 01:55 - 2013-11-05 10:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 01:47 - 2014-03-17 01:47 - 00002786 _____ () C:\WINDOWS\PFRO.log
2014-03-17 01:47 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 01:21 - 2014-03-17 01:21 - 00000000 ____D () C:\SUPERDelete
2014-03-16 23:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-16 23:52 - 2014-03-16 23:19 - 00000000 ____D () C:\Users\rattlehead29\Desktop\mbar
2014-03-16 23:39 - 2014-03-16 23:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 23:38 - 2014-03-16 23:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-16 23:18 - 2014-03-16 23:17 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rattlehead29\Downloads\mbar-1.07.0.1009.exe
2014-03-16 22:17 - 2014-01-22 11:26 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-16 22:17 - 2013-12-06 16:27 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-16 18:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-14 00:58 - 2014-03-14 00:58 - 00000893 _____ () C:\Users\rattlehead29\Desktop\BitTorrent.lnk
2014-03-14 00:58 - 2014-03-14 00:58 - 00000873 _____ () C:\Users\rattlehead29\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-03-14 00:58 - 2014-03-14 00:58 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\Search Protection
2014-03-14 00:56 - 2014-03-14 00:56 - 01615448 _____ (BitTorrent Inc.) C:\Users\rattlehead29\Downloads\BitTorrent.exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00002786 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-13 15:39 - 2014-03-13 15:39 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-13 15:39 - 2014-03-13 15:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-13 15:39 - 2014-03-13 15:38 - 04765152 _____ (Piriform Ltd) C:\Users\rattlehead29\Downloads\ccsetup411.exe
2014-03-13 12:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-13 11:00 - 2013-08-22 09:44 - 00335784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 10:59 - 2013-10-24 17:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 10:59 - 2013-10-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 23:49 - 2014-03-12 23:49 - 00000000 ____D () C:\Users\rattlehead29\Documents\Poop Balls
2014-03-12 01:23 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-11 12:55 - 2013-11-05 10:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-11 02:25 - 2013-11-18 10:37 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\Audacity
2014-03-08 20:27 - 2013-10-24 19:07 - 00001540 _____ () C:\WINDOWS\Sandboxie.ini
2014-03-06 12:57 - 2013-11-18 11:30 - 00000000 ____D () C:\Users\rattlehead29\AppData\Local\SoulseekQt
2014-03-06 03:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-04 17:53 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 17:53 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 14:14 - 2014-03-03 14:14 - 00000220 _____ () C:\Users\rattlehead29\Desktop\Garry's Mod.url
2014-03-03 13:27 - 2014-03-03 13:27 - 00000219 _____ () C:\Users\rattlehead29\Desktop\Counter-Strike Source.url
2014-03-01 01:05 - 2014-03-12 22:51 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-28 23:58 - 2014-03-12 22:51 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-28 23:30 - 2014-03-12 22:51 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-28 23:17 - 2014-03-12 22:51 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-28 22:54 - 2014-03-12 22:51 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-28 22:47 - 2014-03-12 22:51 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-28 22:42 - 2014-03-12 22:51 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-28 22:18 - 2014-03-12 22:51 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-28 22:14 - 2014-03-12 22:51 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-12 22:51 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-28 22:03 - 2014-03-12 22:51 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-28 21:57 - 2014-03-12 22:51 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-12 22:51 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-12 22:51 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-12 22:51 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-12 22:51 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-12 22:51 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 01:08 - 2013-10-24 16:04 - 00000000 ____D () C:\Users\rattlehead29\Documents\my games
2014-02-26 00:21 - 2013-11-12 23:05 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-02-23 09:41 - 2014-02-23 09:41 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\3909
2014-02-23 09:14 - 2014-02-23 09:14 - 00000222 _____ () C:\Users\rattlehead29\Desktop\Papers, Please.url
2014-02-23 09:06 - 2013-10-23 13:54 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-22 21:35 - 2014-02-22 21:35 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-02-22 21:35 - 2014-02-22 21:35 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-22 21:35 - 2013-10-23 03:47 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-22 21:35 - 2013-10-23 03:47 - 00207904 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-17 23:43 - 2014-02-17 23:43 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\steamvr
2014-02-16 09:18 - 2013-10-24 14:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 09:17 - 2013-10-24 14:26 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-16 00:44 - 2013-10-22 12:01 - 00000000 ___RD () C:\Users\rattlehead29\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 00:44 - 2013-10-22 12:01 - 00000000 ___RD () C:\Users\rattlehead29\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-16 00:43 - 2013-11-05 09:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 13:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-15 13:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-15 13:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-15 10:40 - 2014-02-15 10:40 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-15 00:34 - 2014-02-15 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 22:51] - [2014-01-31 11:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-17 02:19

==================== End Of Log ============================

 

Addition.txt Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by rattlehead29 at 2014-03-17 10:46:02
Running from C:\Users\rattlehead29\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53A19094-2C04-A9B9-7309-3E92152D4845}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.0.30659 - BitTorrent Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Call of Juarez: Bound in Blood (HKLM-x32\...\Steam App 21980) (Version:  - Techland)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Condemned: Criminal Origins (HKLM-x32\...\Steam App 4720) (Version:  - Monolith)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Easy Tune 6 B13.0125.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0125.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith )
F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version:  - Monolith)
Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version:  - Black Isle Studios)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Free Audio Converter version 5.0.32.1230 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 3.59 - Happy Cloud, Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.17 - PureLeads)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Search Protection (HKCU\...\Search Protection) (Version: 8.7.0.2 - Spigot, Inc.)
Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version:  - Croteam)
Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version:  - Croteam)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TERA (HKCU\...\teraenmasse) (Version:  - )
The Bard's Tale (HKLM-x32\...\Steam App 41900) (Version:  - inXile Entertainment)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)

==================== Restore Points  =========================

23-02-2014 02:34:26 avast! antivirus system restore point
28-02-2014 06:06:56 Installed DirectX
09-03-2014 06:14:28 Scheduled Checkpoint
13-03-2014 04:54:55 Windows Update

==================== Hosts content: ==========================

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {12D34E5D-689A-427D-BE21-CD70FA0E0CD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2350D03D-8BEA-458F-B27C-D2373BD6E023} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-22] (AVAST Software)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5050BFD8-89BE-43F6-B2DB-8A0E061C09A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7B3FE38-DBC2-4441-A712-394D53BFDD28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6399CC0-4E8F-4306-929A-04FE9043B064} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-16] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F8A2037E-1E31-4508-9D7E-4262FECE56A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 18:32 - 2012-12-19 18:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 21:39 - 2012-10-17 21:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 21:39 - 2012-10-17 21:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 18:32 - 2012-12-19 18:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-12-21 22:27 - 2013-12-21 22:27 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-10-23 03:35 - 2008-06-26 21:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
2013-10-24 08:50 - 2014-01-08 23:42 - 00603648 _____ () C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-12-19 18:32 - 2012-12-19 18:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-16 20:53 - 2014-03-16 14:49 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031601\algo.dll
2014-03-17 10:42 - 2014-03-17 04:20 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031700\algo.dll
2014-01-08 10:13 - 2013-12-12 17:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 10:13 - 2013-11-04 20:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-08-21 14:18 - 2014-02-10 21:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-10-08 18:19 - 2014-02-25 16:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-01-10 18:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-24 08:50 - 2014-01-08 23:42 - 36967424 _____ () C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-23 03:35 - 2013-03-19 18:32 - 02547712 _____ () C:\Program Files (x86)\D-Link\DWA-171\WlanDll.dll
2013-10-23 03:47 - 2013-10-23 03:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-24 08:50 - 2014-01-08 23:42 - 00887808 _____ () C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-24 08:50 - 2014-01-08 23:42 - 00109568 _____ () C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 10:42:54 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 10:37:54 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 10:32:51 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 10:29:04 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/17/2014 10:26:55 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 02:14:35 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 02:09:34 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 02:04:34 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 01:59:35 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 01:54:34 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).


System errors:
=============
Error: (03/17/2014 10:31:47 AM) (Source: Service Control Manager) (User: )
Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/17/2014 10:29:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/17/2014 01:47:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (03/17/2014 01:46:42 AM) (Source: DCOM) (User: Cody)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/17/2014 01:46:36 AM) (Source: DCOM) (User: Cody)
Description: 1084plsapp-Service{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error: (03/17/2014 01:45:35 AM) (Source: DCOM) (User: Cody)
Description: 1084plsapp-Service{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error: (03/17/2014 01:44:35 AM) (Source: DCOM) (User: Cody)
Description: 1084plsapp-Service{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error: (03/17/2014 01:43:35 AM) (Source: DCOM) (User: Cody)
Description: 1084plsapp-Service{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error: (03/17/2014 01:42:35 AM) (Source: DCOM) (User: Cody)
Description: 1084plsapp-Service{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Error: (03/17/2014 01:41:35 AM) (Source: DCOM) (User: Cody)
Description: 1084plsapp-Service{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}


Microsoft Office Sessions:
=========================
Error: (03/17/2014 10:42:54 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 10:37:54 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 10:32:51 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 10:29:04 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/17/2014 10:26:55 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 02:14:35 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 02:09:34 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 02:04:34 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 01:59:35 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).

Error: (03/17/2014 01:54:34 AM) (Source: PlsvcV2)(User: )
Description: In the enable methodUnable to cast COM object of type 'PCProxyLib.DataControllerClass' to interface type 'PCProxyLib.IDataController'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{22511E2E-7970-414E-BC7C-28D16C4AF54D}' failed due to the following error: Library not registered. (Exception from HRESULT: 0x8002801D (TYPE_E_LIBNOTREGISTERED)).


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 8189.53 MB
Available physical RAM: 6618.88 MB
Total Pagefile: 9469.53 MB
Available Pagefile: 7543.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:926.18 GB) (Free:659.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 606DCDAC)
Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=926 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=27)

==================== End Of Log ============================

 

ark.txt Log

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-17 11:08:14
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000001e WDC_WD10EZEX-22RKKA0 rev.80.00A80 931.51GB
Running: cos3ojjm.exe; Driver: C:\Users\RATTLE~1\AppData\Local\Temp\pgldqpob.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [6952:1680]                                                                        fffff960008874d0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                -364621643
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-f8-b3-1e-a6-7a@ClientLocalPort           63110
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-f8-b3-1e-a6-7a@AddressCreationTimestamp  0xAD 0xA5 0x37 0x09 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-f8-b3-1e-a6-7a@TeredoAddress             2001:0:9d38:90d7:c70:979:bee0:3f09
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                  2170
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                 810
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                               0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                           0x64 0x62 0x03 0x00 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                   1
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count   2
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh                                             0x5E 0x45 0x3D 0x1E ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified                 0x00 0xB4 0x1D 0x21 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@0                                                         C:\Users\rattlehead29\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk?C:\Users\rattlehead29\AppData\Roaming\BitTorrent\BitTorrent.exe??

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

P2P software installed

Going over your logs I noticed that you have Soulseek and BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Soulseek and BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

PureLeads
Search Protection


Close the window.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

 

 

 

 

Also create and attach a new FRST log.

Link to post
Share on other sites

I'm attaching the results of the TDSSKiller scan, because the post is too long when pasted.

 

FRST Log #2

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by rattlehead29 (administrator) on CODY on 17-03-2014 23:17:33
Running from C:\Users\rattlehead29\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-23] (SUPERAntiSpyware)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [spotify] - C:\Users\rattlehead29\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-08] (Spotify Ltd)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [spotify Web Helper] - C:\Users\rattlehead29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-08] (Spotify Ltd)
HKU\S-1-5-21-2291321612-1494556600-2428750246-1002\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB8D2F2734D1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {4253F560-7401-4F94-9F1B-F05B29610207} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {4253F560-7401-4F94-9F1B-F05B29610207} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.yahoo.com/?type=586383&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default\searchplugins\yahoo_ff.xml
FF Extension: Lightbeam - C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-11-05]
FF Extension: Adblock Plus - C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-23]

Chrome:
=======


CHR Extension: (Google Docs) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-23]
CHR Extension: (Google Search) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (avast! Online Security) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (Gmail) - C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] ()

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-22] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [104184 2012-12-21] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-09-12] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-03-16] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2936536 2013-09-05] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-06] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 23:06 - 2014-03-17 23:06 - 04110135 _____ () C:\Users\rattlehead29\Desktop\tdsskiller.zip
2014-03-17 11:08 - 2014-03-17 11:08 - 00002419 _____ () C:\Users\rattlehead29\Desktop\ark.txt
2014-03-17 10:53 - 2014-03-17 10:53 - 00380416 _____ () C:\Users\rattlehead29\Desktop\cos3ojjm.exe
2014-03-17 10:46 - 2014-03-17 10:46 - 00030089 _____ () C:\Users\rattlehead29\Desktop\Addition.txt
2014-03-17 10:44 - 2014-03-17 23:17 - 00014059 _____ () C:\Users\rattlehead29\Desktop\FRST.txt
2014-03-17 10:41 - 2014-03-17 10:41 - 02157056 _____ (Farbar) C:\Users\rattlehead29\Desktop\FRST64.exe
2014-03-17 10:40 - 2014-03-17 23:17 - 00000000 ____D () C:\FRST
2014-03-17 10:29 - 2014-03-17 22:59 - 00061650 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 01:47 - 2014-03-17 01:47 - 00002786 _____ () C:\WINDOWS\PFRO.log
2014-03-17 01:21 - 2014-03-17 01:21 - 00000000 ____D () C:\SUPERDelete
2014-03-16 23:20 - 2014-03-16 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 23:19 - 2014-03-16 23:52 - 00000000 ____D () C:\Users\rattlehead29\Desktop\mbar
2014-03-16 23:19 - 2014-03-16 23:38 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-16 23:17 - 2014-03-16 23:18 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rattlehead29\Downloads\mbar-1.07.0.1009.exe
2014-03-14 00:57 - 2014-03-17 22:50 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\BitTorrent
2014-03-14 00:56 - 2014-03-14 00:56 - 01615448 _____ (BitTorrent Inc.) C:\Users\rattlehead29\Downloads\BitTorrent.exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00002786 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-13 15:39 - 2014-03-13 15:39 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-13 15:39 - 2014-03-13 15:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-13 15:38 - 2014-03-13 15:39 - 04765152 _____ (Piriform Ltd) C:\Users\rattlehead29\Downloads\ccsetup411.exe
2014-03-13 14:01 - 2014-03-17 23:05 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4721CBF-98C7-4313-9FB8-E52455E9061A}
2014-03-12 23:49 - 2014-03-12 23:49 - 00000000 ____D () C:\Users\rattlehead29\Documents\Poop Balls
2014-03-12 22:51 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 22:51 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 22:51 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 22:51 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 22:51 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 22:51 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 22:51 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 22:51 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 22:51 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 22:51 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 22:51 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 22:51 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 22:51 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 22:51 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 22:51 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 22:51 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 22:51 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 22:51 - 2014-02-10 22:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 22:51 - 2014-02-10 21:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 22:51 - 2014-02-10 21:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 22:51 - 2014-01-31 11:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 22:51 - 2014-01-31 11:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 22:51 - 2014-01-31 11:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 22:51 - 2014-01-31 08:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 22:51 - 2014-01-31 04:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 22:51 - 2014-01-29 04:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 22:51 - 2014-01-29 03:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 22:51 - 2014-01-29 03:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 22:51 - 2014-01-29 03:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 22:51 - 2014-01-29 03:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 22:51 - 2014-01-29 02:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 22:51 - 2014-01-29 02:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 22:51 - 2014-01-29 02:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 22:51 - 2014-01-29 01:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 22:51 - 2014-01-28 19:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 22:51 - 2014-01-27 14:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 22:51 - 2014-01-27 14:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 22:51 - 2014-01-27 14:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 22:51 - 2014-01-27 13:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 22:51 - 2014-01-27 13:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 22:51 - 2014-01-27 13:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 22:51 - 2014-01-27 13:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 22:51 - 2014-01-27 13:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 22:51 - 2014-01-27 12:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 22:51 - 2014-01-27 12:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 22:51 - 2014-01-27 12:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 22:51 - 2014-01-27 10:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 22:51 - 2014-01-27 10:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 22:51 - 2014-01-27 06:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 22:51 - 2014-01-17 18:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 22:51 - 2014-01-17 16:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 22:51 - 2013-12-21 09:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 22:51 - 2013-12-21 03:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 22:51 - 2013-12-20 05:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 22:51 - 2013-12-20 05:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 22:51 - 2013-10-30 19:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 22:51 - 2013-10-30 19:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 22:51 - 2013-10-30 19:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-03 14:14 - 2014-03-03 14:14 - 00000220 _____ () C:\Users\rattlehead29\Desktop\Garry's Mod.url
2014-03-03 13:27 - 2014-03-03 13:27 - 00000219 _____ () C:\Users\rattlehead29\Desktop\Counter-Strike Source.url
2014-02-23 09:41 - 2014-02-23 09:41 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\3909
2014-02-23 09:14 - 2014-02-23 09:14 - 00000222 _____ () C:\Users\rattlehead29\Desktop\Papers, Please.url
2014-02-22 21:35 - 2014-02-22 21:35 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-02-22 21:35 - 2014-02-22 21:35 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-17 23:43 - 2014-02-17 23:43 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\steamvr
2014-02-15 10:43 - 2013-11-27 10:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-15 10:43 - 2013-11-27 10:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-15 10:43 - 2013-11-27 09:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-15 10:43 - 2013-11-27 08:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-15 10:43 - 2013-11-27 05:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-15 10:43 - 2013-11-27 04:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-15 10:43 - 2013-11-27 04:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-15 10:43 - 2013-11-27 03:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-15 10:43 - 2013-11-26 08:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-15 10:43 - 2013-11-26 08:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-15 10:43 - 2013-11-26 06:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-15 10:43 - 2013-11-26 04:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-15 10:43 - 2013-11-26 03:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-15 10:43 - 2013-11-24 20:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-15 10:43 - 2013-11-23 07:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-15 10:43 - 2013-11-23 06:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-15 10:43 - 2013-11-23 03:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-15 10:43 - 2013-11-23 02:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-15 10:43 - 2013-11-22 23:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-15 10:43 - 2013-11-22 22:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-15 10:43 - 2013-11-22 22:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-15 10:43 - 2013-11-22 22:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-15 10:43 - 2013-11-22 22:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-15 10:43 - 2013-11-22 22:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-15 10:43 - 2013-11-22 22:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-15 10:43 - 2013-11-21 01:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-15 10:43 - 2013-11-15 09:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-15 10:43 - 2013-11-15 09:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-15 10:43 - 2013-11-15 08:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-15 10:43 - 2013-10-30 19:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-15 10:42 - 2013-12-08 19:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-15 10:42 - 2013-12-08 19:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-15 10:42 - 2013-11-27 07:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-15 10:42 - 2013-11-27 05:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-15 10:42 - 2013-11-27 05:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-15 10:42 - 2013-11-27 04:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-15 10:42 - 2013-11-27 04:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-15 10:42 - 2013-11-27 03:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-15 10:42 - 2013-11-24 20:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-15 10:42 - 2013-11-24 18:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-15 10:42 - 2013-11-24 18:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-15 10:42 - 2013-11-23 02:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-15 10:42 - 2013-11-23 02:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-15 10:42 - 2013-11-21 01:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-15 10:42 - 2013-11-15 09:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-15 10:42 - 2013-10-30 18:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-15 10:40 - 2014-02-15 10:40 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-15 00:34 - 2014-02-15 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 23:18 - 2014-03-17 10:44 - 00014059 _____ () C:\Users\rattlehead29\Desktop\FRST.txt
2014-03-17 23:17 - 2014-03-17 10:40 - 00000000 ____D () C:\FRST
2014-03-17 23:13 - 2013-10-24 08:49 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\Spotify
2014-03-17 23:06 - 2014-03-17 23:06 - 04110135 _____ () C:\Users\rattlehead29\Desktop\tdsskiller.zip
2014-03-17 23:05 - 2014-03-13 14:01 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4721CBF-98C7-4313-9FB8-E52455E9061A}
2014-03-17 23:04 - 2013-10-22 12:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2291321612-1494556600-2428750246-1002
2014-03-17 23:03 - 2013-10-23 03:47 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 23:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-17 23:01 - 2013-10-23 03:48 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 23:01 - 2013-10-23 03:47 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 23:00 - 2013-10-23 22:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-17 22:59 - 2014-03-17 10:29 - 00061650 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 22:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 22:59 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-17 22:55 - 2013-11-05 10:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 22:50 - 2014-03-14 00:57 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\BitTorrent
2014-03-17 11:08 - 2014-03-17 11:08 - 00002419 _____ () C:\Users\rattlehead29\Desktop\ark.txt
2014-03-17 10:53 - 2014-03-17 10:53 - 00380416 _____ () C:\Users\rattlehead29\Desktop\cos3ojjm.exe
2014-03-17 10:46 - 2014-03-17 10:46 - 00030089 _____ () C:\Users\rattlehead29\Desktop\Addition.txt
2014-03-17 10:41 - 2014-03-17 10:41 - 02157056 _____ (Farbar) C:\Users\rattlehead29\Desktop\FRST64.exe
2014-03-17 10:28 - 2013-10-24 08:50 - 00000000 ____D () C:\Users\rattlehead29\AppData\Local\Spotify
2014-03-17 01:47 - 2014-03-17 01:47 - 00002786 _____ () C:\WINDOWS\PFRO.log
2014-03-17 01:21 - 2014-03-17 01:21 - 00000000 ____D () C:\SUPERDelete
2014-03-16 23:52 - 2014-03-16 23:19 - 00000000 ____D () C:\Users\rattlehead29\Desktop\mbar
2014-03-16 23:39 - 2014-03-16 23:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 23:38 - 2014-03-16 23:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-16 23:18 - 2014-03-16 23:17 - 12589848 _____ (Malwarebytes Corp.) C:\Users\rattlehead29\Downloads\mbar-1.07.0.1009.exe
2014-03-16 22:17 - 2014-01-22 11:26 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-16 22:17 - 2013-12-06 16:27 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-16 18:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-14 00:56 - 2014-03-14 00:56 - 01615448 _____ (BitTorrent Inc.) C:\Users\rattlehead29\Downloads\BitTorrent.exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00002786 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-13 15:39 - 2014-03-13 15:39 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-13 15:39 - 2014-03-13 15:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-13 15:39 - 2014-03-13 15:38 - 04765152 _____ (Piriform Ltd) C:\Users\rattlehead29\Downloads\ccsetup411.exe
2014-03-13 12:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-13 11:00 - 2013-08-22 09:44 - 00335784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 10:59 - 2013-10-24 17:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 10:59 - 2013-10-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 01:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 23:49 - 2014-03-12 23:49 - 00000000 ____D () C:\Users\rattlehead29\Documents\Poop Balls
2014-03-12 01:23 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-11 12:55 - 2013-11-05 10:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-11 02:25 - 2013-11-18 10:37 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\Audacity
2014-03-08 20:27 - 2013-10-24 19:07 - 00001540 _____ () C:\WINDOWS\Sandboxie.ini
2014-03-06 12:57 - 2013-11-18 11:30 - 00000000 ____D () C:\Users\rattlehead29\AppData\Local\SoulseekQt
2014-03-06 03:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-04 17:53 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 17:53 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 14:14 - 2014-03-03 14:14 - 00000220 _____ () C:\Users\rattlehead29\Desktop\Garry's Mod.url
2014-03-03 13:27 - 2014-03-03 13:27 - 00000219 _____ () C:\Users\rattlehead29\Desktop\Counter-Strike Source.url
2014-03-01 01:05 - 2014-03-12 22:51 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-28 23:58 - 2014-03-12 22:51 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-28 23:30 - 2014-03-12 22:51 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-28 23:17 - 2014-03-12 22:51 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-28 22:54 - 2014-03-12 22:51 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-28 22:47 - 2014-03-12 22:51 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-28 22:42 - 2014-03-12 22:51 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-28 22:18 - 2014-03-12 22:51 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-28 22:14 - 2014-03-12 22:51 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-12 22:51 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-28 22:03 - 2014-03-12 22:51 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-28 21:57 - 2014-03-12 22:51 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-12 22:51 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-12 22:51 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-12 22:51 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-12 22:51 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-12 22:51 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 01:08 - 2013-10-24 16:04 - 00000000 ____D () C:\Users\rattlehead29\Documents\my games
2014-02-26 00:21 - 2013-11-12 23:05 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-02-23 09:41 - 2014-02-23 09:41 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\3909
2014-02-23 09:14 - 2014-02-23 09:14 - 00000222 _____ () C:\Users\rattlehead29\Desktop\Papers, Please.url
2014-02-23 09:06 - 2013-10-23 13:54 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-22 21:35 - 2014-02-22 21:35 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-02-22 21:35 - 2014-02-22 21:35 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-22 21:35 - 2013-10-23 03:47 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-22 21:35 - 2013-10-23 03:47 - 00207904 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-02-22 21:35 - 2013-10-23 03:47 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-17 23:43 - 2014-02-17 23:43 - 00000000 ____D () C:\Users\rattlehead29\AppData\Roaming\steamvr
2014-02-16 09:18 - 2013-10-24 14:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 09:17 - 2013-10-24 14:26 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-16 00:44 - 2013-10-22 12:01 - 00000000 ___RD () C:\Users\rattlehead29\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 00:44 - 2013-10-22 12:01 - 00000000 ___RD () C:\Users\rattlehead29\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-16 00:43 - 2013-11-05 09:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 13:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-15 13:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-15 13:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-15 10:40 - 2014-02-15 10:40 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-15 00:34 - 2014-02-15 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 22:51] - [2014-01-31 11:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-17 11:18

==================== End Of Log ============================

TDSSKiller.3.0.0.25_17.03.2014_23.12.54_log.txt

Link to post
Share on other sites

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
 
 
 
 
Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ieSearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =C:\WINDOWS\SysWOW64\SearchProtect
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

BitTorrent should've been removed, but it appears it was still in my Downloads folder.  Regardless, it should be removed, now.

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by rattlehead29 at 2014-03-18 09:17:59 Run:1
Running from C:\Users\rattlehead29\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

C:\WINDOWS\SysWOW64\SearchProtect
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
C:\Windows\SysWOW64\SearchProtect => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware Scan

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.05

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
rattlehead29 :: CODY [administrator]

3/18/2014 9:22:19 AM
mbam-log-2014-03-18 (09-22-19).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 432951
Time elapsed: 1 hour(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

It worked fine this time.  Thank you.  Here are the results:

 

C:\Users\rattlehead29\Downloads\ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\rattlehead29\Downloads\FreeAudioConverter.exe    Win32/OpenCandy potentially unsafe application
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

AdwCleaner

 

# AdwCleaner v3.022 - Report created 21/03/2014 at 12:14:25
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : rattlehead29 - CODY
# Running from : C:\Users\rattlehead29\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\rattlehead29\AppData\Roaming\Mozilla\Firefox\Profiles\w2w7cghk.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\rattlehead29\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1142 octets] - [21/03/2014 12:13:09]
AdwCleaner[s0].txt - [1071 octets] - [21/03/2014 12:14:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1131 octets] ##########

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by rattlehead29 on Fri 03/21/2014 at 12:24:31.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\rattlehead29\AppData\Roaming\mozilla\firefox\profiles\w2w7cghk.default\minidumps [40 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/21/2014 at 12:31:57.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

SecurityCheck

 

 Results of screen317's Security Check version 0.99.81  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 NVIDIA Corporation PhysX Common AvastSvc.exe -?-
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

Link to post
Share on other sites

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.