Jump to content

Computer running slow after quarantine and deletion of files


Recommended Posts

Hi, a couple of days ago I used Malwarebytes to check for any spyware etc.  Usually nothing ever pops up, but this time 4 files popped up that it recommended removing.  As soon as I removed them, I noticed my computer was really sluggish, especially when I use the internet.

 

Here are the files it deleted:

Files Detected: 4
C:\Users\Hal 9000\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Hal 9000\AppData\Local\Temp\sp-downloader.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Hal 9000\AppData\Local\Temp\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Hal 9000\Local Settings\Temporary Internet Files\Content.IE5\F64QGN76\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
 
Anyways, I ran dds and here are the two reports it made:
 
DDS:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Hal 9000 at 22:22:27 on 2014-03-18
Microsoft Windows 8 Pro  6.2.9200.0.1252.2.1033.18.8160.6567 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
TCP: NameServer = 207.164.234.193 207.164.234.129
TCP: Interfaces\{78B4D99D-1458-4AF6-8504-D17F703DCB93} : DHCPNameServer = 207.164.234.193 207.164.234.129
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-5-12 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-5-12 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-5-12 1034464]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-5-12 422216]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-5-12 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-31 50344]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-12 701512]
R3 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-31 79672]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-5-12 25928]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-13 01:22:13 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-03-13 01:22:12 -------- d-----w- C:\Users\Hal 9000\AppData\Local\SearchProtect
2014-02-24 04:31:11 -------- d-----w- C:\Users\Hal 9000\AppData\Roaming\LolClient
2014-02-24 02:30:50 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2014-02-24 02:30:50 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2014-02-24 02:30:50 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-02-24 02:30:50 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-02-24 02:30:50 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-02-24 02:30:47 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-02-24 02:30:46 -------- d-----w- C:\Riot Games
2014-02-24 02:30:04 -------- d-----w- C:\Program Files (x86)\Pando Networks
2014-02-24 02:29:25 -------- d-----w- C:\Users\Hal 9000\AppData\Roaming\Riot Games
2014-02-20 05:10:20 -------- d-----w- C:\Users\Hal 9000\AppData\Local\EdgeOfReality
.
==================== Find3M  ====================
.
2013-12-31 12:10:19 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-31 12:10:04 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-31 12:10:04 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-31 12:10:04 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-31 12:10:04 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
.
============= FINISH: 22:22:54.28 ===============
 
 
Attach:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 2013-02-21 4:31:07 AM
System Uptime: 2014-03-18 5:42:13 AM (17 hours ago)
.
Motherboard: AMD Corporation |  | 990FXA-UD3
Processor: AMD FX-8350 Eight-Core Processor            | CPU 1 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1580.09 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&2DDBB3B7&0&00A8
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&2DDBB3B7&0&00A8
Service: RTL8168
.
==== System Restore Points ===================
.
RP63: 2014-02-23 7:18:50 PM - Scheduled Checkpoint
RP64: 2014-03-03 8:04:45 PM - Scheduled Checkpoint
RP66: 2014-03-13 7:12:57 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Age of Conan: Unchained - US version
AirMech
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
avast! Free Antivirus
Awesomenauts
Borderlands 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes (New Steam Version)
Company of Heroes: Opposing Fronts
Counter-Strike: Source
CPUID HWMonitor 1.22
Dota 2
Endless Space
Galactic Civilizations II - Gold Edition
Google Chrome
Google Drive
Google Update Helper
Hawken
Kerbal Space Program
League of Legends
Loadout
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MSI Afterburner 2.3.1
Neverwinter
NVIDIA PhysX
OpenOffice.org 3.4.1
Path of Exile
PAYDAY 2 Beta
Speccy
StarCraft II
Stardock Central
Steam
Stronghold Crusader
TERA
VLC media player 2.1.2
War Thunder
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
2014-03-18 5:42:17 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
2014-03-18 5:41:50 AM, Error: Service Control Manager [7034]  - The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
2014-03-18 5:05:00 AM, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance.
.
==== End Of File ===========================
 
Anyways, thanks in advance for any help!

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your next reply...

 

Kevin

Link to post
Share on other sites

Hi, I did everything you said.  Here are the logs:

 

Malwarebytes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.18.04
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Hal 9000 :: HAL [administrator]
 
2014-03-19 11:24:29 AM
mbam-log-2014-03-19 (11-24-29).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216696
Time elapsed: 3 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Hal 9000 (administrator) on HAL on 19-03-2014 11:30:11
Running from C:\Users\Hal 9000\Desktop
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-31] (AVAST Software)
HKU\S-1-5-21-2797441504-2317480787-305361114-1001\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-2797441504-2317480787-305361114-1001\...\MountPoints2: E - "E:\AutoRun.exe" 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC171ED064911CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 207.164.234.193 207.164.234.129
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-22]
CHR Extension: (Google Drive) - C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-22]
CHR Extension: (YouTube) - C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-22]
CHR Extension: (Google Search) - C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-22]
CHR Extension: (Google Wallet) - C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-02]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-31] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-31] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-19 11:30 - 2014-03-19 11:30 - 00007347 _____ () C:\Users\Hal 9000\Desktop\FRST.txt
2014-03-19 11:30 - 2014-03-19 11:30 - 00000000 ____D () C:\FRST
2014-03-19 11:29 - 2014-03-19 11:29 - 02157056 _____ (Farbar) C:\Users\Hal 9000\Desktop\FRST64.exe
2014-03-18 22:22 - 2014-03-18 22:22 - 00007367 _____ () C:\Users\Hal 9000\Desktop\dds.txt
2014-03-18 22:22 - 2014-03-18 22:22 - 00003802 _____ () C:\Users\Hal 9000\Desktop\attach.txt
2014-03-18 22:20 - 2014-03-18 22:21 - 00688992 ____R (Swearware) C:\Users\Hal 9000\Desktop\dds.scr
2014-03-16 22:46 - 2014-03-16 22:46 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E14 HDTV x264-EXCELLENCE[ettv]
2014-03-16 22:45 - 2014-03-16 22:45 - 00044928 _____ () C:\Users\Hal 9000\Downloads\The_Walking_Dead_S04E14_HDTV_x264-EXCELLENCE[ettv].torrent
2014-03-16 01:55 - 2014-03-16 02:17 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E12 HDTV x264-EXCELLENCE[ettv]
2014-03-16 01:55 - 2014-03-16 01:56 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E13 HDTV x264-2HD[ettv]
2014-03-16 01:55 - 2014-03-16 01:55 - 00032032 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e13.hdtv.x264.2hd.ettv.torrent
2014-03-16 01:55 - 2014-03-16 01:55 - 00031705 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e12.hdtv.x264.excellence.ettv.torrent
2014-03-16 01:55 - 2014-03-16 01:55 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E11 HDTV x264-2HD[ettv]
2014-03-16 01:54 - 2014-03-16 02:36 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E10 HDTV x264-EXCELLENCE[ettv]
2014-03-16 01:54 - 2014-03-16 01:57 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E09 HDTV x264-2HD[ettv]
2014-03-16 01:54 - 2014-03-16 01:54 - 00050558 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e10.hdtv.x264.excellence.ettv.torrent
2014-03-16 01:54 - 2014-03-16 01:54 - 00038282 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e11.hdtv.x264.2hd.ettv.torrent
2014-03-16 01:54 - 2014-03-16 01:54 - 00034371 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e09.hdtv.x264.2hd.ettv.torrent
2014-03-15 19:45 - 2014-03-15 19:47 - 00000000 ____D () C:\Users\Hal 9000\Downloads\Suits S03E12 HDTV x264-EXCELLENCE[ettv]
2014-03-15 19:44 - 2014-03-15 19:49 - 00000000 ____D () C:\Users\Hal 9000\Downloads\Suits S03E11 HDTV x264-EXCELLENCE[ettv]
2014-03-15 19:44 - 2014-03-15 19:44 - 00022684 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]suits.s03e11.hdtv.x264.excellence.ettv.torrent
2014-03-15 19:44 - 2014-03-15 19:44 - 00022460 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]suits.s03e12.hdtv.x264.excellence.ettv.torrent
2014-03-12 21:22 - 2014-03-12 21:22 - 00000000 ____D () C:\Users\Hal 9000\AppData\Local\SearchProtect
2014-03-12 21:22 - 2014-03-12 21:22 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-12 21:22 - 2014-03-12 21:22 - 00000000 _____ () C:\END
2014-02-25 17:11 - 2014-02-25 17:12 - 00280832 _____ () C:\Windows\Minidump\022514-23868-01.dmp
2014-02-24 00:31 - 2014-02-24 00:31 - 00000000 ____D () C:\Users\Hal 9000\AppData\Roaming\LolClient
2014-02-23 22:30 - 2014-02-23 22:30 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-23 22:30 - 2014-02-23 22:30 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-02-23 22:30 - 2014-02-23 22:30 - 00000000 ____D () C:\Riot Games
2014-02-23 22:30 - 2014-02-23 22:30 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-23 22:30 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-02-23 22:30 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-02-23 22:30 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-23 22:30 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-23 22:30 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-23 22:29 - 2014-02-23 22:29 - 00000000 ____D () C:\Users\Hal 9000\AppData\Roaming\Riot Games
2014-02-23 22:28 - 2014-02-23 22:29 - 32229024 _____ (Riot Games) C:\Users\Hal 9000\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-02-20 01:10 - 2014-02-20 01:10 - 00000000 ____D () C:\Users\Hal 9000\AppData\Local\EdgeOfReality
 
==================== One Month Modified Files and Folders =======
 
2014-03-19 11:30 - 2014-03-19 11:30 - 00007347 _____ () C:\Users\Hal 9000\Desktop\FRST.txt
2014-03-19 11:30 - 2014-03-19 11:30 - 00000000 ____D () C:\FRST
2014-03-19 11:29 - 2014-03-19 11:29 - 02157056 _____ (Farbar) C:\Users\Hal 9000\Desktop\FRST64.exe
2014-03-19 11:23 - 2013-02-21 05:30 - 01388922 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 11:21 - 2013-02-22 18:08 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 11:21 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-19 03:53 - 2013-02-22 18:08 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 22:22 - 2014-03-18 22:22 - 00007367 _____ () C:\Users\Hal 9000\Desktop\dds.txt
2014-03-18 22:22 - 2014-03-18 22:22 - 00003802 _____ () C:\Users\Hal 9000\Desktop\attach.txt
2014-03-18 22:21 - 2014-03-18 22:20 - 00688992 ____R (Swearware) C:\Users\Hal 9000\Desktop\dds.scr
2014-03-18 22:19 - 2013-02-23 21:25 - 00000000 ____D () C:\Users\Hal 9000\AppData\Roaming\uTorrent
2014-03-18 22:18 - 2014-01-03 02:42 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-03-18 22:15 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-18 12:09 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-18 05:47 - 2012-07-26 03:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 05:42 - 2013-02-21 05:19 - 00117596 _____ () C:\Windows\PFRO.log
2014-03-18 05:42 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 05:19 - 2013-05-12 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-18 05:03 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-17 00:27 - 2013-02-22 20:01 - 00000000 ____D () C:\Users\Hal 9000\AppData\Roaming\vlc
2014-03-16 22:46 - 2014-03-16 22:46 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E14 HDTV x264-EXCELLENCE[ettv]
2014-03-16 22:45 - 2014-03-16 22:45 - 00044928 _____ () C:\Users\Hal 9000\Downloads\The_Walking_Dead_S04E14_HDTV_x264-EXCELLENCE[ettv].torrent
2014-03-16 02:36 - 2014-03-16 01:54 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E10 HDTV x264-EXCELLENCE[ettv]
2014-03-16 02:17 - 2014-03-16 01:55 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E12 HDTV x264-EXCELLENCE[ettv]
2014-03-16 01:57 - 2014-03-16 01:54 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E09 HDTV x264-2HD[ettv]
2014-03-16 01:56 - 2014-03-16 01:55 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E13 HDTV x264-2HD[ettv]
2014-03-16 01:55 - 2014-03-16 01:55 - 00032032 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e13.hdtv.x264.2hd.ettv.torrent
2014-03-16 01:55 - 2014-03-16 01:55 - 00031705 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e12.hdtv.x264.excellence.ettv.torrent
2014-03-16 01:55 - 2014-03-16 01:55 - 00000000 ____D () C:\Users\Hal 9000\Downloads\The Walking Dead S04E11 HDTV x264-2HD[ettv]
2014-03-16 01:54 - 2014-03-16 01:54 - 00050558 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e10.hdtv.x264.excellence.ettv.torrent
2014-03-16 01:54 - 2014-03-16 01:54 - 00038282 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e11.hdtv.x264.2hd.ettv.torrent
2014-03-16 01:54 - 2014-03-16 01:54 - 00034371 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]the.walking.dead.s04e09.hdtv.x264.2hd.ettv.torrent
2014-03-15 19:49 - 2014-03-15 19:44 - 00000000 ____D () C:\Users\Hal 9000\Downloads\Suits S03E11 HDTV x264-EXCELLENCE[ettv]
2014-03-15 19:47 - 2014-03-15 19:45 - 00000000 ____D () C:\Users\Hal 9000\Downloads\Suits S03E12 HDTV x264-EXCELLENCE[ettv]
2014-03-15 19:44 - 2014-03-15 19:44 - 00022684 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]suits.s03e11.hdtv.x264.excellence.ettv.torrent
2014-03-15 19:44 - 2014-03-15 19:44 - 00022460 _____ () C:\Users\Hal 9000\Downloads\[kickass.to]suits.s03e12.hdtv.x264.excellence.ettv.torrent
2014-03-13 19:15 - 2013-02-21 05:31 - 00000000 ____D () C:\Users\Hal 9000
2014-03-12 21:22 - 2014-03-12 21:22 - 00000000 ____D () C:\Users\Hal 9000\AppData\Local\SearchProtect
2014-03-12 21:22 - 2014-03-12 21:22 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-12 21:22 - 2014-03-12 21:22 - 00000000 _____ () C:\END
2014-03-12 20:39 - 2013-07-12 22:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-25 17:12 - 2014-02-25 17:11 - 00280832 _____ () C:\Windows\Minidump\022514-23868-01.dmp
2014-02-25 17:11 - 2013-03-24 10:03 - 468572157 _____ () C:\Windows\MEMORY.DMP
2014-02-25 17:11 - 2013-03-24 10:03 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 00:31 - 2014-02-24 00:31 - 00000000 ____D () C:\Users\Hal 9000\AppData\Roaming\LolClient
2014-02-23 22:30 - 2014-02-23 22:30 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-02-23 22:30 - 2014-02-23 22:30 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-02-23 22:30 - 2014-02-23 22:30 - 00000000 ____D () C:\Riot Games
2014-02-23 22:30 - 2014-02-23 22:30 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-23 22:29 - 2014-02-23 22:29 - 00000000 ____D () C:\Users\Hal 9000\AppData\Roaming\Riot Games
2014-02-23 22:29 - 2014-02-23 22:28 - 32229024 _____ (Riot Games) C:\Users\Hal 9000\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-02-20 01:10 - 2014-02-20 01:10 - 00000000 ____D () C:\Users\Hal 9000\AppData\Local\EdgeOfReality
 
Some content of TEMP:
====================
C:\Users\Hal 9000\AppData\Local\Temp\kgpushark.exe
C:\Users\Hal 9000\AppData\Local\Temp\nsaB538.tmp.exe
C:\Users\Hal 9000\AppData\Local\Temp\nsf9421.tmp.exe
C:\Users\Hal 9000\AppData\Local\Temp\nsm16BF.tmp.exe
C:\Users\Hal 9000\AppData\Local\Temp\safeguard.exe
C:\Users\Hal 9000\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Hal 9000\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Hal 9000\AppData\Local\Temp\vlc-2.1.2-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-08 18:13
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Hal 9000 at 2014-03-19 11:30:30
Running from C:\Users\Hal 9000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Age of Conan: Unchained - US version (HKLM-x32\...\Steam App 218170) (Version:  - Funcom)
AirMech (HKLM-x32\...\Steam App 206500) (Version:  - Carbon Games)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2011 - Avast Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
Galactic Civilizations II - Gold Edition (HKLM-x32\...\Galactic Civilizations II - Gold Edition) (Version:  - Stardock Entertainment, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hawken (HKCU\...\Hawken) (Version:  - Meteor Entertainment)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 Beta (HKLM-x32\...\Steam App 246210) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardock Central (HKLM-x32\...\Stardock Central) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version:  - )
TERA (HKCU\...\teraenmasse) (Version:  - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
24-02-2014 00:18:50 Scheduled Checkpoint
04-03-2014 01:04:45 Scheduled Checkpoint
13-03-2014 23:12:57 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3BFC1CA7-1536-41BA-95E9-FD50458EE30E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.)
Task: {5FBDEDA7-B573-4685-9B3B-DBC08B4ABFDB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-31] (AVAST Software)
Task: {8B6735AF-A2FC-438D-A2E9-448F7CEE6731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.)
Task: {9B69B216-9F06-431E-AC60-1CC0D62D8397} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-16 16:27 - 2012-11-16 16:27 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-11-16 16:27 - 2012-11-16 16:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-11-16 16:27 - 2012-11-16 16:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-11-16 16:12 - 2012-11-16 16:12 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-18 05:19 - 2014-03-18 03:19 - 02188800 _____ () C:\Program Files\AVAST Software\Avast\defs\14031800\algo.dll
2014-03-18 17:44 - 2014-03-18 16:10 - 02188800 _____ () C:\Program Files\AVAST Software\Avast\defs\14031802\algo.dll
2014-03-15 14:55 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 14:55 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 14:55 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2013-12-02 08:19 - 2013-12-02 08:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-15 14:55 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 14:55 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 14:55 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2014 11:21:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (03/19/2014 11:21:22 AM) (Source: ESENT) (User: )
Description: taskhostex (1652) An attempt to open the file "C:\Users\Hal 9000\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/19/2014 02:30:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (03/19/2014 02:30:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy was terminated because it took too long to suspend.
 
Error: (03/18/2014 08:06:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (03/18/2014 08:06:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy was terminated because it took too long to suspend.
 
Error: (03/18/2014 04:04:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (03/18/2014 04:04:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy was terminated because it took too long to suspend.
 
Error: (03/18/2014 01:02:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (03/18/2014 01:02:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Hal)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (03/19/2014 04:09:44 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5
 
Error: (03/18/2014 05:42:17 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (03/18/2014 05:41:50 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/18/2014 05:05:00 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5
 
Error: (03/18/2014 05:04:12 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (03/18/2014 05:03:44 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/17/2014 04:18:10 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5
 
Error: (03/17/2014 03:22:04 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5
 
Error: (03/16/2014 04:40:09 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5
 
Error: (03/15/2014 01:16:45 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2014 11:21:32 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
 
Error: (03/19/2014 11:21:22 AM) (Source: ESENT)(User: )
Description: taskhostex1652C:\Users\Hal 9000\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (03/19/2014 02:30:01 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
 
Error: (03/19/2014 02:30:00 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
 
Error: (03/18/2014 08:06:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
 
Error: (03/18/2014 08:06:22 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
 
Error: (03/18/2014 04:04:46 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
 
Error: (03/18/2014 04:04:46 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
 
Error: (03/18/2014 01:02:03 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
 
Error: (03/18/2014 01:02:03 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Hal)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 8159.73 MB
Available physical RAM: 6294.17 MB
Total Pagefile: 16351.73 MB
Available Pagefile: 14249.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.67 GB) (Free:1580.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C4ADA981)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Thanks for the help!
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

copy and paste the report in next reply

 

Kevin.....

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Hi, thanks again for the help.

 

I'm not sure how to proceed after this point where it says if your not sure post for review:

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingc...oad/adwcleaner/ and save to your Desktop.

 

 

  •  

     

  • Double click on AdwCleaner.exe to run the tool.

     

     

  • Vista/Windows 7/8 users right-click and select Run As Administrator

     

     

  • Click on the Scan button.

     

     

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

     

     

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

     

     

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

     

     

  • Look over the log especially under Files/Folders for any program you want to save.

     

     

  • If there's a program you want to save, just uncheck it from AdwCleaner.

     

     

  • If you're not sure, post the log for review.

 

 

Heres the text file AdwCleaner produced for the report:

 

# AdwCleaner v3.022 - Report created 19/03/2014 at 17:43:12
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Hal 9000 - HAL
# Running from : C:\Users\Hal 9000\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
Folder Found C:\Program Files (x86)\SearchProtect
Folder Found C:\Users\Hal 9000\AppData\Local\SearchProtect
Folder Found C:\Windows\SysWOW64\AI_RecycleBin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : HKLM\Software\PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [959 octets] - [19/03/2014 17:43:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1018 octets] ##########
 
Is there anything I should uncheck in your opinion?  I'm really not confident at this step!
Link to post
Share on other sites

Hi, I'm having trouble with the ESET scanner now.  When I go to the web page and attempt to run the online scan, a popup opens with the EULA.  I click the box to agree to the terms, but it won't let me click start.  Is there some options I have to fiddle with on my browser?  I'm pretty sure I turned off all the real time scanners from Avast.

 

I tried to run it in Internet Explorer, but I'm posting this using Chrome.

 

Is there another way of running the scan?

Link to post
Share on other sites

Ok, its finished scanning, although the first time I ran it my computer crashed about halfway through the scan so I had to restart it.

 

Here are all the reports:

 

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Hal 9000 at 2014-03-19 17:40:55 Run:1
Running from C:\Users\Hal 9000\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-2797441504-2317480787-305361114-1001\...\MountPoints2: E - "E:\AutoRun.exe" 
C:\Users\Hal 9000\AppData\Local\Temp\kgpushark.exe
C:\Users\Hal 9000\AppData\Local\Temp\nsaB538.tmp.exe
C:\Users\Hal 9000\AppData\Local\Temp\nsf9421.tmp.exe
C:\Users\Hal 9000\AppData\Local\Temp\nsm16BF.tmp.exe
C:\Users\Hal 9000\AppData\Local\Temp\safeguard.exe
C:\Users\Hal 9000\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Hal 9000\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Hal 9000\AppData\Local\Temp\vlc-2.1.2-win32.exe
End
*****************
 
HKU\S-1-5-21-2797441504-2317480787-305361114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2797441504-2317480787-305361114-1001 => Key not found.
C:\Users\Hal 9000\AppData\Local\Temp\kgpushark.exe => Moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\nsaB538.tmp.exe => Moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\nsf9421.tmp.exe => Moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\nsm16BF.tmp.exe => Moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\vlc-2.0.6-win32.exe => Moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.
 
==== End of Fixlog ====

 

 

 

AdwCleaner[sO]:

 

# AdwCleaner v3.022 - Report created 19/03/2014 at 18:11:08
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Hal 9000 - HAL
# Running from : C:\Users\Hal 9000\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Hal 9000\AppData\Local\SearchProtect
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1106 octets] - [19/03/2014 17:43:12]
AdwCleaner[s0].txt - [966 octets] - [19/03/2014 18:11:08]
 

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1025 octets] ##########
 
 
 
ESET SCAN:
 
C:\Users\Hal 9000\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll a variant of Win32/Bunndle potentially unsafe application
C:\Users\Hal 9000\Downloads\hwmonitor_1.22-setup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Hal 9000\Downloads\spsetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application
 

 

Link to post
Share on other sites

Thank you for those logs, run the following:

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\Users\Hal 9000\AppData\Local\Temp\Bunndle\BunndleOfferManager.dllC:\Users\Hal 9000\AppData\Local\Temp\BunndleC:\Users\Hal 9000\Downloads\hwmonitor_1.22-setup.exe aC:\Users\Hal 9000\Downloads\spsetup122.exeC:\Windows\Temp\avast_ash\uTorrent:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post that log, also let me know if there are any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites

Hi, here is the log:

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Hal 9000\Downloads\cmd.bat deleted successfully.
C:\Users\Hal 9000\Downloads\cmd.txt deleted successfully.
C:\Users\Hal 9000\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll moved successfully.
C:\Users\Hal 9000\AppData\Local\Temp\Bunndle folder moved successfully.
File/Folder C:\Users\Hal 9000\Downloads\hwmonitor_1.22-setup.exe a not found.
C:\Users\Hal 9000\Downloads\spsetup122.exe moved successfully.
C:\Windows\Temp\avast_ash\uTorrent folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hal 9000
->Temp folder emptied: 51288016 bytes
->Temporary Internet Files folder emptied: 263076311 bytes
->Google Chrome cache emptied: 6600381 bytes
->Flash cache emptied: 732 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23262603 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 328.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 03202014_170407
 
Files moved on Reboot...
File C:\Users\Hal 9000\AppData\Local\Temp\etilqs_ATJTO2VV7d1sYQP not found!
C:\Users\Hal 9000\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Hal 9000\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
 
 

 

 

Post that log, also let me know if there are any remaining issues or concerns

 

If that solved all the problems then I guess that is it.  Thank you for all the help, I really appreciate it.

 

Link to post
Share on other sites

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed.

 

Next,

 

Regarding the internet speed, do not see anything obvious in your logs that would have that effect.. Try this...

 

From the Desktop right click on the Takbar, select "TaskManager" from the tabs in TM select "Startup" scroll to and highlight "Steam" with that highlighted select "Disable" from bottom righthand corner....

 

Close TaskManager  and reboot your system, any improvement?

fixlist.txt

Link to post
Share on other sites

Hi,

 

I'm not sure if you wanted me to post the log from Delfix but here it is:

 

# DelFix v10.6 - Logfile created 21/03/2014 at 17:47:47
# Updated 11/11/2013 by Xplode
# Username : Hal 9000 - HAL
# Operating System : Windows 8 Pro  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTM
Deleted : C:\AdwCleaner
Deleted : C:\Users\Hal 9000\Downloads\esetsmartinstaller_enu (1).exe
Deleted : C:\Users\Hal 9000\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Hal 9000\Downloads\OTM.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #64 [scheduled Checkpoint | 03/04/2014 01:04:45]
Deleted : RP #66 [scheduled Checkpoint | 03/13/2014 23:12:57]
Deleted : RP #67 [avast! antivirus system restore point | 03/20/2014 22:03:04]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
Also, about the internet speed, I was googling around on my own and some other people had the same problem where their connection was slow on their pc but fast on their phones.  One of the suggestions was that it might have to do with the antivirus program somehow.  I updated my Avast and ever since then the internet has been fast.... I'm not sure what the problem was but that seemed to clear it up.
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.