Possibly Infected?

Zygapop · April 23, 2014

Not too recently i made a thread on here thinking i might be infected.
I followed all instructions the expert gave me and did everything i was instructed to do.
After i did my computer was running much faster but lately things have been really wierd.

My Windows clock constantly jumps back an hour behind and never works properly which makes me manually synchronize it And i've tried multiple things to fix it and nothing has worked. sometimes it'll be weeks behind if i don't maunally fix it every hour.
I had to go to the UAC and turn it all the way off because i was getting tons of "consent.exe" processes running in my task manager and it was locking my computer up where i couldn't do nothing.
Also, malwarebytes will not run at all. I've loaded up my computer in safe mode and it'll work there but not when ran normally. I feel something is messing with my computer but i don't know what. I play quite a few games and i stream daily and it's really bugging me.
And in general everything i do is being slow, and also when i shut down my computer it freezes on the shutdown screen. also, recently there was an update and i tried to shut it down and it stayed on that screen for 3 hours and i finally had to force shut it down.
I attached the files i was asked to present. I really hope someone here can help me fix this!
FRST.txt
Addition.txt

AdvancedSetup · April 28, 2014

Hello and :welcome:

Please read the following and post back the logs when ready.

General P2P/Piracy Warning:

If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
[*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
[*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

Thanks

Zygapop · April 28, 2014

Here are the logs

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16659
Isaiah's :: ISAIAHS-PC [administrator]

4/28/2014 12:19:24 PM
mbam-log-2014-04-28 (12-19-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322723
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

____________________________________

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Isaiah's [Admin rights]
Mode : Scan -- Date : 04/28/2014 12:26:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] SomotoUpdateCheckerAutoStart : C:\Users\Isaiah's\AppData\Local\FilesFrog Update Checker\update_checker.exe - /auto [x] -> FOUND

¤¤¤ Startup Entries : 1 ¤¤¤
[isaiah's][sUSP PATH] Curse.lnk : C:\Users\Isaiah's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk @C:\Users\Isaiah's\AppData\Roaming\CURSEC~1\Bin\Curse.exe /startup [-][7] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] b780f07d56d6a3d6d2f94291360338de
[bSP] 2c148ad260a29751a1f2341078257987 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM001-1CH164 ATA Device +++++
--- User ---
[MBR] 184cb3daa9b71c1b2406b5c05e8ef81e
[bSP] d0e12142fba7484c73a0b12978b5b30d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04282014_122614.txt >>

AdvancedSetup · April 28, 2014

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Zygapop · April 28, 2014

Mbar would not work. I did everything instructed and when i went to scan it would say initialize than done and nothing would happen no scanning nothing. I tried it twice.
Also, on the opening on the software it said something about a proccess i think that was "app.init" or something that would interfere with the installation. I hit no the first time and everything locked up for mbar and i had to restart my computer. the next time i hit yes and what i said in the beginning happened.

Besides that here are the logs for everything else:

# AdwCleaner v3.205 - Report created 28/04/2014 at 09:19:30
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Isaiah's - ISAIAHS-PC
# Running from : C:\Users\Isaiah's\Desktop\Stuffs\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\Isaiah's\AppData\Local\SearchProtect
File Deleted : C:\Program Files\Uninstall.exe
File Deleted : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Savings Bull
Key Deleted : [x64] HKLM\SOFTWARE\SavingsBull Filter
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Isaiah's\AppData\Roaming\Mozilla\Firefox\Profiles\ngv22fj8.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [10500 octets] - [25/02/2014 18:34:20]
AdwCleaner[R1].txt - [2185 octets] - [28/04/2014 09:18:17]
AdwCleaner[R2].txt - [2245 octets] - [28/04/2014 09:18:42]
AdwCleaner[s0].txt - [9980 octets] - [25/02/2014 18:36:04]
AdwCleaner[s1].txt - [2180 octets] - [28/04/2014 09:19:30]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2240 octets] ##########

-------------------------------------------------------

C:\AdwCleaner\Quarantine\C\Users\Isaiah's\AppData\Local\Conduit\APISupport\APISupport.dll.vir   a variant of Win32/Toolbar.Conduit.Z potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Isaiah's\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir   Win32/Toolbar.Conduit.Y potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Isaiah's\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir   Win32/Toolbar.Conduit.Y potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Isaiah's\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir   Win32/Toolbar.Conduit.Y potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Isaiah's\AppData\Local\Google\Chrome\User Data\Default\Extensions\haagkflomlmpdjaojgbeljnkkohbbegb\10.26.7.519_0\APISupport\APISupport.dll.vir   a variant of Win32/Toolbar.Conduit.Z potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Isaiah's\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.26.7.519_0\APISupport\APISupport.dll.vir   a variant of Win32/Toolbar.Conduit.Z potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Isaiah's\AppData\LocalLow\PrintPDF_Pro_1.1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir   a variant of Win32/PriceGong.A potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe   a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application   deleted - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat   a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application   deleted - quarantined
C:\Users\Isaiah's\Downloads\CheatEngine63.exe   Win32/OpenCandy potentially unsafe application   deleted - quarantined

-------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Isaiah's on Mon 04/28/2014 at 9:13:35.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6B66365E-FE0B-496B-8B94-0D76A4FAD24F}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Emptied folder: C:\Users\Isaiah's\AppData\Roaming\mozilla\firefox\profiles\ngv22fj8.default\minidumps [9 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/28/2014 at 9:16:41.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------------------------------

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16659
Isaiah's :: ISAIAHS-PC [administrator]

4/28/2014 9:07:57 AM
mbam-log-2014-04-28 (09-07-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322810
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------------------------------------
Here is FRST again though i included it in the beginning of this topic.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Isaiah's (administrator) on ISAIAHS-PC on 28-04-2014 09:36:58
Running from C:\Users\Isaiah's\Desktop\Stuffs
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Akamai Technologies, Inc.) C:\Users\Isaiah's\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\WhatPulse2\whatpulse.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Isaiah's\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Farbar) C:\Users\Isaiah's\Desktop\Stuffs\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-4072817583-1142088816-480465609-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-4072817583-1142088816-480465609-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [344552 2013-10-08] (CyberGhost S.R.L.)
HKU\S-1-5-21-4072817583-1142088816-480465609-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Isaiah's\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4072817583-1142088816-480465609-1000\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3126272 2013-12-11] ()
HKU\S-1-5-21-4072817583-1142088816-480465609-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37632 2014-01-30] (Overwolf LTD)
HKU\S-1-5-21-4072817583-1142088816-480465609-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4072817583-1142088816-480465609-1000\...\Run: [Google Update] => C:\Users\Isaiah's\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-25] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Isaiah's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Isaiah's\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64EC3D141FEDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - A36B785BEC0D4964AA20C14BE38A86F5 URL = http://search.conduit.com/Results.aspx?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN41914664451390844&UM=2&UP=SPB1775E70-EED9-4B2E-B852-75E35E48AAFD&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Isaiah's\AppData\Roaming\Mozilla\Firefox\Profiles\ngv22fj8.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Isaiah's\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - E:\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Isaiah's\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Isaiah's\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Isaiah's\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Isaiah's\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Isaiah's\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Isaiah's\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Adblock Plus - C:\Users\Isaiah's\AppData\Roaming\Mozilla\Firefox\Profiles\ngv22fj8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-09]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-12-27] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [26600 2013-10-08] (CyberGhost S.R.L)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-30] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-01-14] (AnchorFree Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-04-28] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-14] (Anchorfree Inc.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-28 14:58 - 2014-04-28 14:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-28 14:57 - 2014-04-28 09:36 - 00000000 ____D () C:\Users\Isaiah's\Desktop\Stuffs
2014-04-28 14:57 - 2014-04-28 09:06 - 00000000 ____D () C:\Users\Isaiah's\Desktop\mbar
2014-04-28 12:17 - 2014-04-28 12:17 - 00000924 _____ () C:\Users\fbwuser7108\Desktop\NTREGOPT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000924 _____ () C:\Users\fbwuser6A57\Desktop\NTREGOPT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000924 _____ () C:\Users\fbwuser0045\Desktop\NTREGOPT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000905 _____ () C:\Users\fbwuser7108\Desktop\ERUNT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000905 _____ () C:\Users\fbwuser6A57\Desktop\ERUNT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000905 _____ () C:\Users\fbwuser0045\Desktop\ERUNT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-28 12:15 - 2014-04-28 12:16 - 00002440 _____ () C:\Users\Isaiah's\Desktop\Rkill.txt
2014-04-28 09:13 - 2014-04-28 09:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-28 09:11 - 2014-04-28 09:11 - 02347384 _____ (ESET) C:\Users\Isaiah's\Downloads\esetsmartinstaller_enu.exe
2014-04-28 09:11 - 2014-04-28 09:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-28 09:07 - 2014-04-28 09:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 18:56 - 2014-04-25 18:56 - 00005931 _____ () C:\Users\Isaiah's\Downloads\LOL_OPGG_Observer_1358991227.bat
2014-04-23 23:19 - 2014-04-28 09:06 - 00000924 _____ () C:\Windows\PFRO.log
2014-04-23 18:47 - 2014-04-28 09:33 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-04-23 18:47 - 2014-04-23 18:47 - 00001085 _____ () C:\Users\Isaiah's\Desktop\Cheat Engine.lnk
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\Users\Isaiah's\Documents\My Cheat Tables
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
2014-04-23 16:03 - 2014-04-28 09:36 - 00000000 ____D () C:\FRST
2014-04-23 16:03 - 2014-04-23 16:07 - 00043647 _____ () C:\Users\Isaiah's\Downloads\FRST.txt
2014-04-23 16:03 - 2014-04-23 16:07 - 00029946 _____ () C:\Users\Isaiah's\Downloads\Addition.txt
2014-04-23 16:02 - 2014-04-23 16:02 - 02061312 _____ (Farbar) C:\Users\Isaiah's\Downloads\FRST64.exe
2014-04-23 15:51 - 2014-04-23 15:51 - 00013309 _____ () C:\Users\Isaiah's\Desktop\Recovery - Shortcut.lnk
2014-04-23 15:51 - 2014-04-23 15:51 - 00013125 _____ () C:\Users\Isaiah's\Desktop\Change User Account Control settings - Shortcut.lnk
2014-04-22 16:33 - 2014-04-23 15:54 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Curse Client
2014-04-22 16:33 - 2014-04-22 16:33 - 00001003 _____ () C:\Users\Isaiah's\Desktop\Curse.lnk
2014-04-22 16:33 - 2014-04-22 16:33 - 00000989 _____ () C:\Users\Isaiah's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-22 16:33 - 2014-04-22 16:33 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Curse Advertising
2014-04-22 16:32 - 2014-04-22 16:32 - 37437096 _____ (Curse) C:\Users\Isaiah's\Downloads\CurseClientSetup.exe
2014-04-22 16:32 - 2014-04-22 16:32 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Curse
2014-04-20 00:17 - 2014-04-20 00:17 - 00260698 _____ () C:\Users\Isaiah's\Documents\cc_20140420_001750.reg
2014-04-20 00:11 - 2014-04-28 09:06 - 00001593 _____ () C:\Windows\setupact.log
2014-04-20 00:11 - 2014-04-20 00:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 00:18 - 2014-04-19 00:20 - 00911720 _____ (Chaos Software Group, Inc.) C:\Users\Isaiah's\Downloads\atomic(1).exe
2014-04-19 00:18 - 2014-04-19 00:19 - 00911720 _____ (Chaos Software Group, Inc.) C:\Users\Isaiah's\Downloads\atomic.exe
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-16 09:41 - 2014-04-16 09:42 - 00000000 ____D () C:\Users\Isaiah's\RecklessPk
2014-04-14 05:58 - 2014-04-14 05:58 - 37400880 _____ (Curse) C:\Users\Isaiah's\Downloads\CurseClientSetup_Gn39.exe
2014-04-12 23:24 - 2014-04-12 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2014-04-12 23:10 - 2014-04-12 23:10 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Avnex
2014-04-12 23:09 - 2008-12-26 12:56 - 00021504 _____ (Avnex) C:\Windows\system32\Drivers\vcsvad.sys
2014-04-12 22:54 - 2014-04-12 23:00 - 00000024 _____ () C:\Users\Isaiah's\Desktop\Kelias number.txt
2014-04-12 18:36 - 2014-04-21 21:14 - 00000919 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.txt
2014-04-12 18:36 - 2014-04-21 21:14 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-04-12 18:36 - 2014-04-21 21:14 - 00000000 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-04-12 18:36 - 2014-04-12 23:42 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-04-12 18:36 - 2014-04-12 23:18 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.1.txt
2014-04-12 18:36 - 2014-04-12 18:46 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.4.txt
2014-04-12 18:36 - 2014-04-12 18:46 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.3.txt
2014-04-12 18:36 - 2014-04-12 18:45 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.5.txt
2014-04-12 18:36 - 2014-04-12 18:44 - 00000919 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.6.txt
2014-04-12 18:36 - 2014-04-12 18:40 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.2.txt
2014-04-12 18:36 - 2014-04-12 18:36 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.7.txt
2014-04-12 18:36 - 2014-04-12 18:36 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\NCH Software
2014-04-12 18:36 - 2014-04-12 18:36 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-12 18:31 - 2014-04-12 23:27 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Screaming Bee
2014-04-12 12:15 - 2014-04-16 21:37 - 00000000 ____D () C:\Users\Isaiah's\Desktop\Desktop Client
2014-04-12 12:15 - 2014-04-12 12:15 - 00000000 ____D () C:\Users\Isaiah's\.ss2
2014-04-10 20:18 - 2014-04-10 20:20 - 27997568 _____ (Wireshark development team) C:\Users\Isaiah's\Downloads\Wireshark-win64-1.10.6.exe
2014-04-09 10:02 - 2014-04-09 10:02 - 00000000 _____ () C:\Users\Isaiah's\Desktop\BATTLE SCARS LEGENDARY SONG.txt
2014-04-08 18:12 - 2014-03-30 20:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 18:12 - 2014-03-30 18:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 18:11 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 18:11 - 2014-03-30 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 18:11 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 18:11 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 18:11 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 18:11 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 18:11 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 18:11 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 18:11 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 18:11 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 18:11 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 18:11 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 18:11 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 18:11 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 18:11 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 18:11 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 18:11 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 18:11 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 18:11 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 02:00 - 2000-06-23 14:06 - 00192000 _____ (Ligos Corporation) C:\Windows\SysWOW64\iac2d20d.rra
2014-04-05 02:00 - 2000-06-23 14:05 - 00136704 _____ (Ligos Corporation) C:\Windows\SysWOW64\iacenc.dll
2014-04-05 02:00 - 2000-06-23 10:36 - 00745984 _____ (Ligos Corporation) C:\Windows\SysWOW64\ir50d21d.rra
2014-04-05 02:00 - 2000-06-22 18:11 - 00145408 _____ (Ligos Corporation) C:\Windows\SysWOW64\Ivfsd25b.rra
2014-04-05 02:00 - 2000-06-22 13:09 - 00056320 _____ () C:\Windows\SysWOW64\iyvu9_32.dll
2014-04-03 13:47 - 2014-04-03 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-04-03 13:33 - 2014-04-03 13:33 - 00715038 _____ () C:\Windows\unins000.exe
2014-04-03 13:33 - 2014-04-03 13:33 - 00001995 _____ () C:\Windows\unins000.dat
2014-04-03 13:33 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-04-03 13:33 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-04-03 13:30 - 2014-04-03 13:30 - 03874080 _____ (ExKode Co. Ltd. ) C:\Users\Isaiah's\Downloads\DxtorySetup2.0.126.exe
2014-04-03 13:30 - 2014-04-03 13:30 - 00000000 ____D () C:\Program Files (x86)\ExKode
2014-04-03 13:30 - 2014-04-03 13:20 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Dxtory Software
2014-04-03 13:20 - 2014-04-03 13:20 - 00001182 _____ () C:\Users\Isaiah's\Desktop\Dxtory.lnk
2014-04-03 13:20 - 2014-04-03 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2014-04-03 13:20 - 2014-04-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Dxtory Software
2014-04-03 13:20 - 2013-02-15 22:44 - 08300544 _____ (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2014-04-03 13:20 - 2013-02-15 22:44 - 08043008 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec.dll
2014-04-03 13:17 - 2014-04-03 13:17 - 04135551 _____ (Dxtory Software ) C:\Users\Isaiah's\Downloads\DxtorySetup2.0.122.exe
2014-04-03 13:14 - 2014-04-03 13:14 - 00000184 _____ () C:\Users\Isaiah's\Downloads\Dxtory.dxtorylic
2014-04-01 23:37 - 2014-04-01 23:37 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-04-01 23:37 - 2014-04-01 23:37 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-04-01 23:35 - 2014-04-01 23:35 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-01 23:35 - 2014-04-01 23:35 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-04-01 23:35 - 2014-04-01 23:35 - 00002491 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Apple Computer
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Apple Computer
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Apple
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\ProgramData\Apple
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-01 18:35 - 2014-04-24 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-29 01:10 - 2014-03-29 01:13 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\vlc
2014-03-29 01:09 - 2014-03-29 01:09 - 00000509 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-29 01:09 - 2014-03-29 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-03-29 00:47 - 2014-03-29 00:47 - 00310272 _____ (MGS) C:\Users\Isaiah's\Downloads\AbsoluteLoader.exe

==================== One Month Modified Files and Folders =======

2014-04-28 14:58 - 2014-04-28 14:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-28 14:42 - 2013-12-25 22:20 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4072817583-1142088816-480465609-1000UA.job
2014-04-28 14:36 - 2013-11-29 12:28 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\PMB Files
2014-04-28 13:31 - 2013-11-29 16:09 - 00000000 _____ () C:\Users\Isaiah's\songList.txt
2014-04-28 12:17 - 2014-04-28 12:17 - 00000924 _____ () C:\Users\fbwuser7108\Desktop\NTREGOPT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000924 _____ () C:\Users\fbwuser6A57\Desktop\NTREGOPT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000924 _____ () C:\Users\fbwuser0045\Desktop\NTREGOPT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000905 _____ () C:\Users\fbwuser7108\Desktop\ERUNT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000905 _____ () C:\Users\fbwuser6A57\Desktop\ERUNT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000905 _____ () C:\Users\fbwuser0045\Desktop\ERUNT.lnk
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-04-28 12:17 - 2014-04-28 12:17 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-28 12:17 - 2014-02-26 11:03 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 12:16 - 2014-04-28 12:15 - 00002440 _____ () C:\Users\Isaiah's\Desktop\Rkill.txt
2014-04-28 09:36 - 2014-04-28 14:57 - 00000000 ____D () C:\Users\Isaiah's\Desktop\Stuffs
2014-04-28 09:36 - 2014-04-23 16:03 - 00000000 ____D () C:\FRST
2014-04-28 09:36 - 2014-02-04 13:48 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\WhatPulse
2014-04-28 09:34 - 2013-11-29 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 09:34 - 2013-11-29 12:32 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Skype
2014-04-28 09:33 - 2014-04-23 18:47 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-04-28 09:21 - 2014-03-01 12:48 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\CrashDumps
2014-04-28 09:19 - 2014-02-25 18:33 - 00000000 ____D () C:\AdwCleaner
2014-04-28 09:13 - 2014-04-28 09:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-28 09:13 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 09:13 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 09:12 - 2009-07-14 00:13 - 00006182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 09:11 - 2014-04-28 09:11 - 02347384 _____ (ESET) C:\Users\Isaiah's\Downloads\esetsmartinstaller_enu.exe
2014-04-28 09:11 - 2014-04-28 09:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-28 09:09 - 2013-11-28 23:30 - 01155766 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 09:07 - 2014-04-28 09:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-28 09:06 - 2014-04-28 14:57 - 00000000 ____D () C:\Users\Isaiah's\Desktop\mbar
2014-04-28 09:06 - 2014-04-23 23:19 - 00000924 _____ () C:\Windows\PFRO.log
2014-04-28 09:06 - 2014-04-20 00:11 - 00001593 _____ () C:\Windows\setupact.log
2014-04-28 09:06 - 2014-02-04 22:22 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Overwolf
2014-04-28 09:06 - 2009-07-14 00:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 09:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 07:23 - 2013-11-29 12:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-28 05:52 - 2013-12-27 23:08 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{344D4A9F-070C-4BD2-BA29-2C31D7D58449}
2014-04-27 23:52 - 2013-11-29 16:09 - 00000013 _____ () C:\Users\Isaiah's\rlvote.txt
2014-04-27 23:42 - 2013-12-25 22:20 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4072817583-1142088816-480465609-1000Core.job
2014-04-27 15:22 - 2013-11-30 10:09 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\.minecraft
2014-04-26 20:10 - 2014-02-04 22:22 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\TS3Client
2014-04-26 12:24 - 2013-11-29 12:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-25 18:56 - 2014-04-25 18:56 - 00005931 _____ () C:\Users\Isaiah's\Downloads\LOL_OPGG_Observer_1358991227.bat
2014-04-24 09:30 - 2014-04-01 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-24 09:30 - 2013-11-29 12:17 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-24 07:15 - 2014-01-17 18:13 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Akamai
2014-04-23 18:47 - 2014-04-23 18:47 - 00001085 _____ () C:\Users\Isaiah's\Desktop\Cheat Engine.lnk
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\Users\Isaiah's\Documents\My Cheat Tables
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
2014-04-23 16:07 - 2014-04-23 16:03 - 00043647 _____ () C:\Users\Isaiah's\Downloads\FRST.txt
2014-04-23 16:07 - 2014-04-23 16:03 - 00029946 _____ () C:\Users\Isaiah's\Downloads\Addition.txt
2014-04-23 16:02 - 2014-04-23 16:02 - 02061312 _____ (Farbar) C:\Users\Isaiah's\Downloads\FRST64.exe
2014-04-23 15:54 - 2014-04-22 16:33 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Curse Client
2014-04-23 15:51 - 2014-04-23 15:51 - 00013309 _____ () C:\Users\Isaiah's\Desktop\Recovery - Shortcut.lnk
2014-04-23 15:51 - 2014-04-23 15:51 - 00013125 _____ () C:\Users\Isaiah's\Desktop\Change User Account Control settings - Shortcut.lnk
2014-04-23 15:51 - 2013-11-28 23:30 - 00000000 ____D () C:\Recovery
2014-04-22 16:33 - 2014-04-22 16:33 - 00001003 _____ () C:\Users\Isaiah's\Desktop\Curse.lnk
2014-04-22 16:33 - 2014-04-22 16:33 - 00000989 _____ () C:\Users\Isaiah's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-22 16:33 - 2014-04-22 16:33 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Curse Advertising
2014-04-22 16:33 - 2013-11-28 23:30 - 00000000 ___RD () C:\Users\Isaiah's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-22 16:32 - 2014-04-22 16:32 - 37437096 _____ (Curse) C:\Users\Isaiah's\Downloads\CurseClientSetup.exe
2014-04-22 16:32 - 2014-04-22 16:32 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Curse
2014-04-21 21:14 - 2014-04-12 18:36 - 00000919 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.txt
2014-04-21 21:14 - 2014-04-12 18:36 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-04-21 21:14 - 2014-04-12 18:36 - 00000000 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-04-21 19:44 - 2014-03-19 08:37 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Mozilla
2014-04-20 00:18 - 2013-11-29 12:20 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Google
2014-04-20 00:18 - 2013-11-29 12:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-20 00:17 - 2014-04-20 00:17 - 00260698 _____ () C:\Users\Isaiah's\Documents\cc_20140420_001750.reg
2014-04-20 00:13 - 2013-12-03 16:15 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\CRE
2014-04-20 00:11 - 2014-04-20 00:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 00:07 - 2014-02-09 00:31 - 00000000 ____D () C:\Users\Isaiah's\Desktop\New folder
2014-04-19 00:20 - 2014-04-19 00:18 - 00911720 _____ (Chaos Software Group, Inc.) C:\Users\Isaiah's\Downloads\atomic(1).exe
2014-04-19 00:19 - 2014-04-19 00:18 - 00911720 _____ (Chaos Software Group, Inc.) C:\Users\Isaiah's\Downloads\atomic.exe
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 21:05 - 2013-11-29 12:42 - 00000982 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-04-17 21:05 - 2013-11-29 12:42 - 00000982 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-04-17 21:05 - 2013-11-29 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-04-17 21:05 - 2013-11-29 12:42 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-04-17 21:04 - 2013-11-29 12:42 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Gyazo
2014-04-16 21:37 - 2014-04-12 12:15 - 00000000 ____D () C:\Users\Isaiah's\Desktop\Desktop Client
2014-04-16 09:42 - 2014-04-16 09:41 - 00000000 ____D () C:\Users\Isaiah's\RecklessPk
2014-04-16 09:41 - 2013-11-28 23:30 - 00000000 ____D () C:\Users\Isaiah's
2014-04-14 13:24 - 2013-11-29 22:54 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-04-14 05:58 - 2014-04-14 05:58 - 37400880 _____ (Curse) C:\Users\Isaiah's\Downloads\CurseClientSetup_Gn39.exe
2014-04-12 23:42 - 2014-04-12 18:36 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-04-12 23:28 - 2014-04-12 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2014-04-12 23:27 - 2014-04-12 18:31 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Screaming Bee
2014-04-12 23:18 - 2014-04-12 18:36 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.1.txt
2014-04-12 23:10 - 2014-04-12 23:10 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Avnex
2014-04-12 23:00 - 2014-04-12 22:54 - 00000024 _____ () C:\Users\Isaiah's\Desktop\Kelias number.txt
2014-04-12 22:53 - 2013-12-27 21:44 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\ArmA 2 OA
2014-04-12 18:46 - 2014-04-12 18:36 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.4.txt
2014-04-12 18:46 - 2014-04-12 18:36 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.3.txt
2014-04-12 18:45 - 2014-04-12 18:36 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.5.txt
2014-04-12 18:44 - 2014-04-12 18:36 - 00000919 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.6.txt
2014-04-12 18:40 - 2014-04-12 18:36 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.2.txt
2014-04-12 18:36 - 2014-04-12 18:36 - 00001181 _____ () C:\Users\Isaiah's\AppData\Roaming\trace_FilterInstaller.7.txt
2014-04-12 18:36 - 2014-04-12 18:36 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\NCH Software
2014-04-12 18:36 - 2014-04-12 18:36 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-12 18:34 - 2013-12-25 22:03 - 00001901 _____ () C:\Users\Isaiah's\Desktop\Clownfish.lnk
2014-04-12 14:07 - 2014-01-19 01:10 - 00000000 ____D () C:\Users\Isaiah's\Documents\BIS Core Engine
2014-04-12 12:15 - 2014-04-12 12:15 - 00000000 ____D () C:\Users\Isaiah's\.ss2
2014-04-12 10:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 20:20 - 2014-04-10 20:18 - 27997568 _____ (Wireshark development team) C:\Users\Isaiah's\Downloads\Wireshark-win64-1.10.6.exe
2014-04-09 10:02 - 2014-04-09 10:02 - 00000000 _____ () C:\Users\Isaiah's\Desktop\BATTLE SCARS LEGENDARY SONG.txt
2014-04-08 23:35 - 2013-11-29 11:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 23:35 - 2013-11-29 11:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-05 02:02 - 2013-12-08 23:22 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-05 01:57 - 2013-11-29 11:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-03 13:47 - 2014-04-03 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-04-03 13:33 - 2014-04-03 13:33 - 00715038 _____ () C:\Windows\unins000.exe
2014-04-03 13:33 - 2014-04-03 13:33 - 00001995 _____ () C:\Windows\unins000.dat
2014-04-03 13:30 - 2014-04-03 13:30 - 03874080 _____ (ExKode Co. Ltd. ) C:\Users\Isaiah's\Downloads\DxtorySetup2.0.126.exe
2014-04-03 13:30 - 2014-04-03 13:30 - 00000000 ____D () C:\Program Files (x86)\ExKode
2014-04-03 13:20 - 2014-04-03 13:30 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Dxtory Software
2014-04-03 13:20 - 2014-04-03 13:20 - 00001182 _____ () C:\Users\Isaiah's\Desktop\Dxtory.lnk
2014-04-03 13:20 - 2014-04-03 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2014-04-03 13:20 - 2014-04-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Dxtory Software
2014-04-03 13:17 - 2014-04-03 13:17 - 04135551 _____ (Dxtory Software ) C:\Users\Isaiah's\Downloads\DxtorySetup2.0.122.exe
2014-04-03 13:14 - 2014-04-03 13:14 - 00000184 _____ () C:\Users\Isaiah's\Downloads\Dxtory.dxtorylic
2014-04-03 13:04 - 2014-03-27 00:27 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-04-03 13:01 - 2013-12-04 22:08 - 00001623 _____ () C:\Users\Public\Desktop\Combat Arms.lnk
2014-04-02 23:37 - 2013-12-25 22:20 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4072817583-1142088816-480465609-1000UA
2014-04-02 23:37 - 2013-12-25 22:20 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4072817583-1142088816-480465609-1000Core
2014-04-01 23:38 - 2014-03-12 14:43 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Adobe
2014-04-01 23:37 - 2014-04-01 23:37 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-04-01 23:37 - 2014-04-01 23:37 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-04-01 23:37 - 2013-11-29 18:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-01 23:37 - 2013-11-29 18:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-01 23:37 - 2013-11-29 18:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-01 23:35 - 2014-04-01 23:35 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-01 23:35 - 2014-04-01 23:35 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-04-01 23:35 - 2014-04-01 23:35 - 00002491 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\Apple Computer
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Apple Computer
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Users\Isaiah's\AppData\Local\Apple
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\ProgramData\Apple
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-04-01 23:35 - 2014-04-01 23:35 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-01 23:03 - 2014-01-24 16:35 - 00001608 _____ () C:\Users\Isaiah's\Desktop\Slender - The Eight Pages.lnk
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-30 20:16 - 2014-04-08 18:12 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 20:13 - 2014-04-08 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 19:13 - 2014-04-08 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 18:57 - 2014-04-08 18:12 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 01:13 - 2014-03-29 01:10 - 00000000 ____D () C:\Users\Isaiah's\AppData\Roaming\vlc
2014-03-29 01:09 - 2014-03-29 01:09 - 00000509 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-29 01:09 - 2014-03-29 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-03-29 00:53 - 2014-02-25 17:52 - 00000000 ____D () C:\Users\Isaiah's\Desktop\Malware Removal
2014-03-29 00:47 - 2014-03-29 00:47 - 00310272 _____ (MGS) C:\Users\Isaiah's\Downloads\AbsoluteLoader.exe

Some content of TEMP:
====================
C:\Users\Isaiah's\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Isaiah's\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-22 14:55

==================== End Of Log ============================

AdvancedSetup · April 29, 2014

Please go into Control Panel, Add/Remvove and uninstall the following software that is not needed.
Pando Networks\Media Booster
McAfee Security Scan

There is nothing wrong with this software however it should not be installed or running from any temporary file location.
I would recommend that you uninstall it and if you want to continue to use it please install it into a normal valid folder of it's own.
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Zygapop · April 29, 2014

Hello ron,
As per your request i did uninstall PMB but i was unable to locate McAfee security scan anywhere on my programs list.

Here are the logs for what you requested me to do:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by Isaiah's at 2014-04-28 20:08:08 Run:1
Running from C:\Users\Isaiah's\Desktop\Stuffs\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - A36B785BEC0D4964AA20C14BE38A86F5 URL = http://search.condui...75E35E48AAFD&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
C:\Users\Isaiah's\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Isaiah's\AppData\Local\Temp\Quarantine.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\A36B785BEC0D4964AA20C14BE38A86F5 => Key deleted successfully.
HKCR\CLSID\A36B785BEC0D4964AA20C14BE38A86F5 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2 => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin => Key not found.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Isaiah's\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Isaiah's\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

AdvancedSetup · April 29, 2014

I've updated the fixlist file. Please download the new one and run it and post back the new log.

Restart your computer after running it.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Zygapop · April 29, 2014

Had something come up that caused a late reply. I apologize.

Anyway, a problem arose. I did as instructed and everything went smoothly than it went to restart and it hung on the shut down screen for like 30 minutes before i shut it down by the power button.
I than reloaded it and it stuck on the welcome screen way longer than usually and a white screen appeared and nothing else on my desktop than FRST ran again and gave me the log.
I don't know if i should worry but i thought i'd provide you with this info.

Here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by Isaiah's at 2014-04-28 20:42:47 Run:2
Running from C:\Users\Isaiah's\Desktop\Stuffs\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\McAfee Security Scan

*****************

"C:\Program Files (x86)\McAfee Security Scan" directory move:

C:\Program Files (x86)\McAfee Security Scan\uninstall.exe => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\AVScanner.ini => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\ftconfig.ini => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\McAfee.ico => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\mcbrwsr2.dll => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\MCCompHostConfig.ini => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\mcuicnt.exe => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\McUpdater.dll => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SecurityScanner.dll => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SecurityScanner_LD.dll => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSCustom_LD.dll => Moved successfully.
Could not move "C:\Program Files (x86)\McAfee Security Scan" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-28 20:46:03)<=

C:\Program Files (x86)\McAfee Security Scan => Moved successfully.

==== End of Fixlog ====

AdvancedSetup · April 29, 2014

It may have been the forced removal of McAfee.

Please try to shutdown the computer and leave it off for a couple of minutes. Then turn it back on and let me know if there is still an issue or not.

Zygapop · April 29, 2014

The problem seems to be fixed. No white screen at all.

AdvancedSetup · April 29, 2014

So how is the computer running now?

Are there still any signs of an infection?

Please download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

Zygapop · April 29, 2014

it's running better overall. clock is still all messed up. I fear it might have to do with something internal though to be completely honest.
I haven't tried to shut down and install updates yet. should i do that? it usually would lock up and i'd have to shut it off by the power button. And when i manually tried to install them it'd just freeze and do nothing.

Here is the SecurityCheck.

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

AdvancedSetup · April 30, 2014

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java. Then run the following.

Please download JavaRa-1.16 and save it to your computer.

Double click to open the zip file and then select all and choose Copy.
Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
Quit all browsers and other running applications.
Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Then shut down and try to do the updates.

Zygapop · May 1, 2014

So the updates on shutdown dissappeared so i ran JavaRa and tried to do them manually VIA Windows Update. They got to 95% and didn't move from there. It just froze so i canceled updates after an hour of waiting. than they dissappeared.
I than tried searching for updates and that froze so i shutdown my computer and then THAT froze. i waited like 30 minutes for it to shut down than just shut it down by the button.

I have no idea what's going on.

This is what it still shows like always. after i started my computer up again.

I attached the log cause it was kinda long.

AdvancedSetup · May 1, 2014

Please visit the following Microsoft site and run their automated repair tool.

Fix the problem with Microsoft Windows Update that is not working

Zygapop · May 1, 2014

Oops, i forgot to attach the log. Here it is. Also i ran twice cause the first time i forgot to close mozilla. I Hope that didn't make a difference or mess anything up.
JavaRa.log

Zygapop · May 1, 2014

I've been running the diagonostic tool for the past 30 minutes now and it's found nothing and just been stuck on the detecting problems screen. Should i continue to let it run?

AdvancedSetup · May 1, 2014

No that tool normally runs pretty quick. Yet again something odd here.

Please try running the following tool and see if it can help resolve this issue.

Windows Repair (All In One)

Direct download link for installer

Zygapop · May 1, 2014

I ran the windows repair on default settings and did all it asked me to do than ran the repair. Windows shut down alot more quicker than what it was, and i think it fixed a few things.
I tried updating again but sadly to no avail. it got stuck on the creating restore point and didn't move from there. after 30 mins of waiting i tried to stop the installation but it wouldn't work.

This is what it was stuck on though you probably already know.

AdvancedSetup · May 1, 2014

Let me have you temporarily uninstall your AVG antivirus but first download Microsoft Security Essentials to use in its place temporarily.

http://windows.microsoft.com/en-us/windows/security-essentials-download

Then go into your Control Panel, Add/Remove and uninstall AVG antivirus.
Then download and run this tool to remove left over elements of AVG

http://download.avg.com/filedir/util/support/avg_remover_stf_x64_2014_4116.exe

Then reboot the computer and install the Microsoft Security Essentials antivirus you downloaded previously. Let it check for updates and then run a Quick Scan with it.

Then Please run a Full Disk Check on your system drive. If needed here are some links on how to run a Disk Check.

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of Wininit

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

When done then copy the entry from the Event Logs for the disk check and post back the results here.

Zygapop · May 1, 2014

AVG just refuses to uninstall. I've tried it about 5 times. the first time it froze the next two times it gave me this error.

Than the fourth time it actually went about 1/3rd of the way before giving me another error which i forgot to take a picture of. Where should i go from here? should i still do the disk check and install MSE?

AdvancedSetup · May 2, 2014

Yes, do the Disk Check. No do not install MSE until AVG is removed that could potentially cause other issues.

If after the disk check you're still unable to remove AVG we'll use Combofix or FRST to help us manually remove it.

Zygapop · May 2, 2014

Sorry for the late reply. Had quite a few things to do. Also i attempted uninstalling avg and it wouldn't let me again.

Here's the ChkDsk log:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
Cleaning up instance tags for file 0x14bd4.
176384 file records processed.                                          File verification completed.
635 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              106 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 3)...
234978 index entries processed.                                         Index verification completed.
0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 3)...
176384 file SDs/SIDs processed.                                         Cleaning up 9592 unused index entries from index $SII of file 0x9.
Cleaning up 9592 unused index entries from index $SDH of file 0x9.
Cleaning up 9592 unused security descriptors.
CHKDSK is compacting the security descriptor stream
29298 data files processed.                                            CHKDSK is verifying Usn Journal...
34178048 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

117115903 KB total disk space.
106861564 KB in 112326 files.
     78504 KB in 29301 indexes.
         0 KB in bad sectors.
    280475 KB in use by the system.
     65536 KB occupied by the log file.
   9895360 KB available on disk.

      4096 bytes in each allocation unit.
29278975 total allocation units on disk.
   2473840 allocation units available on disk.

Internal Info:
00 b1 02 00 45 29 02 00 4d ef 03 00 00 00 00 00 ....E)..M.......
92 58 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 .X..j...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

AdvancedSetup · May 2, 2014

Okay, getting late here and I need to get on the road for home but go ahead and run me some new FRST scans logs and I'll take a look and we'll manually rip out AVG - looks like that might be part of the issue going on for you.

Possibly Infected?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information