Jump to content

Trovi Malware -- not sure if gone


Recommended Posts

Hello,

I want to make sure my computer does not have Trovi malware. I believe I have it removed mostly, but whenver I log into chrome on my google account it seems to come back. Whenever I log into account and run adwcleaner, it shows a startup url for Trovi under chrome. Just want to make sure its removed completely. Help is appreciated.

 

Thank you

Link to post
Share on other sites

Hello deeron and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/29/2014

Scan Time: 7:09:49 AM

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.05.29.06

Rootkit Database: v2014.05.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7

CPU: x64

File System: NTFS

User: Darin

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 252579

Time Elapsed: 2 min, 54 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Trovi.A, C:\Users\Darin\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M5B71D6E4-6BF5-44E9-B12B-EE40C3F6A7E3&SearchSource=55&CUI=&UM=5&UP=SP45512210-F53E-4A61-9603-C08488473D5C&SSPV=" ],), ,[e04a70e7accfc86e11befa8e857f2ed2]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014

Ran by darin (administrator) on Darin on 30-05-2014 20:23:55

Running from C:\Users\darin\Downloads

Platform: Windows 8.1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(Advanced Micro Devices, Inc.) C:\AMD\Support\14-4-win7-win8-win8.1-64-dd-ccc-whql\Bin64\InstallManagerApp.exe

(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4656\Battle.net.exe

(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

() C:\AMD\amdacpusrsvc.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe

(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Ubisoft) C:\Users\darin\Downloads\UplayInstaller.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2021656133-3299879618-2018933939-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-05-14] (Raptr, Inc)

HKU\S-1-5-21-2021656133-3299879618-2018933939-1001\...\Run: [GoogleChromeAutoLaunch_535CDA410F187A7676A2AA6860FD3BB7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8135A6597A7CCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-30]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-30]

 

Chrome: 

=======

CHR HomePage: hxxp://google.com/

CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M5B71D6E4-6BF5-44E9-B12B-EE40C3F6A7E3&SearchSource=55&CUI=&UM=5&UP=SP45512210-F53E-4A61-9603-C08488473D5C&SSPV="

CHR Extension: (Google Docs) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-30]

CHR Extension: (Google Drive) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]

CHR Extension: (YouTube) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-30]

CHR Extension: (Google Search) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-30]

CHR Extension: (SiteAdvisor) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-05-30]

CHR Extension: (Google Wallet) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-30]

CHR Extension: (Gmail) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-30]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-30]

 

==================== Services (Whitelisted) =================

 

S2 0207601401505512mcinstcleanup; C:\Users\darin\AppData\Local\Temp\020760~1.EXE [836168 2014-03-13] (McAfee, Inc.)

R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] ()

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-17] (Advanced Micro Devices)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-18] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-30] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)

U3 mfeapfk01; No ImagePath

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)

U3 mfehidk01; No ImagePath

R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-03-18] (Microsoft Corporation)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157528 2014-03-18] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-05-30 20:34 - 2014-05-30 19:42 - 00000000 ____D () C:\Windows\Panther

2014-05-30 20:23 - 2014-05-30 20:23 - 02066944 _____ (Farbar) C:\Users\darin\Downloads\FRST64.exe

2014-05-30 20:23 - 2014-05-30 20:23 - 00000000 ____D () C:\FRST

2014-05-30 20:22 - 2014-05-30 20:24 - 00013419 _____ () C:\Users\darin\Downloads\FRST.txt

2014-05-30 20:15 - 2014-05-30 20:15 - 00001221 _____ () C:\Users\darin\Desktop\Uplay.lnk

2014-05-30 20:15 - 2014-05-30 20:15 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

2014-05-30 20:15 - 2014-05-30 20:15 - 00000000 ____D () C:\Users\darin\AppData\Local\Ubisoft Game Launcher

2014-05-30 20:15 - 2014-05-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Ubisoft

2014-05-30 20:14 - 2014-05-30 20:14 - 63548256 _____ (Ubisoft) C:\Users\darin\Downloads\UplayInstaller.exe

2014-05-30 20:11 - 2014-05-30 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-05-30 20:08 - 2014-05-30 20:13 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-30 20:08 - 2014-05-30 20:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-30 20:08 - 2014-05-30 20:13 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-30 20:08 - 2014-05-30 20:08 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-30 20:08 - 2014-05-30 20:08 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-30 20:08 - 2014-05-30 20:08 - 00000000 ____D () C:\Users\darin\AppData\Local\Google

2014-05-30 20:08 - 2014-05-30 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-30 20:08 - 2014-05-30 20:08 - 00000000 ____D () C:\Program Files (x86)\Google

2014-05-30 20:05 - 2014-05-30 20:11 - 00001860 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2014-05-30 20:05 - 2014-05-30 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com

2014-05-30 20:05 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

2014-05-30 20:04 - 2014-05-30 20:05 - 00000000 ____D () C:\Program Files\McAfee

2014-05-30 20:04 - 2014-05-30 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-05-30 20:04 - 2014-05-30 20:04 - 00000000 ____D () C:\Program Files\McAfee.com

2014-05-30 19:59 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe

2014-05-30 19:58 - 2014-05-30 20:08 - 00000000 ____D () C:\ProgramData\McAfee

2014-05-30 19:58 - 2014-05-30 20:05 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-05-30 19:55 - 2014-05-30 19:56 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Raptr

2014-05-30 19:55 - 2014-05-30 19:55 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201405301955069110.log

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Users\darin\AppData\Roaming\library_dir

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\ProgramData\AMD

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2014-05-30 19:54 - 2014-05-30 20:03 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-05-30 19:54 - 2014-05-30 19:54 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-05-30 19:54 - 2014-05-30 19:54 - 00000000 ____D () C:\Windows\LastGood

2014-05-30 19:54 - 2014-05-30 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-05-30 19:54 - 2014-05-30 19:54 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2014-05-30 19:53 - 2014-05-30 19:54 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-05-30 19:53 - 2014-05-30 19:53 - 00054424 _____ () C:\Windows\SysWOW64\CCCInstall_201405301953598112.log

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Users\darin\AppData\Roaming\ATI

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Users\darin\AppData\Local\ATI

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Program Files\ATI

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-05-30 19:52 - 2014-05-30 20:22 - 00000000 ____D () C:\Users\darin\AppData\Local\Battle.net

2014-05-30 19:52 - 2014-05-30 19:54 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Battle.net

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\Users\darin\AppData\Local\Blizzard Entertainment

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-05-30 19:51 - 2014-05-30 19:53 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Origin

2014-05-30 19:51 - 2014-05-30 19:53 - 00000000 ____D () C:\Users\darin\AppData\Local\Origin

2014-05-30 19:51 - 2014-05-30 19:51 - 00000000 ____D () C:\ProgramData\Battle.net

2014-05-30 19:50 - 2014-05-30 19:53 - 00000000 ____D () C:\ProgramData\Origin

2014-05-30 19:50 - 2014-05-30 19:51 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-05-30 19:48 - 2014-05-30 19:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-30 19:47 - 2014-05-30 20:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2021656133-3299879618-2018933939-1001

2014-05-30 19:47 - 2014-05-30 19:47 - 00055269 _____ () C:\Windows\SysWOW64\CCCInstall_201405301947549975.log

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Intel

2014-05-30 19:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-30 19:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-30 19:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-30 19:46 - 2014-05-30 19:55 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies

2014-05-30 19:46 - 2014-05-30 19:55 - 00000000 ____D () C:\AMD

2014-05-30 19:46 - 2014-05-30 19:47 - 00000000 ____D () C:\ProgramData\Package Cache

2014-05-30 19:46 - 2014-05-30 19:46 - 00000000 ____D () C:\Program Files\AMD

2014-05-30 19:46 - 2014-05-30 19:46 - 00000000 _____ () C:\Windows\system32\spu_storage.bin

2014-05-30 19:46 - 2014-05-30 19:46 - 00000000 _____ () C:\Windows\ativpsrm.bin

2014-05-30 19:45 - 2014-05-30 19:45 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0E9EDB4-36A7-4BAA-B80F-8FBFABA64EC1}

2014-05-30 19:45 - 2014-05-30 19:45 - 00000000 __SHD () C:\Users\darin\AppData\Local\EmieUserList

2014-05-30 19:45 - 2014-05-30 19:45 - 00000000 __SHD () C:\Users\darin\AppData\Local\EmieSiteList

2014-05-30 19:45 - 2014-05-30 19:45 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Macromedia

2014-05-30 19:43 - 2014-05-30 19:43 - 00000000 __RDO () C:\Users\darin\OneDrive

2014-05-30 19:42 - 2014-05-30 19:47 - 00000000 ____D () C:\Users\darin\AppData\Local\Packages

2014-05-30 19:42 - 2014-05-30 19:42 - 00001446 _____ () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Adobe

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ____D () C:\Users\darin\AppData\Local\VirtualStore

2014-05-30 19:41 - 2014-05-30 20:24 - 00000000 ____D () C:\Users\darin\AppData\Local\Temp

2014-05-30 19:41 - 2014-05-30 19:52 - 00000000 ____D () C:\Users\darin

2014-05-30 19:41 - 2014-05-30 19:41 - 00000020 ___SH () C:\Users\darin\ntuser.ini

2014-05-30 19:41 - 2014-03-18 03:33 - 00000000 ___RD () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-30 19:41 - 2014-03-18 03:33 - 00000000 ___RD () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-05-30 19:41 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2014-05-30 19:41 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2014-05-30 19:41 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-05-30 19:41 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-05-30 19:39 - 2014-05-30 20:04 - 00277422 _____ () C:\Windows\WindowsUpdate.log

2014-05-28 16:53 - 2014-05-28 16:53 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00157144 _____ () C:\Windows\system32\ativvsva.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET5EE3.tmp

2014-05-28 16:53 - 2014-05-28 16:53 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SET632F.tmp

2014-05-28 16:53 - 2014-05-28 16:53 - 00003917 _____ () C:\Windows\SysWOW64\atipblag.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00003917 _____ () C:\Windows\system32\atipblag.dat

2014-05-28 16:53 - 2014-04-17 19:43 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll

2014-05-28 16:53 - 2014-04-17 19:42 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2014-05-28 16:52 - 2014-05-28 16:52 - 09753752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET5703.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SET5B62.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 01318552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET5F45.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SET5F95.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00047887 _____ () C:\Windows\atiogl.xml

2014-05-28 16:52 - 2014-04-17 19:42 - 10335208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll

2014-05-28 16:52 - 2014-04-17 19:42 - 08866928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2014-05-28 16:52 - 2014-04-17 19:42 - 01343272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll

2014-05-28 16:52 - 2014-04-17 19:42 - 01117184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

 

==================== One Month Modified Files and Folders =======

 

2014-05-30 20:34 - 2013-08-22 08:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

2014-05-30 20:24 - 2014-05-30 20:22 - 00013419 _____ () C:\Users\darin\Downloads\FRST.txt

2014-05-30 20:24 - 2014-05-30 19:41 - 00000000 ____D () C:\Users\darin\AppData\Local\Temp

2014-05-30 20:23 - 2014-05-30 20:23 - 02066944 _____ (Farbar) C:\Users\darin\Downloads\FRST64.exe

2014-05-30 20:23 - 2014-05-30 20:23 - 00000000 ____D () C:\FRST

2014-05-30 20:22 - 2014-05-30 19:52 - 00000000 ____D () C:\Users\darin\AppData\Local\Battle.net

2014-05-30 20:15 - 2014-05-30 20:15 - 00001221 _____ () C:\Users\darin\Desktop\Uplay.lnk

2014-05-30 20:15 - 2014-05-30 20:15 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

2014-05-30 20:15 - 2014-05-30 20:15 - 00000000 ____D () C:\Users\darin\AppData\Local\Ubisoft Game Launcher

2014-05-30 20:15 - 2014-05-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Ubisoft

2014-05-30 20:14 - 2014-05-30 20:14 - 63548256 _____ (Ubisoft) C:\Users\darin\Downloads\UplayInstaller.exe

2014-05-30 20:13 - 2014-05-30 20:08 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-30 20:13 - 2014-05-30 20:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-30 20:13 - 2014-05-30 20:08 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-30 20:13 - 2014-05-30 19:47 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2021656133-3299879618-2018933939-1001

2014-05-30 20:11 - 2014-05-30 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-05-30 20:11 - 2014-05-30 20:05 - 00001860 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2014-05-30 20:08 - 2014-05-30 20:08 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-30 20:08 - 2014-05-30 20:08 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-30 20:08 - 2014-05-30 20:08 - 00000000 ____D () C:\Users\darin\AppData\Local\Google

2014-05-30 20:08 - 2014-05-30 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-30 20:08 - 2014-05-30 20:08 - 00000000 ____D () C:\Program Files (x86)\Google

2014-05-30 20:08 - 2014-05-30 19:58 - 00000000 ____D () C:\ProgramData\McAfee

2014-05-30 20:06 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-05-30 20:05 - 2014-05-30 20:05 - 00000000 ____D () C:\Program Files (x86)\McAfee.com

2014-05-30 20:05 - 2014-05-30 20:04 - 00000000 ____D () C:\Program Files\McAfee

2014-05-30 20:05 - 2014-05-30 20:04 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-05-30 20:05 - 2014-05-30 19:58 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-05-30 20:05 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-05-30 20:04 - 2014-05-30 20:04 - 00000000 ____D () C:\Program Files\McAfee.com

2014-05-30 20:04 - 2014-05-30 19:39 - 00277422 _____ () C:\Windows\WindowsUpdate.log

2014-05-30 20:03 - 2014-05-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-05-30 20:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru

2014-05-30 19:59 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-05-30 19:56 - 2014-05-30 19:55 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Raptr

2014-05-30 19:55 - 2014-05-30 19:55 - 00061828 _____ () C:\Windows\SysWOW64\CCCInstall_201405301955069110.log

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Users\darin\AppData\Roaming\library_dir

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\ProgramData\AMD

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-05-30 19:55 - 2014-05-30 19:55 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2014-05-30 19:55 - 2014-05-30 19:46 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies

2014-05-30 19:55 - 2014-05-30 19:46 - 00000000 ____D () C:\AMD

2014-05-30 19:54 - 2014-05-30 19:54 - 00000979 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-05-30 19:54 - 2014-05-30 19:54 - 00000000 ____D () C:\Windows\LastGood

2014-05-30 19:54 - 2014-05-30 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-05-30 19:54 - 2014-05-30 19:54 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2014-05-30 19:54 - 2014-05-30 19:53 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-05-30 19:54 - 2014-05-30 19:52 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Battle.net

2014-05-30 19:54 - 2013-08-22 07:46 - 00012235 _____ () C:\Windows\setupact.log

2014-05-30 19:53 - 2014-05-30 19:53 - 00054424 _____ () C:\Windows\SysWOW64\CCCInstall_201405301953598112.log

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Users\darin\AppData\Roaming\ATI

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Users\darin\AppData\Local\ATI

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Program Files\ATI

2014-05-30 19:53 - 2014-05-30 19:53 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-05-30 19:53 - 2014-05-30 19:51 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Origin

2014-05-30 19:53 - 2014-05-30 19:51 - 00000000 ____D () C:\Users\darin\AppData\Local\Origin

2014-05-30 19:53 - 2014-05-30 19:50 - 00000000 ____D () C:\ProgramData\Origin

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\Users\darin\AppData\Local\Blizzard Entertainment

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2014-05-30 19:52 - 2014-05-30 19:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-05-30 19:52 - 2014-05-30 19:41 - 00000000 ____D () C:\Users\darin

2014-05-30 19:51 - 2014-05-30 19:51 - 00000000 ____D () C:\ProgramData\Battle.net

2014-05-30 19:51 - 2014-05-30 19:50 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-05-30 19:50 - 2014-05-30 19:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-30 19:50 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-05-30 19:48 - 2014-03-18 03:03 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-30 19:47 - 2014-05-30 19:47 - 00055269 _____ () C:\Windows\SysWOW64\CCCInstall_201405301947549975.log

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Intel

2014-05-30 19:47 - 2014-05-30 19:46 - 00000000 ____D () C:\ProgramData\Package Cache

2014-05-30 19:47 - 2014-05-30 19:42 - 00000000 ____D () C:\Users\darin\AppData\Local\Packages

2014-05-30 19:46 - 2014-05-30 19:46 - 00000000 ____D () C:\Program Files\AMD

2014-05-30 19:46 - 2014-05-30 19:46 - 00000000 _____ () C:\Windows\system32\spu_storage.bin

2014-05-30 19:46 - 2014-05-30 19:46 - 00000000 _____ () C:\Windows\ativpsrm.bin

2014-05-30 19:46 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\restore

2014-05-30 19:45 - 2014-05-30 19:45 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0E9EDB4-36A7-4BAA-B80F-8FBFABA64EC1}

2014-05-30 19:45 - 2014-05-30 19:45 - 00000000 __SHD () C:\Users\darin\AppData\Local\EmieUserList

2014-05-30 19:45 - 2014-05-30 19:45 - 00000000 __SHD () C:\Users\darin\AppData\Local\EmieSiteList

2014-05-30 19:45 - 2014-05-30 19:45 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Macromedia

2014-05-30 19:43 - 2014-05-30 19:43 - 00000000 __RDO () C:\Users\darin\OneDrive

2014-05-30 19:42 - 2014-05-30 20:34 - 00000000 ____D () C:\Windows\Panther

2014-05-30 19:42 - 2014-05-30 19:42 - 00001446 _____ () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ___RD () C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ____D () C:\Users\darin\AppData\Roaming\Adobe

2014-05-30 19:42 - 2014-05-30 19:42 - 00000000 ____D () C:\Users\darin\AppData\Local\VirtualStore

2014-05-30 19:41 - 2014-05-30 19:41 - 00000020 ___SH () C:\Users\darin\ntuser.ini

2014-05-30 19:38 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache

2014-05-30 19:37 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-30 19:37 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-05-30 19:36 - 2013-08-22 08:37 - 00002664 _____ () C:\Windows\DtcInstall.log

2014-05-30 19:36 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Recovery

2014-05-30 19:35 - 2014-03-18 02:54 - 00000800 _____ () C:\Windows\PFRO.log

2014-05-28 16:53 - 2014-05-28 16:53 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00157144 _____ () C:\Windows\system32\ativvsva.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET5EE3.tmp

2014-05-28 16:53 - 2014-05-28 16:53 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SET632F.tmp

2014-05-28 16:53 - 2014-05-28 16:53 - 00003917 _____ () C:\Windows\SysWOW64\atipblag.dat

2014-05-28 16:53 - 2014-05-28 16:53 - 00003917 _____ () C:\Windows\system32\atipblag.dat

2014-05-28 16:52 - 2014-05-28 16:52 - 09753752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET5703.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SET5B62.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 01318552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET5F45.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\SET5F95.tmp

2014-05-28 16:52 - 2014-05-28 16:52 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe

2014-05-28 16:52 - 2014-05-28 16:52 - 00047887 _____ () C:\Windows\atiogl.xml

2014-05-12 07:26 - 2014-05-30 19:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-05-30 19:47 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-05-30 19:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

Some content of TEMP:

====================

C:\Users\darin\AppData\Local\Temp\0207601401505512mcinst.exe

C:\Users\darin\AppData\Local\Temp\raptrpatch.exe

C:\Users\darin\AppData\Local\Temp\raptr_stub.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe

[2014-03-18 03:13] - [2014-03-18 03:13] - 2373784 ____A (Microsoft Corporation) 4CE0C733CDCF1D2F78532BBD9CE3441D

 

C:\Windows\SysWOW64\explorer.exe

[2014-03-18 03:13] - [2014-03-18 03:13] - 2088160 ____A (Microsoft Corporation) E0C84A30581BC508E289E4371A723F58

 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-30 19:35

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014

Ran by darin at 2014-05-30 20:24:16

Running from C:\Users\darin\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

==================== Installed Programs ======================

 

ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)

 

==================== Restore Points  =========================

 

31-05-2014 02:46:35 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

31-05-2014 02:46:52 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

 

==================== Hosts content: ==========================

 

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {7A578362-3AB8-443F-A59F-A3FAA8E1881E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-30] (Google Inc.)

Task: {86BEADA9-D3AF-44A7-AE5E-480660BA4639} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-30] (Google Inc.)

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-17 18:14 - 2014-04-17 18:14 - 00116736 _____ () C:\AMD\Support\14-4-win7-win8-win8.1-64-dd-ccc-whql\Bin64\atiLog.dll

2014-04-17 21:55 - 2014-04-17 21:55 - 00082432 _____ () C:\AMD\amdacpusrsvc.exe

2014-05-30 19:51 - 2014-05-30 19:51 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll

2014-05-30 19:51 - 2014-05-30 19:51 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll

2014-05-30 19:51 - 2014-05-30 19:51 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll

2014-05-30 19:51 - 2014-05-30 19:51 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll

2014-05-30 19:51 - 2014-05-30 19:51 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll

2014-05-30 19:51 - 2014-05-30 19:51 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll

2014-05-30 19:51 - 2014-05-30 19:51 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll

2014-05-30 19:51 - 2014-05-30 19:51 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

2014-05-30 19:52 - 2014-05-30 19:52 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4656\libcef.dll

2014-05-30 19:52 - 2014-05-30 19:52 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4656\libglesv2.dll

2014-05-30 19:52 - 2014-05-30 19:52 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4656\libegl.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd

2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd

2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd

2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd

2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd

2012-02-06 13:28 - 2012-02-06 13:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd

2012-02-06 13:28 - 2012-02-06 13:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd

2012-02-06 13:28 - 2012-02-06 13:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd

2011-05-10 12:01 - 2011-05-10 12:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd

2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd

2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll

2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd

2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd

2012-10-27 00:53 - 2012-10-27 00:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd

2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll

2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll

2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll

2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll

2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll

2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll

2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll

2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll

2014-05-30 20:00 - 2014-04-29 17:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll

2014-05-30 20:00 - 2014-04-29 17:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll

2014-05-30 20:00 - 2014-04-29 17:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2014-05-30 20:00 - 2014-04-29 17:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll

2014-05-30 20:00 - 2014-05-16 18:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-30 20:00 - 2014-05-29 10:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll

2014-05-30 20:00 - 2014-04-28 17:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll

2014-05-30 20:00 - 2014-05-29 10:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-05-30 20:00 - 2014-05-01 16:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-05-30 20:00 - 2013-06-14 16:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2014-05-30 20:00 - 2013-06-14 16:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2014-05-30 20:00 - 2013-06-14 16:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2014-05-30 20:08 - 2014-05-13 16:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-30 20:08 - 2014-05-13 16:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-30 20:08 - 2014-05-13 16:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-30 20:08 - 2014-05-13 16:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-30 20:08 - 2014-05-13 16:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Users\darin\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

Error: (05/30/2014 08:06:14 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (05/30/2014 08:04:39 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The McAfee Proxy Service service depends on the following service: MfeFire. This service might not be installed.

 

Error: (05/30/2014 08:00:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (05/30/2014 08:00:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (05/30/2014 07:36:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Network List Service service terminated with the following error: 

%%21

 

Error: (05/30/2014 07:35:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The IP Helper service terminated with the following error: 

%%1058

 

Error: (05/30/2014 07:35:26 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 33%

Total physical RAM: 8109.12 MB

Available physical RAM: 5382.24 MB

Total Pagefile: 10029.12 MB

Available Pagefile: 6817.18 MB

Total Virtual: 131072 MB

Available Virtual: 131071.81 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.17 GB) (Free:910.13 GB) NTFS

Drive d: (IR3_CCSA_X64FRE_EN-US_DV9) (CDROM) (Total:3.83 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0183BF56)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.