Jump to content

Infected by Ad Virus

EdmondDantes
 Share

Recommended Posts

EdmondDantes

EdmondDantes

Posted
Posted

I've tried a number of fixes, I've ran a gauntlet of programs Super Anti Spyware, HitmanPRO, Malwarebytes, and others with no luck. What I believe I have is Ad based viruses from Conduit (and perhaps others) designed to create pop-ups so I buy a program to remove them.  I am near the point of just reformatting. Thanks for your help.

 

Here's my FRST log:

----

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014
Ran by Nick (administrator) on HOME on 12-08-2014 15:55:25
Running from C:\Users\Nick\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Nick\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1703746133-2958461327-1540499460-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC156DE7C25B5CF01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 97.64.168.12 97.64.183.165
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-10]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-10]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-10]
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-10] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-10] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 15:55 - 2014-08-12 15:55 - 00009369 _____ () C:\Users\Nick\Downloads\FRST.txt
2014-08-12 15:54 - 2014-08-12 15:55 - 00000000 ____D () C:\FRST
2014-08-12 15:53 - 2014-08-12 15:53 - 02099712 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2014-08-12 15:53 - 2014-08-12 15:53 - 02099712 _____ (Farbar) C:\Users\Nick\Downloads\FRST64 (1).exe
2014-08-12 15:25 - 2014-08-12 15:25 - 00003951 _____ () C:\Users\Nick\Desktop\SUPERAntiSpyware Scan Log - 08-12-2014 - 15-24-54.log
2014-08-12 14:56 - 2014-08-12 14:56 - 00003873 _____ () C:\Users\Nick\Desktop\SUPERAntiSpyware Scan Log - 08-12-2014 - 14-56-27.log
2014-08-11 22:05 - 2014-08-10 02:48 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-08-11 21:56 - 2014-08-11 14:34 - 00000000 ____D () C:\Windows.old
2014-08-11 18:46 - 2014-08-11 18:46 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\LolClient
2014-08-11 17:53 - 2014-08-11 17:53 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-11 17:24 - 2014-08-11 17:24 - 05378177 _____ () C:\Users\Nick\Downloads\p95v285.win64.zip
2014-08-11 17:12 - 2014-08-11 17:12 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files\MSBuild
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-08-11 17:05 - 2013-08-02 21:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-08-11 17:05 - 2013-08-02 21:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-08-11 17:05 - 2013-08-02 21:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-11 17:05 - 2013-08-02 21:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2014-08-11 17:05 - 2013-08-02 21:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-08-11 17:05 - 2013-08-02 21:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-11 17:04 - 2014-08-11 17:04 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-11 17:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-08-11 17:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-08-11 17:04 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-08-11 17:04 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-08-11 17:04 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-08-11 16:53 - 2014-08-12 15:23 - 00000000 ____D () C:\Users\Nick\AppData\Local\PMB Files
2014-08-11 16:53 - 2014-08-12 15:23 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-11 16:53 - 2014-08-11 16:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Riot Games
2014-08-11 16:53 - 2014-08-11 16:53 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-11 16:52 - 2014-08-11 16:53 - 32229024 _____ (Riot Games) C:\Users\Nick\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 ____D () C:\Users\Nick\AppData\Local\Blizzard
2014-08-11 16:40 - 2014-08-11 16:51 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-11 16:40 - 2014-08-11 16:40 - 00001197 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-11 16:40 - 2014-08-11 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-11 16:39 - 2014-08-11 18:47 - 00000000 ____D () C:\Users\Nick\AppData\Local\Battle.net
2014-08-11 16:39 - 2014-08-11 16:40 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Battle.net
2014-08-11 16:39 - 2014-08-11 16:39 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\NVIDIA
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\Users\Nick\AppData\Local\Blizzard Entertainment
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-11 16:38 - 2014-08-11 16:38 - 03099552 _____ (Blizzard Entertainment) C:\Users\Nick\Downloads\Hearthstone-Setup-enUS.exe
2014-08-11 16:38 - 2014-08-11 16:38 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-11 00:25 - 2014-08-11 00:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-11 00:15 - 2014-08-11 00:15 - 00080554 _____ () C:\Users\Nick\Desktop\HitmanPro_20140811_0015.log
2014-08-11 00:15 - 2014-08-11 00:15 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-10 23:44 - 2014-08-10 23:44 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 23:44 - 2014-08-10 23:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 23:38 - 2014-08-11 00:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-10 22:40 - 2014-08-10 22:56 - 00000625 _____ () C:\Users\Nick\Desktop\JRT.txt
2014-08-10 22:34 - 2014-08-10 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 22:31 - 2014-08-10 22:31 - 00000941 _____ () C:\Users\Nick\Desktop\AdwCleaner[s0].txt
2014-08-10 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-10 22:21 - 2014-08-10 22:28 - 00000000 ____D () C:\AdwCleaner
2014-08-10 21:46 - 2014-08-10 21:46 - 00000680 _____ () C:\Users\Nick\Desktop\SUPERAntiSpyware Scan Log - 08-10-2014 - 21-45-00.log
2014-08-10 04:56 - 2014-08-10 04:56 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-08-10 04:56 - 2014-08-10 04:56 - 00000000 ____D () C:\Users\Nick\AppData\Local\NVIDIA
2014-08-10 04:56 - 2014-08-10 04:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-10 04:46 - 2014-08-10 04:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-10 04:46 - 2014-08-10 04:46 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-10 04:45 - 2014-08-10 04:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-10 04:45 - 2014-08-10 04:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-10 02:48 - 2014-08-10 02:20 - 00000000 ____D () C:\Windows\Panther
2014-08-10 02:42 - 2014-08-11 14:37 - 00000000 ____D () C:\Windows.old.000
2014-08-10 02:41 - 2014-08-12 14:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-10 02:41 - 2014-08-10 02:41 - 00001820 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-10 02:39 - 2014-08-10 23:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 02:39 - 2014-08-10 02:39 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 02:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 02:39 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-10 02:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-10 02:37 - 2014-08-10 02:37 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-10 02:37 - 2014-08-10 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-10 02:37 - 2014-08-10 02:37 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-10 02:33 - 2014-08-12 15:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-10 02:33 - 2014-08-10 22:29 - 00000000 ____D () C:\Program Files\Google
2014-08-10 02:33 - 2014-08-10 02:33 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-10 02:33 - 2014-08-10 02:33 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\AVAST Software
2014-08-10 02:33 - 2014-08-10 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-10 02:32 - 2014-08-12 15:42 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-10 02:32 - 2014-08-12 14:52 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-10 02:32 - 2014-08-12 14:52 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 02:32 - 2014-08-11 16:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-10 02:32 - 2014-08-10 22:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-10 02:32 - 2014-08-10 21:58 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-08-10 02:32 - 2014-08-10 02:37 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-10 02:32 - 2014-08-10 02:37 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-10 02:32 - 2014-08-10 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-10 02:32 - 2014-03-04 06:06 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-08-10 02:32 - 2014-03-04 06:06 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-08-10 02:32 - 2014-03-04 06:05 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-08-10 02:32 - 2014-03-04 06:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-08-10 02:32 - 2014-03-04 06:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-08-10 02:32 - 2014-03-04 06:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-08-10 02:32 - 2014-03-04 06:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-08-10 02:32 - 2014-03-04 04:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-10 02:31 - 2014-08-10 02:33 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-10 02:31 - 2014-08-10 02:33 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-08-10 02:31 - 2014-08-10 02:31 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-10 02:31 - 2014-08-10 02:31 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-10 02:31 - 2014-08-10 02:31 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-10 02:31 - 2014-03-20 23:03 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-08-10 02:31 - 2014-03-20 23:03 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-08-10 02:30 - 2014-08-10 02:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-10 02:30 - 2014-08-10 02:33 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-10 02:30 - 2014-08-10 02:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-10 02:29 - 2014-08-10 02:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-10 02:28 - 2014-08-10 02:28 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-10 02:28 - 2014-08-10 02:28 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2014-08-10 02:28 - 2014-08-10 02:28 - 00000000 ____D () C:\Users\Nick\AppData\Local\Skype
2014-08-10 02:28 - 2014-08-10 02:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 02:27 - 2014-08-11 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-10 02:27 - 2014-08-10 02:28 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 02:25 - 2014-08-12 14:57 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1703746133-2958461327-1540499460-1001
2014-08-10 02:23 - 2014-08-10 02:23 - 05568206 _____ (Swearware) C:\Users\Nick\Downloads\ComboFix.exe
2014-08-10 02:22 - 2014-08-12 15:55 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E663AB7C-B734-4DC9-AB8C-A7FC5FFF435A}
2014-08-10 02:22 - 2014-08-10 02:22 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2014-08-10 02:20 - 2014-08-10 02:21 - 00000000 ____D () C:\Users\Nick\AppData\Local\Packages
2014-08-10 02:20 - 2014-08-10 02:20 - 00001446 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-10 02:20 - 2014-08-10 02:20 - 00000020 ___SH () C:\Users\Nick\ntuser.ini
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Users\Nick
2014-08-10 02:20 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-10 02:20 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-10 02:20 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 02:20 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-10 02:11 - 2014-08-10 02:11 - 00000000 ____D () C:\Windows\CSC
2014-08-10 02:10 - 2014-08-12 15:12 - 01101659 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 02:03 - 2014-08-10 02:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-10 01:14 - 2014-08-10 04:53 - 00000000 ____D () C:\Support
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 15:55 - 2014-08-12 15:55 - 00009369 _____ () C:\Users\Nick\Downloads\FRST.txt
2014-08-12 15:55 - 2014-08-12 15:54 - 00000000 ____D () C:\FRST
2014-08-12 15:55 - 2014-08-10 02:22 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E663AB7C-B734-4DC9-AB8C-A7FC5FFF435A}
2014-08-12 15:54 - 2014-08-10 02:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-12 15:53 - 2014-08-12 15:53 - 02099712 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2014-08-12 15:53 - 2014-08-12 15:53 - 02099712 _____ (Farbar) C:\Users\Nick\Downloads\FRST64 (1).exe
2014-08-12 15:42 - 2014-08-10 02:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 15:25 - 2014-08-12 15:25 - 00003951 _____ () C:\Users\Nick\Desktop\SUPERAntiSpyware Scan Log - 08-12-2014 - 15-24-54.log
2014-08-12 15:23 - 2014-08-11 16:53 - 00000000 ____D () C:\Users\Nick\AppData\Local\PMB Files
2014-08-12 15:23 - 2014-08-11 16:53 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-12 15:12 - 2014-08-10 02:10 - 01101659 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 15:08 - 2011-12-27 17:51 - 00000000 ____D () C:\Songs
2014-08-12 15:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-12 14:57 - 2014-08-10 02:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1703746133-2958461327-1540499460-1001
2014-08-12 14:56 - 2014-08-12 14:56 - 00003873 _____ () C:\Users\Nick\Desktop\SUPERAntiSpyware Scan Log - 08-12-2014 - 14-56-27.log
2014-08-12 14:53 - 2014-08-10 02:41 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-12 14:52 - 2014-08-10 02:32 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 14:52 - 2014-08-10 02:32 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 18:47 - 2014-08-11 16:39 - 00000000 ____D () C:\Users\Nick\AppData\Local\Battle.net
2014-08-11 18:46 - 2014-08-11 18:46 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\LolClient
2014-08-11 17:53 - 2014-08-11 17:53 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-11 17:53 - 2014-08-10 02:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-11 17:24 - 2014-08-11 17:24 - 05378177 _____ () C:\Users\Nick\Downloads\p95v285.win64.zip
2014-08-11 17:12 - 2014-08-11 17:12 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-11 17:08 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files\MSBuild
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-08-11 17:07 - 2014-08-11 17:07 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-08-11 17:04 - 2014-08-11 17:04 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-11 16:53 - 2014-08-11 16:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Riot Games
2014-08-11 16:53 - 2014-08-11 16:53 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-11 16:53 - 2014-08-11 16:52 - 32229024 _____ (Riot Games) C:\Users\Nick\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 ____D () C:\Users\Nick\AppData\Local\Blizzard
2014-08-11 16:51 - 2014-08-11 16:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-11 16:40 - 2014-08-11 16:40 - 00001197 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-11 16:40 - 2014-08-11 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-11 16:40 - 2014-08-11 16:39 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Battle.net
2014-08-11 16:39 - 2014-08-11 16:39 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\NVIDIA
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\Users\Nick\AppData\Local\Blizzard Entertainment
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-11 16:39 - 2014-08-11 16:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-11 16:38 - 2014-08-11 16:38 - 03099552 _____ (Blizzard Entertainment) C:\Users\Nick\Downloads\Hearthstone-Setup-enUS.exe
2014-08-11 16:38 - 2014-08-11 16:38 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-11 16:24 - 2014-08-10 02:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-11 16:24 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 16:24 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-11 14:37 - 2014-08-10 02:42 - 00000000 ____D () C:\Windows.old.000
2014-08-11 14:34 - 2014-08-11 21:56 - 00000000 ____D () C:\Windows.old
2014-08-11 13:11 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-11 00:25 - 2014-08-11 00:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-11 00:15 - 2014-08-11 00:15 - 00080554 _____ () C:\Users\Nick\Desktop\HitmanPro_20140811_0015.log
2014-08-11 00:15 - 2014-08-11 00:15 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-11 00:15 - 2014-08-10 23:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-10 23:44 - 2014-08-10 23:44 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 23:44 - 2014-08-10 23:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 23:17 - 2014-08-10 02:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 22:56 - 2014-08-10 22:40 - 00000625 _____ () C:\Users\Nick\Desktop\JRT.txt
2014-08-10 22:34 - 2014-08-10 22:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 22:31 - 2014-08-10 22:31 - 00000941 _____ () C:\Users\Nick\Desktop\AdwCleaner[s0].txt
2014-08-10 22:29 - 2014-08-10 02:33 - 00000000 ____D () C:\Program Files\Google
2014-08-10 22:29 - 2014-08-10 02:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-10 22:29 - 2013-09-29 21:02 - 00003202 _____ () C:\Windows\PFRO.log
2014-08-10 22:28 - 2014-08-10 22:21 - 00000000 ____D () C:\AdwCleaner
2014-08-10 21:58 - 2014-08-10 02:32 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-08-10 21:46 - 2014-08-10 21:46 - 00000680 _____ () C:\Users\Nick\Desktop\SUPERAntiSpyware Scan Log - 08-10-2014 - 21-45-00.log
2014-08-10 04:59 - 2013-09-29 21:14 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-10 04:56 - 2014-08-10 04:56 - 00002077 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-08-10 04:56 - 2014-08-10 04:56 - 00000000 ____D () C:\Users\Nick\AppData\Local\NVIDIA
2014-08-10 04:56 - 2014-08-10 04:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-10 04:55 - 2013-08-22 07:46 - 00013312 _____ () C:\Windows\setupact.log
2014-08-10 04:53 - 2014-08-10 01:14 - 00000000 ____D () C:\Support
2014-08-10 04:46 - 2014-08-10 04:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-10 04:46 - 2014-08-10 04:46 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-10 04:45 - 2014-08-10 04:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-10 04:45 - 2014-08-10 04:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-10 02:48 - 2014-08-11 22:05 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-08-10 02:48 - 2013-08-22 08:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-08-10 02:41 - 2014-08-10 02:41 - 00001820 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-10 02:41 - 2014-08-10 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-10 02:39 - 2014-08-10 02:39 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 02:37 - 2014-08-10 02:37 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-10 02:37 - 2014-08-10 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-10 02:37 - 2014-08-10 02:37 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-10 02:37 - 2014-08-10 02:32 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-10 02:37 - 2014-08-10 02:32 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-10 02:33 - 2014-08-10 02:33 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-10 02:33 - 2014-08-10 02:33 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\AVAST Software
2014-08-10 02:33 - 2014-08-10 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-10 02:33 - 2014-08-10 02:31 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-10 02:33 - 2014-08-10 02:31 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-08-10 02:33 - 2014-08-10 02:30 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-10 02:33 - 2014-08-10 02:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-10 02:32 - 2014-08-10 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-10 02:32 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Help
2014-08-10 02:31 - 2014-08-10 02:31 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-10 02:31 - 2014-08-10 02:31 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-10 02:31 - 2014-08-10 02:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-10 02:31 - 2014-08-10 02:31 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-10 02:30 - 2014-08-10 02:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-10 02:30 - 2014-08-10 02:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-10 02:30 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\restore
2014-08-10 02:28 - 2014-08-10 02:28 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-10 02:28 - 2014-08-10 02:28 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2014-08-10 02:28 - 2014-08-10 02:28 - 00000000 ____D () C:\Users\Nick\AppData\Local\Skype
2014-08-10 02:28 - 2014-08-10 02:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 02:28 - 2014-08-10 02:27 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 02:23 - 2014-08-10 02:23 - 05568206 _____ (Swearware) C:\Users\Nick\Downloads\ComboFix.exe
2014-08-10 02:22 - 2014-08-10 02:22 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2014-08-10 02:21 - 2014-08-10 02:20 - 00000000 ____D () C:\Users\Nick\AppData\Local\Packages
2014-08-10 02:20 - 2014-08-10 02:48 - 00000000 ____D () C:\Windows\Panther
2014-08-10 02:20 - 2014-08-10 02:20 - 00001446 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-10 02:20 - 2014-08-10 02:20 - 00000020 ___SH () C:\Users\Nick\ntuser.ini
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2014-08-10 02:20 - 2014-08-10 02:20 - 00000000 ____D () C:\Users\Nick
2014-08-10 02:11 - 2014-08-10 02:11 - 00000000 ____D () C:\Windows\CSC
2014-08-10 02:10 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2014-08-10 02:04 - 2013-08-22 08:37 - 00002664 _____ () C:\Windows\DtcInstall.log
2014-08-10 02:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Recovery
2014-08-10 02:04 - 2011-12-27 12:35 - 00000000 ____D () C:\Recovery
2014-08-10 02:03 - 2014-08-10 02:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
 
Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-10 02:02
 
==================== End Of Log ============================
 
 
Addition Log
-----
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2014
Ran by Nick at 2014-08-12 15:56:15
Running from C:\Users\Nick\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
10-08-2014 09:30:01 avast! antivirus system restore point
12-08-2014 00:02:07 Installed Microsoft Visual C++ 2005 Redistributable (x64)
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E455415-85CE-405C-BB2F-491AD52571FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A8B1501-DC6E-4A6C-BF67-9349FA15475F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA9926E2-B536-41BE-9B40-144DA45B681D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-10] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-10 02:32 - 2014-03-04 06:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-10 02:31 - 2014-08-10 02:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-11 14:59 - 2014-08-11 14:59 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081101\algo.dll
2014-08-10 02:31 - 2014-08-10 02:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-10 02:32 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-10 02:32 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-10 02:32 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-10 02:32 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-10 02:32 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-10 02:32 - 2014-07-15 02:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft® Keyboard with Fingerprint Reader
Description: Microsoft® Keyboard with Fingerprint Reader
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2014 03:24:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fac
 
Start Time: 01cfb67c0ee734d5
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: 56bce6e2-226f-11e4-8256-74d4359b7e10
 
Faulting package full name: Microsoft.ZuneMusic_2.2.903.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.ZuneMusic
 
Error: (08/12/2014 03:23:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/12/2014 03:23:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Home)
Description: App Microsoft.ZuneMusic_2.2.903.0_x64__8wekyb3d8bbwe+Microsoft.ZuneMusic did not launch within its allotted time.
 
Error: (08/12/2014 03:06:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/12/2014 02:52:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
 
Error: (08/12/2014 02:52:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/12/2014 02:51:49 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (08/11/2014 05:27:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Battle.net.exe version 1.1.7.4906 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4cc
 
Start Time: 01cfb5bd7878e98f
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Battle.net\Battle.net.4906\Battle.net.exe
 
Report Id: 634dab3f-21b7-11e4-8256-74d4359b7e10
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/11/2014 05:27:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Hearthstone.exe version 1.1.0.6187 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c58
 
Start Time: 01cfb5bf23f31c06
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Hearthstone\Hearthstone.exe
 
Report Id: 6346f4b4-21b7-11e4-8256-74d4359b7e10
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/11/2014 05:02:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (08/12/2014 03:07:14 PM) (Source: DCOM) (EventID: 10010) (User: Home)
Description: Microsoft.ZuneMusic.AppXp8mtjae6p2ekqayemkyk3wfn1h4xyeak.wwa
 
Error: (08/11/2014 02:17:13 PM) (Source: DCOM) (EventID: 10010) (User: Home)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/11/2014 02:16:42 PM) (Source: DCOM) (EventID: 10010) (User: Home)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (08/10/2014 10:45:20 PM) (Source: DCOM) (EventID: 10010) (User: Home)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/10/2014 10:44:49 PM) (Source: DCOM) (EventID: 10010) (User: Home)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
Microsoft Office Sessions:
=========================
Error: (08/12/2014 03:24:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.16384fac01cfb67c0ee734d54294967295C:\Windows\system32\wwahost.exe56bce6e2-226f-11e4-8256-74d4359b7e10Microsoft.ZuneMusic_2.2.903.0_x64__8wekyb3d8bbweMicrosoft.ZuneMusic
 
Error: (08/12/2014 03:23:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic-2144927142
 
Error: (08/12/2014 03:23:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Home)
Description: Microsoft.ZuneMusic_2.2.903.0_x64__8wekyb3d8bbwe+Microsoft.ZuneMusic
 
Error: (08/12/2014 03:06:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Home)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic-2144927142
 
Error: (08/12/2014 02:52:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
 
Error: (08/12/2014 02:52:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/12/2014 02:51:49 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (08/11/2014 05:27:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Battle.net.exe1.1.7.49064cc01cfb5bd7878e98f4294967295C:\Program Files (x86)\Battle.net\Battle.net.4906\Battle.net.exe634dab3f-21b7-11e4-8256-74d4359b7e10
 
Error: (08/11/2014 05:27:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hearthstone.exe1.1.0.6187c5801cfb5bf23f31c064294967295C:\Program Files (x86)\Hearthstone\Hearthstone.exe6346f4b4-21b7-11e4-8256-74d4359b7e10
 
Error: (08/11/2014 05:02:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 66%
Total physical RAM: 2028.66 MB
Available physical RAM: 674.41 MB
Total Pagefile: 3180.66 MB
Available Pagefile: 1344.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:198.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 62E660AD)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Post the log

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites
EdmondDantes

EdmondDantes

Posted
  • Author
Posted

I wasn't able to copy or paste or link for a bit in this window, I don't know if the virus was doing that, or some other error. I ran Super Anti-spyware removed what it showed (Which always comes back) tried again and it worked. Here are the logs.

--------------------------------------------------

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/12/2014

Scan Time: 6:37:20 PM

Logfile: MBAMlog.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.12.12

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Nick

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 280213

Time Elapsed: 10 min, 52 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


 

------------------

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software





 

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version

Started in : Normal mode

User : Nick [Admin rights]

Mode : Scan -- Date : 08/12/2014  18:53:40

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D83EDE09-AAF4-49ED-8DB8-4D660F462188} | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D83EDE09-AAF4-49ED-8DB8-4D660F462188} | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD322GJ +++++

--- User ---

[MBR] e1d1a552e13d3e234b417be75fb1fe53

[bSP] 10a79e2533aa6962ed3d9357352ae02b : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB

User = LL1 ... OK

User = LL2 ... OK

-------------------------------------

Link to post
Share on other sites
EdmondDantes

EdmondDantes

Posted
  • Author
Posted
Another RK log (I forgot to disable Avast the first time I ran it)
-----------------
RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Nick [Admin rights]
Mode : Scan -- Date : 08/12/2014  19:15:32
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D83EDE09-AAF4-49ED-8DB8-4D660F462188} | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D83EDE09-AAF4-49ED-8DB8-4D660F462188} | DhcpNameServer : 97.64.168.12 97.64.183.165  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD322GJ +++++
--- User ---
[MBR] e1d1a552e13d3e234b417be75fb1fe53
[bSP] 10a79e2533aa6962ed3d9357352ae02b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_08122014_185340.log
 
--------
 
Here is the latest SAS log I ran (I have others saved):
----------
 
SUPERAntiSpyware Scan Log
 
Generated 08/12/2014 at 03:24 PM
 
Application Version : 6.0.1130
Database Version : 11425
 
Scan type       : Quick Scan
Total Scan Time : 00:01:31
 
Operating System Information
Windows 8.1 Professional 64-bit (Build 6.03.9200)
UAC On - Limited User
 
Memory items scanned      : 515
Memory threats detected   : 0
Registry items scanned    : 54478
Registry threats detected : 0
File items scanned        : 8043
File threats detected     : 37
 
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.mlnadvertising.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking-lr.adsafety.net [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\NICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
============
 End of Log 
============
 

Thanks for your help Mr. Charlie

Link to post
Share on other sites
EdmondDantes

EdmondDantes

Posted
  • Author
Posted

I don't see any Ads, never really have seen Ads, I just don't like the fact that those cookies, after being removed by SAS will reappear. As soon as I saw the problem I was on top of it, but something is still active and generating these cookies on my computer.

 

I ran JRT, and AdwCleaner, HitmanPro, MBAM, ESET online Scanner, SAS...

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.