Jump to content

Recommended Posts

I have scanned with Malwarebytes several times. The first time had three thousand hits, but since then no luck and this thing won't stop with these processes that minimize my games/programs, attempt to download files and take up all my RAM. I've used Google to try and search some of the processes, but all the websites that turned up seemed illegitimate. I'm not the best at figuring things out, but as far as I can tell it uses a dllhost.exe*32 to run all the processes because when I end that the rest of the processes end as well, but they start back up again after a minute or two. I've just been closing that repeatedly until I can figure out a way to clean my computer.

FRST.txt:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Matt (administrator) on MATT-PC on 16-01-2015 12:28:24
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available profiles: Matt & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-15] (Valve Corporation)
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40176 2015-01-12] (Overwolf LTD)
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3333024 2014-12-29] (Echobit LLC)
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\MountPoints2: {18f8afed-a40a-11e3-871b-902b3498fc68} - F:\windows\AutoRun.exe {430A8AE3-8898-4DAB-8C5B-5E8ADA7D571E} 3.0.0.02 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000 -> {A60B03AD-1EA0-41F3-99DB-C1021483DEB6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: PETN -> {DC1FDF81-F8FB-481C-B264-180CBAFE86BA} -> C:\Program Files (x86)\PETN\petn64.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PETN -> {DC1FDF81-F8FB-481C-B264-180CBAFE86BA} -> C:\Program Files (x86)\PETN\petn.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gsef04qb.default-1404329077614
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Matt\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2844143305-2761304219-4078416118-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2844143305-2761304219-4078416118-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-02]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-12] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-26] () [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-21] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-29] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2014-12-29] (Echobit LLC)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-12] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-12] ()
S3 Survarium Update Service; C:\Program Files (x86)\Survarium\game\binaries\x86\survarium_service.exe [76408 2014-12-12] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-04-25] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-10-21] (BitRaider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-22] (Disc Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-12-29] (Echobit, LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-03] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-04-25] ()
S3 massfilter_brcm; C:\Windows\system32\drivers\massfilter_brcm.sys [20232 2012-06-07] (Handset Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 12:28 - 2015-01-16 12:28 - 00017923 _____ () C:\Users\Matt\Downloads\FRST.txt
2015-01-16 12:28 - 2015-01-16 12:28 - 00000000 ___DC () C:\FRST
2015-01-16 12:27 - 2015-01-16 12:27 - 02125312 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2015-01-15 17:59 - 2015-01-15 17:59 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\FiraxisLive
2015-01-03 22:21 - 2015-01-03 22:21 - 00000165 ____H () C:\Users\Matt\Documents\~$Trading Chart.xlsx
2015-01-03 22:19 - 2015-01-03 22:19 - 00013996 _____ () C:\Users\Matt\Documents\Trading Chart.xlsx
2015-01-01 17:42 - 2015-01-16 12:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 17:42 - 2015-01-16 12:05 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 17:42 - 2015-01-01 17:42 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 17:42 - 2015-01-01 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-01 17:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 16:57 - 2014-12-30 16:57 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Arrowhead
2014-12-30 04:56 - 2014-12-30 04:56 - 00104246 _____ () C:\Users\Matt\Downloads\Mod Package (1).zip
2014-12-30 04:48 - 2014-12-30 04:48 - 00070916 _____ () C:\Users\Matt\Downloads\Mod Package.zip
2014-12-29 19:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-12-29 19:43 - 2014-12-29 19:43 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-12-29 19:43 - 2014-12-29 19:43 - 00002023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-12-29 19:43 - 2014-12-29 19:43 - 00002011 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-12-29 19:43 - 2014-12-29 19:43 - 00000000 ___DC () C:\Program Files\Echobit
2014-12-29 19:42 - 2014-12-29 19:42 - 03258328 _____ (Echobit LLC) C:\Users\Matt\Downloads\EvolveSetup.exe
2014-12-29 19:42 - 2014-12-29 19:42 - 00000000 ____D () C:\Users\Matt\AppData\Local\Echobit
2014-12-29 19:42 - 2014-12-29 19:42 - 00000000 ____D () C:\ProgramData\Echobit
2014-12-29 18:51 - 2014-12-29 18:51 - 00014290 _____ () C:\Users\Matt\Downloads\[kickass.so]the.escapists.v0.799.windows.viruz.torrent
2014-12-29 00:59 - 2014-12-29 00:59 - 00174112 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-12-28 18:31 - 2014-12-28 18:31 - 02337865 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-12-28 18:30 - 2015-01-06 07:16 - 00224676 _____ () C:\Windows\DirectX.log
2014-12-28 03:07 - 2014-12-28 03:07 - 29974793 _____ () C:\Users\Matt\Downloads\Ck2Plus_3_05_2 (1).zip
2014-12-28 02:56 - 2014-12-28 02:58 - 29974793 _____ () C:\Users\Matt\Downloads\Ck2Plus_3_05_2.zip
2014-12-26 02:49 - 2014-12-26 02:49 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 02:47 - 2015-01-16 12:20 - 00013188 _____ () C:\Windows\PFRO.log
2014-12-25 23:06 - 2014-12-25 23:15 - 00001288 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-25 23:06 - 2014-12-25 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-25 14:19 - 2014-12-25 14:26 - 00000000 ____D () C:\Users\Matt\AppData\Local\Windforge
2014-12-24 12:08 - 2014-12-24 12:11 - 00000000 ____D () C:\Users\Matt\AppData\Local\SystemsNominal
2014-12-24 12:06 - 2014-12-24 12:08 - 43199520 _____ () C:\Users\Matt\Downloads\systems_nominal_1.0_windows.zip
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ___DC () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-21 04:13 - 2014-12-21 04:13 - 22350936 _____ (JohnnyLump ) C:\Users\Matt\Downloads\Long War 3 Beta 14i-88-3-0b14i.exe
2014-12-21 01:00 - 2015-01-16 12:20 - 00001503 _____ () C:\Windows\setupact.log
2014-12-21 01:00 - 2014-12-21 01:00 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 12:27 - 2009-07-13 22:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:27 - 2009-07-13 22:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:23 - 2012-12-02 08:05 - 01648793 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 12:20 - 2014-08-12 00:17 - 00000000 ___RD () C:\Users\Matt\Dropbox
2015-01-16 12:20 - 2014-08-12 00:15 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Dropbox
2015-01-16 12:20 - 2014-07-02 13:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 12:20 - 2012-12-26 21:02 - 00000000 ____D () C:\Users\Matt\AppData\Local\LogMeIn Hamachi
2015-01-16 12:20 - 2012-12-24 10:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-16 12:20 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 12:07 - 2012-12-24 10:52 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Skype
2015-01-16 12:00 - 2013-02-13 20:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 11:55 - 2014-07-02 13:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 04:48 - 2014-03-13 11:35 - 00004571 _____ () C:\Users\Matt\Documents\CoC
2015-01-16 04:29 - 2013-04-05 16:13 - 00000000 ____D () C:\Users\Matt\AppData\Local\Warframe
2015-01-16 02:00 - 2013-02-01 17:14 - 00000000 ____D () C:\Users\Matt\AppData\Local\Adobe
2015-01-16 01:25 - 2013-07-07 17:50 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\TS3Client
2015-01-15 13:25 - 2014-06-21 07:25 - 00000000 ___DC () C:\Program Files (x86)\Overwolf
2015-01-15 06:53 - 2014-11-24 11:28 - 00000000 ___DC () C:\Program Files (x86)\Origin
2015-01-15 06:53 - 2013-08-18 05:13 - 00000000 ____D () C:\ProgramData\Origin
2015-01-14 08:58 - 2014-07-02 13:39 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 06:00 - 2013-02-13 20:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 06:00 - 2012-12-24 10:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 06:00 - 2012-12-24 10:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 19:13 - 2014-02-01 12:06 - 00000000 ____D () C:\Users\Matt\AppData\Local\Overwolf
2015-01-10 18:14 - 2013-07-07 19:15 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Mumble
2015-01-07 03:00 - 2014-05-11 13:43 - 00000000 ____D () C:\Users\Matt\Documents\survarium
2015-01-06 17:28 - 2009-07-13 23:13 - 00783374 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 03:25 - 2013-02-14 17:44 - 00000000 ____D () C:\Users\Matt\Zomboid
2015-01-05 19:37 - 2013-04-06 08:44 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-05 19:37 - 2013-04-06 08:42 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-04 19:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
2015-01-04 02:56 - 2013-04-06 08:42 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-01 19:24 - 2014-07-14 14:33 - 00000000 ____D () C:\Users\Matt\Desktop\Fraps Media
2015-01-01 17:42 - 2012-12-24 16:38 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 17:42 - 2012-12-24 16:38 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2015-01-01 17:42 - 2012-12-24 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 17:42 - 2012-12-24 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-31 07:02 - 2013-05-11 13:25 - 00000000 ____D () C:\Users\Matt\Torrents
2014-12-30 22:36 - 2013-08-21 22:06 - 00001176 _____ () C:\Users\Public\Desktop\Paint.NET.lnk
2014-12-30 22:36 - 2013-01-16 19:18 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-30 22:36 - 2013-01-16 19:18 - 00000000 ___DC () C:\Program Files\Paint.NET
2014-12-30 01:43 - 2013-09-22 17:11 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\uTorrent
2014-12-29 19:35 - 2012-12-05 22:18 - 00000000 ____D () C:\Users\Matt\Documents\My Games
2014-12-26 14:54 - 2012-12-03 00:16 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-12-26 00:28 - 2014-05-17 02:39 - 00000000 ____D () C:\Users\Matt\Documents\BioWare
2014-12-25 23:06 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-25 23:05 - 2013-11-09 19:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-25 22:01 - 2014-11-24 11:30 - 00000000 ____D () C:\Users\Matt\AppData\Local\Origin
2014-12-25 21:31 - 2014-11-24 11:30 - 00000000 ___DC () C:\Program Files (x86)\Origin Games
2014-12-25 21:28 - 2014-11-24 11:30 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Origin
2014-12-25 21:25 - 2014-10-30 03:55 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-12-25 17:53 - 2013-01-29 05:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-25 17:53 - 2012-12-24 10:52 - 00000000 ____D () C:\ProgramData\Skype
2014-12-23 05:09 - 2014-08-27 13:50 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2014-12-22 02:04 - 2013-01-29 18:47 - 00000000 ____D () C:\Users\Matt\Documents\Klei
2014-12-18 07:38 - 2014-03-26 12:29 - 00000000 ___DC () C:\Program Files (x86)\RaidCall
2014-12-17 17:05 - 2012-12-02 04:05 - 00000000 ____D () C:\Users\Matt
 
Files to move or delete:
====================
C:\Users\Matt\jagex_cl_oldschool_LIVE.dat
C:\Users\Matt\jagex_cl_runescape_LIVE.dat
C:\Users\Matt\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\aol_toolbar.exe
C:\Users\Guest\AppData\Local\Temp\Firefox Setup 13.0.1.exe
C:\Users\Matt\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_cc88g.dll
C:\Users\Matt\AppData\Local\Temp\hcuninstaller_20141225_212544_84092.exe
C:\Users\Matt\AppData\Local\Temp\i4jdel0.exe
C:\Users\Matt\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Matt\AppData\Local\Temp\sfareca00001.dll
C:\Users\Matt\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 09:10
 
==================== End Of Log ============================
 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Matt at 2015-01-16 12:29:19
Running from C:\Users\Matt\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
µTorrent (HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{8F3C9854-8EB9-3D28-4AD7-E3ADD800C7E3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Aurora 32.0a2 (x86 en-US) (HKLM-x32\...\Aurora 32.0a2 (x86 en-US)) (Version: 32.0a2 - Mozilla)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Dropbox (HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Tune 6 B12.0509.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0509.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.9 - Echobit, LLC)
Evolve [Closed Beta] (HKLM-x32\...\Steam App 203190) (Version:  - Turtle Rock Studios)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Gauntlet™  (HKLM-x32\...\Steam App 258970) (Version:  - Arrowhead Game Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Happy Cloud Client (HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MISERY version 2.1.1 (HKLM-x32\...\MISERY_is1) (Version: 2.1.1 - MISERY Development Team)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0a2 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.104.0 - Overwolf Ltd.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pascal Handset USB Driver (HKLM\...\{9B00E99F-83A4-40d4-B987-7EB04F722BB7}) (Version:  - ZTE Corporation)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
SdRt4200 (HKLM-x32\...\{140347A0-4A0C-44FC-9CA1-C8A3471899B7}) (Version: 4.2.8.0 - パルティオソフト株式会社)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version:  - MinMax Games Ltd.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sunless Sea 0.6.1.1625 (HKLM-x32\...\Sunless Sea 0.6.1.1625) (Version: 0.6.1.1625 - Èãðû íà Cat-A-Cat.NET)
Survarium (HKLM-x32\...\{FEA2E954-A6D0-42FA-8FF1-DFA325758FAC}_is1) (Version: 0.26f - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TeamSpeak 3 Client (HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windforge (HKLM-x32\...\Steam App 266170) (Version:  - Snowed In Studios)
WinDirStat 1.1.2 (HKU\S-1-5-21-2844143305-2761304219-4078416118-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
XCom Long War EW Mod version Beta 14i (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 14i - JohnnyLump)
ZTE 3GPhone USB Driver 5.2066.1.6 (HKLM\...\{8472455A-0658-4A6A-98F8-EF3FF6163B59}_is1) (Version: 5.2066.1.6 - ZTE Corporation)
ZTE Smartphone Driver 1.2066.1.3 (HKLM-x32\...\{66239456-F8B1-49EC-818C-822603C5B712}) (Version: 1.0.0.18 - ZTE Corporation)
ZTE V768 Handset USB Driver (HKLM\...\{430A8AE3-8898-4DAB-8C5B-5E8ADA7D571E}_is1) (Version: 3.0.0.02 - ZTE Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2844143305-2761304219-4078416118-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2C186940-06DE-4417-9D07-6E968C23BDF9} - System32\Tasks\{9D51BC03-BB5F-4ABD-8068-8203AC03AAA6} => pcalua.exe -a D:\setup.exe -d D:\
Task: {3F89D67D-B3CC-4507-9E99-67EF20F2D32F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {5641290A-4050-442C-AF5F-0E29EA57D21D} - System32\Tasks\AdobeAAMUpdater-1.0-Matt-PC-Matt => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {791D7004-B656-4627-A472-3D2425D8D2CF} - System32\Tasks\{CA50BBE1-7A87-41FC-9127-66EAB682E414} => pcalua.exe -a E:\INSTALL\SETUP.EXE -d E:\
Task: {7E420E7E-52A4-44DD-B0AC-AB5DEE5D1A57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {7F5EF1F0-20CF-4B49-A86C-EF7F90B2396F} - System32\Tasks\{F4AE2B94-6F8E-4496-8A49-3EDE7A106F70} => E:\install\SETUP.EXE
Task: {8B751C9C-3E16-4892-81D3-EEFE85D6D8A5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8CD22B0B-F53A-4711-9DC7-4141922E4DCE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {9F9ACFF0-CD74-4F9A-8721-F5094D1D257C} - System32\Tasks\{F230553C-DC87-4102-87B5-7295B4DE9D25} => C:\Program Files (x86)\Livestream for Producers\Producer.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B1DB7C70-90E5-4E1E-9F2C-98CEDC6B2E8E} - System32\Tasks\{7A7F2F53-FB05-44EA-BB50-EEA905D9C6B5} => E:\install\SETUP.EXE
Task: {B4D7F93D-A3EA-47D6-9305-7F50BE28E6DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {E4F4FA6C-CBF5-4D4B-831E-6C4561C010D4} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-12] (Overwolf LTD)
Task: {EE086684-82E5-4B72-B035-FFE4551E80D7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {F42CF20D-6A65-486D-938E-AAAB6137FFF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F6C49B00-FD99-4D38-B76E-84A5A2B8F9D2} - System32\Tasks\{1A63CE05-FEBD-4EA2-89B5-DC47BF3D9592} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/310
Task: {FB4E7CFF-38BC-4CE9-AB34-FD096CAF4C56} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-27 13:50 - 2014-05-20 08:19 - 00105640 ____C () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-06 08:42 - 2014-07-12 05:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-22 09:16 - 2014-09-23 07:36 - 08897696 ____C () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-21 17:07 - 2014-12-01 15:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-21 17:07 - 2014-12-01 15:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-21 17:07 - 2014-12-01 15:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-21 17:07 - 2014-12-01 15:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-21 17:07 - 2014-11-11 12:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-05 17:27 - 2014-12-01 18:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-12-05 17:27 - 2014-12-01 18:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-05 17:27 - 2014-12-01 18:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-10-21 17:07 - 2015-01-15 20:58 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-10-21 17:07 - 2014-12-01 15:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-10-21 17:07 - 2015-01-15 20:57 - 00696000 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-21 17:07 - 2015-01-15 17:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-21 17:07 - 2015-01-15 17:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2010-01-09 18:18 - 2010-01-09 18:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-20 23:34 - 2010-01-20 23:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-14 08:58 - 2015-01-08 18:35 - 01077064 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-14 08:58 - 2015-01-08 18:35 - 00211272 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-14 08:58 - 2015-01-08 18:35 - 09009480 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 08:58 - 2015-01-08 18:35 - 01677128 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-14 08:58 - 2015-01-08 18:35 - 14913352 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Matt\Cookies:8ybLr5aV6mluIn6QNtHBfExDmU
AlternateDataStreams: C:\Users\Matt\AppData\Local\Temporary Internet Files:4huSXlo6q3AN6bBHEvjd9u9f
AlternateDataStreams: C:\Users\Matt\AppData\Local\Temporary Internet Files:KnBIkmQ6IdbSqCERfVRtA
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: pronto => "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2844143305-2761304219-4078416118-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2844143305-2761304219-4078416118-1007 - Limited - Enabled)
Guest (S-1-5-21-2844143305-2761304219-4078416118-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2844143305-2761304219-4078416118-1003 - Limited - Enabled)
Matt (S-1-5-21-2844143305-2761304219-4078416118-1000 - Administrator - Enabled) => C:\Users\Matt
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2015 00:22:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2015 07:05:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16750, time stamp: 0x4a5bc5e1
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x000222d2
Faulting process id: 0x2114
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/15/2015 03:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16750, time stamp: 0x4a5bc959
Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8
Exception code: 0xc0000005
Fault offset: 0x0001e2fe
Faulting process id: 0x6f74
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/15/2015 09:04:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16750, time stamp: 0x4a5bcd6e
Faulting module name: Flash32_16_0_0_257.ocx, version: 16.0.0.257, time stamp: 0x549259f5
Exception code: 0xc0000005
Fault offset: 0x0064e4d5
Faulting process id: 0x4acc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/14/2015 09:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16750, time stamp: 0x4a5bc959
Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8
Exception code: 0xc0000005
Fault offset: 0x0001e2fe
Faulting process id: 0x3b44
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/14/2015 00:20:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 07:43:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 07:13:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/09/2015 03:37:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt>with error: This network connection does not exist.
.
 
Error: (01/09/2015 03:37:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt>with error: This network connection does not exist.
.
 
 
System errors:
=============
Error: (01/16/2015 00:21:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/16/2015 00:21:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/16/2015 00:21:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/16/2015 00:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error: 
%%1275
 
Error: (01/16/2015 00:20:14 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver atksgt.sys has been blocked from loading.
 
Error: (01/16/2015 11:49:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/16/2015 11:43:20 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (01/16/2015 03:40:21 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/16/2015 03:13:16 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/15/2015 08:44:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2015 00:22:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/16/2015 07:05:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.167504a5bc5e1ntdll.dll6.1.7601.1822951fb1072c0000005000222d2211401d0318c343bd4f1C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll5e7aa0cb-9d80-11e4-b5cb-902b3498fc68
 
Error: (01/15/2015 03:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.167504a5bc959vbscript.dll5.8.9200.16521512080e8c00000050001e2fe6f7401d03107092f8424C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\vbscript.dll52127664-9cfa-11e4-b5cb-902b3498fc68
 
Error: (01/15/2015 09:04:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.167504a5bcd6eFlash32_16_0_0_257.ocx16.0.0.257549259f5c00000050064e4d54acc01d030d428874912C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_257.ocxce48a451-9cc7-11e4-b5cb-902b3498fc68
 
Error: (01/14/2015 09:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.167504a5bc959vbscript.dll5.8.9200.16521512080e8c00000050001e2fe3b4401d030743614616eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\vbscript.dll85ec9d3e-9c67-11e4-b5cb-902b3498fc68
 
Error: (01/14/2015 00:20:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 07:43:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 07:13:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/09/2015 03:37:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
 
Error: (01/09/2015 03:37:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom II X4 945 Processor
Percentage of memory in use: 37%
Total physical RAM: 8189.24 MB
Available physical RAM: 5130.8 MB
Total Pagefile: 16376.67 MB
Available Pagefile: 12883.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.36 GB) (Free:7.83 GB) NTFS
Drive g: (TOURO) (Fixed) (Total:465.76 GB) (Free:178.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: A831ECAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F619BC96)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Please download DeFogger to your desktop.
Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin

 

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Okay, I finally finished almost everything. The only issue I ran into is after JRT began it closed and I haven't seen nor heard from it since. Everything else went smoothly, however, and I haven't seen the processes from the Trojan for a while. I'm going to attach the files this time because it is probably easier for you and there are quite a few this time.

AdwCleanerS0.txt

Fixlog.txt

mrt.log

defogger_disable.log

MBAM.txt

Link to post
Share on other sites

Looks like we killed off the nasty Poweliks Infection, continue as follows:

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Alrighty, done.
 

C:\Program Files (x86)\Common Files\Common dictionary\node\conf.js Win32/UnlimitedDownloads.D potentially unwanted application
C:\Program Files (x86)\Common Files\Common dictionary\node\copy.exe Win32/UnlimitedDownloads.B potentially unwanted application
C:\Program Files (x86)\Common Files\Common dictionary\node\diagnostics.exe Win32/UnlimitedDownloads.D potentially unwanted application
C:\Program Files (x86)\Common Files\Common dictionary\node\nsis.json Win32/UnlimitedDownloads.E potentially unwanted application

Or the file.

ESET SCAN.txt

Link to post
Share on other sites

Thanks for the update, if no remaining issues/concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Activate UAC
    Remove disinfection tools
     Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thank you,

 

Kevin..

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.