Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cleaning out the rest of the infection. [Solved]


  • This topic is locked This topic is locked

#1
Violet_Shift

Violet_Shift

    Member

  • Member
  • PipPip
  • 18 posts
Hello everyone,

Earlier today I got help from a few people over here:

http://www.geekstogo...h-high-cpu-use/

To remove a rather nasty piece of malware that was hogging my CPU and making everything slow.

However, after removal of this, while the CPU is no longer being used 99%, I still have a few of the initial symptoms that set off my investigation. Namely, Skype and Yahoo IM take -extremely- long to load, and often freeze during normal operation. This is very recent - has happened since the first time I restarted after when I think I was exposed to the malware.

So I suspect there is more going on, and if my machine could be cleaned without necessitating a reformat, that would be rather awesome.

So, thanks in advance to anyone that helps me. :)
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Violet_Shift,

Welcome to the Malware forum.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
Violet_Shift

Violet_Shift

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Alright - here are the results that the tool gave me:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
Ran by Violet_Shift (administrator) on NATALYA on 02-01-2014 12:17:23
Running from C:\Users\Violet_Shift\Downloads
Windows 8.1 Pro (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Violet_Shift\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) E:\Games\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [689488 2008-03-11] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PlusService] - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [802304 2012-09-24] (Yuna Software)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [608104 2013-04-22] (Razer USA Ltd)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] - C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [974864 2012-12-21] (Razer USA Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTXFIREG] - C:\Windows\\SysWOW64\CTxfiReg.exe [47104 2012-12-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [24576 2012-12-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)
HKCU\...\Run: [Intel® Common User Interface] - C:\ProgramData\{$5951-8557-1735-5876$}\Intel® Common User Interfacet.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [Steam] - E:\Games\Steam\Steam.exe [1823656 2013-12-12] (Valve Corporation)
HKU\UpdatusUser\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-10-29] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3551576 2013-12-14] (Electronic Arts)
HKU\UpdatusUser\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\UpdatusUser\...\Run: [Intel® Common User Interface] - C:\ProgramData\{$5951-8557-1735-5876$}\Intel® Common User Interfacet.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [CTPostBootSequencer] - "C:\Users\VIOLET~1\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct
HKU\UpdatusUser\...\RunOnce: [CTAutoUpdate] - C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [1571088 2011-09-22] (Creative Technology Ltd)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL [ ] ()
Startup: C:\Users\Violet_Shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Violet_Shift\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Violet_Shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® User Interface.url ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1B3D318832FECE01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 203.109.191.1 203.118.191.1
Tcpip\..\Interfaces\{DCC86C64-8801-4D40-9C51-7E74E354AD9B}: [NameServer]203.109.129.67,203.109.129.68

FireFox:
========
FF ProfilePath: C:\Users\Violet_Shift\AppData\Roaming\Mozilla\Firefox\Profiles\rpn0cbph.default
FF user.js: detected! => C:\Users\Violet_Shift\AppData\Roaming\Mozilla\Firefox\Profiles\rpn0cbph.default\user.js
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: NoScript - C:\Users\Violet_Shift\AppData\Roaming\Mozilla\Firefox\Profiles\rpn0cbph.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Violet_Shift\AppData\Roaming\Mozilla\Firefox\Profiles\rpn0cbph.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.co.nz
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Extension: (Google Drive) - C:\Users\Violet_Shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Violet_Shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Violet_Shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (Google Search) - C:\Users\Violet_Shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Violet_Shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0
CHR Extension: (Google Wallet) - C:\Users\Violet_Shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Violet_Shift\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-23] (PMC-Sierra)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2013-12-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1034464 2013-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422216 2013-12-22] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [79672 2013-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2013-05-22] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation)
R0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-05-22] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-23] (LSI Corporation)
R3 mamba2; C:\Windows\System32\drivers\mamba2.sys [11776 2012-12-10] (Razer USA Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-23] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-23] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-23] (Microsoft Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [22016 2013-03-04] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\drivers\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-06] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-23] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-23] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-19] (Marvell)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 12:17 - 2014-01-02 12:17 - 00018755 _____ C:\Users\Violet_Shift\Downloads\FRST.txt
2014-01-02 12:16 - 2014-01-02 12:16 - 00000000 ____D C:\FRST
2014-01-02 12:01 - 2014-01-02 12:02 - 01931426 _____ (Farbar) C:\Users\Violet_Shift\Downloads\FRST64.exe
2014-01-01 15:00 - 2014-01-01 15:00 - 00000762 _____ C:\WINDOWS\DirectX.log
2014-01-01 12:24 - 2014-01-01 12:24 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-01 12:24 - 2014-01-01 12:24 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Malwarebytes
2014-01-01 12:24 - 2014-01-01 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 12:24 - 2014-01-01 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 12:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-01 12:23 - 2014-01-01 12:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Violet_Shift\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-01 10:20 - 2014-01-01 10:22 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-01 10:20 - 2014-01-01 10:20 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-12-31 19:15 - 2013-12-31 19:15 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-31 19:15 - 2013-12-31 19:15 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-31 19:15 - 2013-12-31 19:15 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-31 19:15 - 2013-12-31 19:15 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-31 19:15 - 2013-12-31 19:15 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 19:15 - 2013-12-31 19:15 - 00000000 ____D C:\Program Files\Java
2013-12-31 18:47 - 2014-01-01 12:46 - 00019824 _____ C:\WINDOWS\PFRO.log
2013-12-31 18:31 - 2014-01-02 08:51 - 00122499 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-31 16:44 - 2011-03-22 10:21 - 09410435 _____ C:\Users\Violet_Shift\Desktop\OWI-ROBOTIC-ARM.rar
2013-12-31 16:44 - 2011-03-21 12:00 - 00000000 ____D C:\Users\Violet_Shift\Desktop\OWI ROBOTIC ARM
2013-12-30 00:21 - 2014-01-01 12:45 - 00185260 _____ C:\Users\Violet_Shift\AppData\Roaming\msconfig.ini
2013-12-30 00:20 - 2014-01-01 10:58 - 00000000 __SHD C:\ProgramData\{$5951-8557-1735-5876$}
2013-12-29 04:01 - 2013-12-30 00:20 - 00000000 __SHD C:\ProgramData\{$4091-8610-6259-6353$}
2013-12-29 04:01 - 2013-12-29 04:01 - 00000000 _____ C:\Users\Violet_Shift\AppData\Roaming\system.ini
2013-12-29 04:00 - 2013-12-29 04:00 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Google
2013-12-27 20:43 - 2013-12-01 18:00 - 680128512 ____R C:\Users\Violet_Shift\Desktop\Deadly Prey.avi
2013-12-26 16:10 - 2013-12-26 16:10 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\3909
2013-12-22 10:41 - 2013-12-31 18:53 - 00001982 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-22 10:41 - 2013-12-22 10:41 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-22 10:41 - 2013-12-22 10:41 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00065776 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-22 10:41 - 2013-12-22 10:41 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\AVAST Software
2013-12-22 10:40 - 2013-12-22 10:40 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-22 10:40 - 2013-12-22 10:40 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-21 22:51 - 2013-12-21 22:51 - 00001446 _____ C:\Users\Violet_Shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-21 17:48 - 2014-01-01 07:52 - 00000000 ____D C:\Users\Violet_Shift\Documents\Hard Reset Extended
2013-12-21 03:48 - 2013-12-21 03:48 - 00000159 ___RH C:\WINDOWS\ctfile.rfc
2013-12-21 03:48 - 2009-06-29 10:56 - 00212992 _____ C:\WINDOWS\system32\APOMgr64.DLL
2013-12-21 03:48 - 2009-06-29 10:54 - 00164864 _____ C:\WINDOWS\SysWOW64\APOMngr.DLL
2013-12-21 03:48 - 2009-02-17 17:33 - 00113152 _____ (Creative Technology Ltd) C:\WINDOWS\system32\cttele64.dll
2013-12-21 03:48 - 2009-02-17 17:33 - 00106496 _____ (Creative Technology Ltd) C:\WINDOWS\SysWOW64\cttele32.dll
2013-12-21 03:48 - 2009-02-06 18:53 - 00089088 _____ C:\WINDOWS\system32\CmdRtr64.DLL
2013-12-21 03:48 - 2009-02-06 18:52 - 00073728 _____ C:\WINDOWS\SysWOW64\CmdRtr.DLL
2013-12-21 03:37 - 2000-05-11 01:00 - 00090112 ____N (Creative Technology Ltd.) C:\WINDOWS\Updreg.EXE
2013-12-21 03:36 - 2013-12-21 03:36 - 00002345 _____ C:\Users\Public\Desktop\Creative Product Registration.lnk
2013-12-21 03:36 - 2010-07-07 16:51 - 00647872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mscomct2.ocx
2013-12-21 03:36 - 2010-07-07 16:51 - 00053248 ____N (Creative Technology Ltd ) C:\WINDOWS\Ctregrun.exe
2013-12-21 03:36 - 2010-06-18 04:44 - 07572224 ____N C:\WINDOWS\SysWOW64\CT8MGM.SF2
2013-12-21 03:36 - 2010-06-18 04:44 - 07572224 ____N C:\WINDOWS\system32\CT8MGM.SF2
2013-12-21 03:36 - 2010-06-18 04:44 - 04174814 ____N C:\WINDOWS\SysWOW64\CT4MGM.SF2
2013-12-21 03:36 - 2010-06-18 04:44 - 04174814 ____N C:\WINDOWS\system32\CT4MGM.SF2
2013-12-21 02:59 - 2013-12-21 02:59 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Red Alert 3 Uprising
2013-12-21 02:58 - 2013-12-21 02:58 - 00004991 _____ C:\Users\Violet_Shift\Desktop\lis-3.txt
2013-12-21 02:33 - 2013-12-21 02:34 - 00020287 _____ C:\Users\Violet_Shift\Desktop\lis-2.txt
2013-12-20 16:13 - 2013-12-20 16:09 - 41207626 ____N C:\Users\Violet_Shift\Desktop\20131220_160855.mp4
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 _____ C:\Users\Violet_Shift\Desktop\New Bitmap Image.bmp
2013-12-19 22:45 - 2013-12-19 22:45 - 00045913 _____ C:\Users\Violet_Shift\Desktop\stuff.txt
2013-12-19 00:01 - 2013-12-19 00:01 - 00036490 _____ C:\Users\Violet_Shift\Desktop\ben.txt
2013-12-17 14:30 - 2013-12-17 14:31 - 00024866 _____ C:\Users\Violet_Shift\Desktop\lis.txt
2013-12-17 07:37 - 2013-11-12 12:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-17 07:37 - 2013-11-12 12:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-17 07:37 - 2013-11-12 12:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-17 07:37 - 2013-11-12 12:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-17 07:37 - 2013-11-11 15:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-17 07:37 - 2013-11-10 00:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-17 07:37 - 2013-11-09 19:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-17 07:37 - 2013-11-09 18:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-17 07:37 - 2013-11-08 23:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-17 07:37 - 2013-11-08 18:23 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-12-17 07:37 - 2013-11-08 17:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-17 07:37 - 2013-11-08 17:42 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-12-17 07:37 - 2013-11-08 17:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-17 07:37 - 2013-11-08 17:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-17 07:37 - 2013-11-08 17:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-17 07:37 - 2013-11-08 17:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-17 07:37 - 2013-11-08 17:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-17 07:37 - 2013-11-08 16:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-17 07:37 - 2013-11-08 16:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-17 07:37 - 2013-11-06 03:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-17 07:37 - 2013-11-06 03:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-17 07:37 - 2013-11-06 02:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-17 07:37 - 2013-11-06 02:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-17 07:37 - 2013-11-06 02:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-17 07:37 - 2013-11-05 06:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-17 07:37 - 2013-11-05 06:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-17 07:37 - 2013-11-05 02:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-17 07:37 - 2013-11-05 00:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-17 07:37 - 2013-11-04 23:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-17 07:37 - 2013-11-04 15:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-17 07:37 - 2013-11-04 14:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-17 07:37 - 2013-11-02 00:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-17 07:37 - 2013-11-01 19:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-17 07:37 - 2013-11-01 18:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-17 07:37 - 2013-10-31 13:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-17 07:37 - 2013-10-31 13:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-17 07:37 - 2013-10-31 13:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-17 07:37 - 2013-10-31 13:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-17 07:37 - 2013-10-31 13:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-17 07:37 - 2013-10-31 13:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-17 07:37 - 2013-10-26 14:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-17 07:37 - 2013-10-24 22:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-17 07:37 - 2013-10-24 22:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-17 07:37 - 2013-10-18 00:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-17 07:37 - 2013-10-17 23:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-17 07:37 - 2013-10-06 03:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-17 07:37 - 2013-10-06 03:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-17 07:37 - 2013-10-06 01:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-17 07:37 - 2013-10-06 01:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-15 11:28 - 2013-12-21 22:23 - 00257024 ___SH C:\Users\Violet_Shift\Documents\Thumbs.db
2013-12-13 11:43 - 2013-12-28 22:39 - 00000000 ____D C:\Users\Violet_Shift\Desktop\Master's 3rd experiment
2013-12-12 11:30 - 2013-11-27 00:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 11:30 - 2013-11-26 23:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 11:30 - 2013-11-26 22:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 11:30 - 2013-11-26 21:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 11:30 - 2013-11-26 21:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 11:30 - 2013-11-26 21:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 11:30 - 2013-11-26 21:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 11:30 - 2013-11-26 21:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 11:30 - 2013-11-26 20:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 11:30 - 2013-11-26 20:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 11:30 - 2013-11-26 20:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 11:30 - 2013-11-26 20:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 11:30 - 2013-11-26 19:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 11:30 - 2013-11-26 19:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 11:30 - 2013-11-26 19:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 11:30 - 2013-11-26 19:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 11:30 - 2013-11-26 19:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 11:30 - 2013-11-23 17:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 11:30 - 2013-11-23 17:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 11:30 - 2013-11-23 16:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 11:30 - 2013-11-23 16:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 11:30 - 2013-11-09 19:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 11:30 - 2013-11-09 19:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 11:30 - 2013-11-09 18:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 11:30 - 2013-11-08 20:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-12 11:30 - 2013-10-19 21:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 11:30 - 2013-10-19 20:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 11:30 - 2013-10-15 21:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 11:30 - 2013-10-15 21:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-08 06:55 - 2013-12-08 06:56 - 00036781 _____ C:\Users\Violet_Shift\Desktop\stupidargument.txt
2013-12-03 14:04 - 2013-12-03 14:04 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-12-03 14:04 - 2013-12-03 14:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-12-03 14:04 - 2013-12-03 14:04 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-12-03 14:04 - 2013-12-03 14:04 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2013-12-03 14:01 - 2013-12-03 14:01 - 00000000 ____D C:\Users\Violet_Shift\Desktop\SCP - Containment Breach v0.8.2

==================== One Month Modified Files and Folders =======

2014-01-02 12:17 - 2014-01-02 12:17 - 00018755 _____ C:\Users\Violet_Shift\Downloads\FRST.txt
2014-01-02 12:16 - 2014-01-02 12:16 - 00000000 ____D C:\FRST
2014-01-02 12:09 - 2012-10-28 22:12 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Skype
2014-01-02 12:02 - 2014-01-02 12:01 - 01931426 _____ (Farbar) C:\Users\Violet_Shift\Downloads\FRST64.exe
2014-01-02 12:00 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-02 11:55 - 2012-11-30 21:20 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 11:21 - 2012-10-28 23:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-02 08:51 - 2013-12-31 18:31 - 00122499 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-02 06:00 - 2012-10-28 17:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1238187471-1407391081-3928181685-1001
2014-01-02 05:55 - 2012-11-30 21:20 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 03:41 - 2012-11-06 22:54 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Media Player Classic
2014-01-02 03:11 - 2012-10-29 03:04 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Winamp
2014-01-01 16:08 - 2013-09-30 17:12 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-01 16:05 - 2013-11-06 15:31 - 00000000 __RDO C:\Users\Violet_Shift\SkyDrive
2014-01-01 16:05 - 2013-08-10 00:13 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Dropbox
2014-01-01 16:02 - 2013-08-23 03:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 16:01 - 2013-08-23 02:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-01 15:00 - 2014-01-01 15:00 - 00000762 _____ C:\WINDOWS\DirectX.log
2014-01-01 12:46 - 2013-12-31 18:47 - 00019824 _____ C:\WINDOWS\PFRO.log
2014-01-01 12:45 - 2013-12-30 00:21 - 00185260 _____ C:\Users\Violet_Shift\AppData\Roaming\msconfig.ini
2014-01-01 12:24 - 2014-01-01 12:24 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-01 12:24 - 2014-01-01 12:24 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Malwarebytes
2014-01-01 12:24 - 2014-01-01 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 12:24 - 2014-01-01 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 12:24 - 2014-01-01 12:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Violet_Shift\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-01 12:09 - 2012-12-30 16:05 - 01812480 ___SH C:\Users\Violet_Shift\Desktop\Thumbs.db
2014-01-01 10:58 - 2013-12-30 00:20 - 00000000 __SHD C:\ProgramData\{$5951-8557-1735-5876$}
2014-01-01 10:58 - 2012-10-28 17:36 - 00000000 ___RD C:\Users\Violet_Shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-01 10:22 - 2014-01-01 10:20 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-01 10:20 - 2014-01-01 10:20 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2014-01-01 07:52 - 2013-12-21 17:48 - 00000000 ____D C:\Users\Violet_Shift\Documents\Hard Reset Extended
2014-01-01 07:52 - 2013-04-22 22:31 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\vlc
2014-01-01 07:52 - 2012-10-28 22:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-01 07:51 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\registration
2014-01-01 07:51 - 2012-10-28 22:12 - 00000000 ____D C:\ProgramData\Skype
2013-12-31 19:15 - 2013-12-31 19:15 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-31 19:15 - 2013-12-31 19:15 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-31 19:15 - 2013-12-31 19:15 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-31 19:15 - 2013-12-31 19:15 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-31 19:15 - 2013-12-31 19:15 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 19:15 - 2013-12-31 19:15 - 00000000 ____D C:\Program Files\Java
2013-12-31 18:59 - 2013-11-06 15:14 - 00009500 _____ C:\WINDOWS\system32\lvcoinst.log
2013-12-31 18:59 - 2013-04-22 23:14 - 00000000 ____D C:\Program Files\Creative
2013-12-31 18:59 - 2012-10-30 21:08 - 00000000 ___HD C:\Program Files (x86)\Creative Installation Information
2013-12-31 18:59 - 2012-10-28 17:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-31 18:53 - 2013-12-22 10:41 - 00001982 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-31 18:53 - 2013-11-06 15:17 - 00000000 ____D C:\Users\Violet_Shift
2013-12-31 18:53 - 2012-11-01 08:20 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-12-31 18:16 - 2013-11-07 04:12 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-30 06:35 - 2012-10-29 02:34 - 00000000 ____D C:\Users\Violet_Shift\Documents\My Received Files
2013-12-30 00:20 - 2013-12-29 04:01 - 00000000 __SHD C:\ProgramData\{$4091-8610-6259-6353$}
2013-12-29 04:03 - 2013-08-10 00:14 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-29 04:03 - 2013-07-03 04:12 - 00000000 ____D C:\Users\Violet_Shift\Documents\ARES
2013-12-29 04:03 - 2012-12-30 12:17 - 00000000 ____D C:\Users\Violet_Shift\Documents\Osmos
2013-12-29 04:03 - 2012-10-28 17:36 - 00000000 ____D C:\Users\Violet_Shift\AppData\Local\VirtualStore
2013-12-29 04:01 - 2013-12-29 04:01 - 00000000 _____ C:\Users\Violet_Shift\AppData\Roaming\system.ini
2013-12-29 04:00 - 2013-12-29 04:00 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Google
2013-12-28 22:39 - 2013-12-13 11:43 - 00000000 ____D C:\Users\Violet_Shift\Desktop\Master's 3rd experiment
2013-12-28 11:35 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-26 22:20 - 2012-10-29 14:19 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-26 20:17 - 2013-08-23 02:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(23)
2013-12-26 16:10 - 2013-12-26 16:10 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\3909
2013-12-22 10:41 - 2013-12-22 10:41 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-22 10:41 - 2013-12-22 10:41 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00065776 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-22 10:41 - 2013-12-22 10:41 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-22 10:41 - 2013-12-22 10:41 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\AVAST Software
2013-12-22 10:40 - 2013-12-22 10:40 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-22 10:40 - 2013-12-22 10:40 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-21 23:23 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-21 22:51 - 2013-12-21 22:51 - 00001446 _____ C:\Users\Violet_Shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-21 22:23 - 2013-12-15 11:28 - 00257024 ___SH C:\Users\Violet_Shift\Documents\Thumbs.db
2013-12-21 03:48 - 2013-12-21 03:48 - 00000159 ___RH C:\WINDOWS\ctfile.rfc
2013-12-21 03:48 - 2013-11-06 15:13 - 00466520 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-12-21 03:48 - 2013-11-06 15:13 - 00445016 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2013-12-21 03:48 - 2013-11-06 15:13 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-12-21 03:48 - 2013-11-06 15:13 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2013-12-21 03:44 - 2012-10-30 19:39 - 00000000 ____D C:\Program Files (x86)\Creative
2013-12-21 03:41 - 2013-11-06 15:14 - 00000000 ____D C:\ProgramData\Creative
2013-12-21 03:36 - 2013-12-21 03:36 - 00002345 _____ C:\Users\Public\Desktop\Creative Product Registration.lnk
2013-12-21 03:25 - 2013-08-23 04:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-21 03:25 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-21 03:25 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2013-12-21 03:25 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2013-12-21 03:25 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-21 03:25 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-21 03:25 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-21 02:59 - 2013-12-21 02:59 - 00000000 ____D C:\Users\Violet_Shift\AppData\Roaming\Red Alert 3 Uprising
2013-12-21 02:58 - 2013-12-21 02:58 - 00004991 _____ C:\Users\Violet_Shift\Desktop\lis-3.txt
2013-12-21 02:34 - 2013-12-21 02:33 - 00020287 _____ C:\Users\Violet_Shift\Desktop\lis-2.txt
2013-12-20 16:09 - 2013-12-20 16:13 - 41207626 ____N C:\Users\Violet_Shift\Desktop\20131220_160855.mp4
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 _____ C:\Users\Violet_Shift\Desktop\New Bitmap Image.bmp
2013-12-19 22:45 - 2013-12-19 22:45 - 00045913 _____ C:\Users\Violet_Shift\Desktop\stuff.txt
2013-12-19 00:01 - 2013-12-19 00:01 - 00036490 _____ C:\Users\Violet_Shift\Desktop\ben.txt
2013-12-17 14:31 - 2013-12-17 14:30 - 00024866 _____ C:\Users\Violet_Shift\Desktop\lis.txt
2013-12-17 09:15 - 2013-08-14 22:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-13 09:12 - 2013-08-23 03:44 - 00379336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-13 09:12 - 2012-10-28 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-13 09:12 - 2012-10-28 17:36 - 00000000 ___RD C:\Users\Violet_Shift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-13 09:11 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-12-13 09:11 - 2013-08-23 04:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-12-12 15:38 - 2012-07-26 18:26 - 00000188 _____ C:\WINDOWS\win.ini
2013-12-12 08:23 - 2012-11-27 11:44 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-11 19:30 - 2012-10-28 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 07:21 - 2012-10-28 23:37 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-08 06:56 - 2013-12-08 06:55 - 00036781 _____ C:\Users\Violet_Shift\Desktop\stupidargument.txt
2013-12-04 13:05 - 2013-08-23 04:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 13:05 - 2013-08-23 04:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 14:04 - 2013-12-03 14:04 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-12-03 14:04 - 2013-12-03 14:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-12-03 14:04 - 2013-12-03 14:04 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-12-03 14:04 - 2013-12-03 14:04 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-12-03 14:04 - 2013-12-03 14:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2013-12-03 14:01 - 2013-12-03 14:01 - 00000000 ____D C:\Users\Violet_Shift\Desktop\SCP - Containment Breach v0.8.2

Files to move or delete:
====================
C:\Users\Violet_Shift\AppData\Roaming\system.ini
C:\Users\Violet_Shift\AppData\Roaming\msconfig.ini


Some content of TEMP:
====================
C:\Users\Violet_Shift\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Violet_Shift\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Violet_Shift\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Violet_Shift\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Violet_Shift\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-01 23:10

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by Violet_Shift at 2014-01-02 12:17:53
Running from C:\Users\Violet_Shift\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.2.2.28500 - BitTorrent Inc.)
A.R.E.S. (x32 Version: - Extend Studio)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Alien Breed 2: Assault (x32 Version: - )
Aliens vs. Predator (x32 Version: - Rebellion)
Alpha Prime (x32 Version: - Black Element Software)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Amnesia: The Dark Descent (x32 Version: - )
Anomaly Warzone Earth (x32 Version: - )
Application Profiles (x32 Version: 2.0.4719.35969 - Advanced Micro Devices, Inc.)
Audiosurf (x32 Version: - BestGameEver)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Bastion (x32 Version: - Supergiant Games)
Battlefield 3™ (x32 Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.1 - EA Digital Illusions CE AB)
Beat Hazard (x32 Version: - )
BioShock Infinite (x32 Version: - Irrational Games)
BIT.TRIP RUNNER (x32 Version: - Gaijin Games)
Braid (x32 Version: - Number None, Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MP Navigator EX 2.0 (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
CanoScan LiDE 100 Scanner Driver (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.00 - Piriform)
Command & Conquer™ Red Alert™ 3 Uprising (x32 Version: 1.0.1.0 - Electronic Arts)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
ConEdit - Deus Ex Conversation Editor (x32 Version: - )
Creative ALchemy (x32 Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (x32 Version: 3.00 - Creative Technology Limited)
Creative AutoMode Switcher (x32 Version: 1.00 - Creative Technology Limited)
Creative Console Launcher (x32 Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (x32 Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version: 1.03 - Creative Technology Limited)
Crysis WARHEAD® (x32 Version: - Electronic Arts)
Crysis WARHEAD® (x32 Version: 1.0 - Crytek) Hidden
Crysis® (x32 Version: 1.21.0000 - Electronic Arts)
Crysis® 2 (x32 Version: 1.0.0.0 - Electronic Arts)
Crysis®3 (x32 Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders (x32 Version: - Vigil Games)
DarksidersInstaller (x32 Version: 1.00.1000 - THQ)
DC++ 0.811 (x32 Version: 0.811 - Jacek Sieka)
Dead Island (x32 Version: - Techland)
Dear Esther (x32 Version: - )
Defense Grid: The Awakening (x32 Version: - Hidden Path Entertainment)
Deus Ex - HDTP (x32 Version: - )
Deus Ex - Invisible War (x32 Version: 1.2 - )
Deus Ex - Invisible War Unified Texture Pack, ver. 1.0 (x32 Version: - John P.)
Deus Ex (x32 Version: - )
Deus Ex New Vision (x32 Version: 1.5 - DaveW)
Deus Ex: Human Revolution - The Missing Link (x32 Version: - Eidos Montreal)
Deus Ex: Human Revolution (x32 Version: - Eidos Montreal)
Divinity II: Developer's Cut (x32 Version: - Larian Studios)
Dolby Axon - 1.5.0.1 (x32 Version: 1.5.0.1 - Dolby Laboratories)
Dolby Digital Live Pack (x32 Version: 3.00 - Creative Technology Limited)
Dragon Age II (x32 Version: 1.04 - Electronic Arts, Inc.)
Dragon Age: Origins (x32 Version: 1.05 - Electronic Arts, Inc.)
Dreamkiller (x32 Version: - Mindware Studios)
Dropbox (HKCU Version: 2.0.26 - Dropbox, Inc.)
DTS Connect Pack (x32 Version: 1.00 - Creative Technology Limited)
Dungeon Siege (x32 Version: - )
Dungeon Siege 2 (x32 Version: - )
Dungeon Siege III (x32 Version: - Obsidian Entertainment)
EA Installer (x32 Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
EA Shared Game Component: Activation (x32 Version: 2.2.0.62 - Electronic Arts)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
F.E.A.R. 2: Project Origin (x32 Version: - Monolith Productions, Inc.)
F.E.A.R. 3 (x32 Version: - Day 1 Studios)
Faerie Solitaire (x32 Version: - Subsoap)
Fallout: New Vegas (x32 Version: - Bethesda Softworks)
Futuremark SystemInfo (x32 Version: 4.15.0 - Futuremark Corporation)
GameRanger (HKCU Version: - GameRanger Technologies)
Ghost Master (x32 Version: - Empire Interactive)
gnuplot 4.6.3 (x32 Version: 4.6.3 - gnuplot development team)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Gratuitous Space Battles (x32 Version: - Positech Games)
Half-Life 2 (x32 Version: - Valve)
Hard Reset (x32 Version: - Flying Wild Hog)
HD Tune Pro 5.00 (x32 Version: - EFD Software)
Hydrophobia: Prophecy (x32 Version: - Dark Energy Digital)
Intel® Rapid Storage Technology (x32 Version: 11.2.0.1006 - Intel Corporation)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Just Cause 2 (x32 Version: - Avalanche Studios)
Killing Floor (x32 Version: - Tripwire Interactive)
Kingdoms of Amalur: Reckoning (x32 Version: 1.0.0.0 - Electronic Arts)
K-Lite Codec Pack 9.8.5 (Standard) (x32 Version: 9.8.5 - )
Lara Croft and the Guardian of Light (x32 Version: - Crystal Dynamics)
Left 4 Dead (x32 Version: - Valve)
Left 4 Dead 2 (x32 Version: - Valve)
LIMBO (x32 Version: - )
Logitech Webcam Software (x32 Version: 2.80 - Logitech Inc.)
Lone Survivor (x32 Version: - )
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mafia (x32 Version: - 2K Games)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mark of the Ninja (x32 Version: - Klei Entertainment)
Medal of Honor ™ (x32 Version: 1.0.0.0 - Electronic Arts)
Messenger Plus! 6 (x32 Version: 6.00.0.773 - Yuna Software)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Mirror's Edge™ (x32 Version: 1.0.1.0 - Electronic Arts)
MotioninJoy Gamepad tool 0.7.0000 (Version: 0.7.0000 - www.motioninjoy.com)
Mount & Blade (x32 Version: - Tale Worlds)
Mount & Blade: Warband (x32 Version: - Tale Worlds)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MPC-HC 1.6.4.6052 (64-bit) (Version: 1.6.4.6052 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nation Red (x32 Version: - Diezel Power)
Notepad++ (x32 Version: 6.4.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
NyxQuest (x32 Version: - )
Oblivion (x32 Version: 1.00.0000 - Bethesda Softworks)
OpenAL (x32 Version: - )
Origin (x32 Version: 9.0.15.65 - Electronic Arts, Inc.)
Osmos (x32 Version: - Hemisphere Games)
Papers, Please (x32 Version: - 3909)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PlanetSide 2 (x32 Version: - Sony Online Entertainment)
Portal (x32 Version: - Valve)
Portal 2 (x32 Version: - Valve)
POSTAL 2 Complete (x32 Version: - Running With Scissors)
Prince of Persia (x32 Version: - Ubisoft)
Prince of Persia: The Sands of Time (x32 Version: - Ubisoft)
Psychonauts (x32 Version: - Double Fine Productions, Inc.)
PunkBuster Services (x32 Version: 0.986 - Even Balance, Inc.)
RAGE (x32 Version: - )
Raptor (x32 Version: 3.0 - DotEmu)
Razer Mamba (x32 Version: 2.04.00 - Razer USA Ltd.)
Razer Synapse 2.0 (x32 Version: 1.9.5 - Razer USA Ltd.)
Razor2: Hidden Skies (x32 Version: - )
Remember Me (x32 Version: - DONTNOD Entertainment)
Renegade Ops (x32 Version: - Avalanche Studios)
Sacred 2 Gold (x32 Version: - Ascaron)
Sacred Citadel (x32 Version: - Southend)
Saints Row 2 (x32 Version: - Volition)
Saints Row: The Third (x32 Version: - Volition)
Sanctum (x32 Version: - )
Section 8: Prejudice (x32 Version: - Timegate Studios, Inc)
Security Task Manager 1.8g (x32 Version: 1.8g - Neuber Software)
SimCity 4 Rush Hour (x32 Version: - )
Sine Mora (x32 Version: - )
SkyDrift (x32 Version: - Digital Reality)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sniper Ghost Warrior 2 (x32 Version: - City Interactive)
Sniper: Ghost Warrior (x32 Version: - City Interactive S.A.)
Sound Blaster X-Fi (x32 Version: 1.0 - )
Spec Ops: The Line (x32 Version: - YAGER)
SpeedFan (remove only) (x32 Version: - )
SpellForce 2 - Faith in Destiny (x32 Version: - )
Spellforce: Platinum Edition (x32 Version: - Phenomic Game Development)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Strike Suit Infinity (x32 Version: - Born Ready Games Ltd.)
Strike Suit Zero (x32 Version: - Born Ready Games Ltd.)
Super Meat Boy (x32 Version: - )
Superbrothers: Sword & Sworcery EP (x32 Version: - )
Supreme Commander 2 (x32 Version: - Gas Powered Games)
Take On Helicopters (x32 Version: - Bohemia Interactive)
TechPowerUp GPU-Z (x32 Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (x32 Version: - Bethesda Game Studios)
The Polynomial (x32 Version: - Dmytry Lavrov)
The Stanley Parable (x32 Version: - Galactic Cafe)
The Witcher (x32 Version: 1.00.0000 - CD Projekt Red)
The Witcher 2 (x32 Version: 1.00.0000 - CD Projekt Red)
The Witcher Enhanced Edition - "Side Effects" (x32 Version: 1.0.0.0000 - CD Projekt Red)
The Witcher Enhanced Edition - "The Price of Neutrality" (x32 Version: 1.0.0.0000 - CD Projekt Red)
THX Setup Console (x32 Version: - )
Tomb Raider (x32 Version: - Crystal Dynamics)
Total War: SHOGUN 2 (x32 Version: - The Creative Assembly)
Trine (x32 Version: - Frozenbyte)
Trine 2 (x32 Version: - )
Universe Sandbox (x32 Version: - )
Unofficial Oblivion Patch v3.4.4 (x32 Version: 3.4.4 - Quarn, Kivan, and Arthmoor)
Unreal Tournament 3: Black Edition (x32 Version: - Epic Games)
Velvet Assassin (x32 Version: - Replay Studios)
VLC media player 2.0.6 (x32 Version: 2.0.6 - VideoLAN)
Volume Panel (x32 Version: 2.21 - Creative Technology Limited)
Wasteland Angel (x32 Version: - )
Winamp (x32 Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH)
World of Goo (x32 Version: - 2D Boy)
Yahoo! Messenger (x32 Version: - Yahoo! Inc.)
Yahoo! Software Update (x32 Version: - )
Yahoo!New Zealand Toolbar (x32 Version: - )
Your Doodles Are Bugged! (x32 Version: - )
Zombie Driver (x32 Version: - EXOR Studios)

==================== Restore Points =========================

16-12-2013 20:13:57 Windows Update
20-12-2013 13:49:07 Installed DirectX
21-12-2013 21:40:46 avast! antivirus system restore point
29-12-2013 17:31:51 Scheduled Checkpoint
31-12-2013 03:54:35 Device Driver Package Install: ELAN Universal Serial Bus controllers
31-12-2013 05:39:40 Restore Operation

==================== Hosts content: ==========================

2013-08-23 02:25 - 2013-08-23 02:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-23] (Microsoft Corporation)
Task: {3FC0960F-7EA6-4873-8286-45A08F9DDDB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-22] (AVAST Software)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {92BCB560-2BCF-4C31-89C1-2C9D93E5409E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {958770F7-9FDB-4BF9-B355-5373AD211AF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {9BA56C68-36AF-47C9-81D1-CDC27EE532AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {9CF3129C-149D-4881-8669-6F790A5C0DDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-01] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F177EA75-E60B-4272-8700-DABA5E4A91C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-26] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-01-01 08:02 - 2014-01-01 06:55 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\13123101\algo.dll
2014-01-02 08:04 - 2014-01-02 05:50 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010101\algo.dll
2013-03-14 09:48 - 2013-03-14 09:48 - 24978944 _____ () C:\Users\Violet_Shift\AppData\Roaming\Dropbox\bin\libcef.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2012-12-18 18:32 - 2012-12-18 18:32 - 00002560 _____ () C:\WINDOWS\SYSTEM32\CTXFIRES.DLL
2013-12-22 10:41 - 2013-12-22 10:41 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-31 14:06 - 2013-11-07 10:48 - 00691200 _____ () E:\Games\Steam\SDL2.dll
2013-12-31 14:06 - 2013-12-12 08:40 - 01135016 _____ () E:\Games\Steam\bin\chromehtml.DLL
2013-12-31 14:06 - 2013-11-07 10:48 - 20625832 _____ () E:\Games\Steam\bin\libcef.dll
2013-12-31 14:06 - 2013-06-15 12:49 - 01100800 _____ () E:\Games\Steam\bin\avcodec-53.dll
2013-12-31 14:06 - 2013-06-15 12:49 - 00124416 _____ () E:\Games\Steam\bin\avutil-51.dll
2013-12-31 14:06 - 2013-06-15 12:49 - 00192000 _____ () E:\Games\Steam\bin\avformat-53.dll
2013-02-24 23:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-02-24 23:26 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2012-10-28 17:52 - 2013-12-11 19:30 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Violet_Shift\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 00:16:45 PM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (01/02/2014 00:16:45 PM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: An attempt to open the file "C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/02/2014 00:16:35 PM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (01/02/2014 00:16:35 PM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: An attempt to open the file "C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/02/2014 00:16:25 PM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (01/02/2014 00:16:25 PM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: An attempt to open the file "C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/02/2014 11:49:00 AM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (01/02/2014 11:49:00 AM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: An attempt to open the file "C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/02/2014 11:48:50 AM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (01/02/2014 11:48:50 AM) (Source: ESENT) (User: )
Description: DllHost (3096) WebCacheLocal: An attempt to open the file "C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (01/02/2014 10:00:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2014 04:11:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2014 04:04:51 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/01/2014 04:04:51 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/01/2014 00:52:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2014 00:48:29 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/01/2014 00:48:29 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/01/2014 00:45:23 PM) (Source: DCOM) (User: NATALYA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/01/2014 00:45:23 PM) (Source: DCOM) (User: NATALYA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/01/2014 10:00:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (01/02/2014 00:18:09 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: -1032

Error: (01/02/2014 00:18:09 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/02/2014 00:16:45 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: -1032

Error: (01/02/2014 00:16:45 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/02/2014 00:16:35 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: -1032

Error: (01/02/2014 00:16:35 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/02/2014 00:16:25 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: -1032

Error: (01/02/2014 00:16:25 PM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/02/2014 11:49:00 AM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: -1032

Error: (01/02/2014 11:49:00 AM) (Source: ESENT)(User: )
Description: DllHost3096WebCacheLocal: C:\Users\Violet_Shift\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.


CodeIntegrity Errors:
===================================
Date: 2014-01-02 12:17:53.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 12:17:52.650
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 12:17:52.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 12:17:50.836
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 12:17:45.052
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 12:17:39.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 12:17:39.259
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 12:16:46.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 11:58:48.515
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-02 11:58:41.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTOPT352.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 6135.06 MB
Available physical RAM: 3701.92 MB
Total Pagefile: 7159.06 MB
Available Pagefile: 2882.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.9 GB) (Free:60.02 GB) NTFS
Drive e: (RAID-5 Data Dump) (Fixed) (Total:8383.43 GB) (Free:6963.23 GB) NTFS
Drive f: (Data Disk) (Fixed) (Total:372.61 GB) (Free:21.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8384 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: F123C8F1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 373 GB) (Disk ID: A0AFD593)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Violet_Shift,

Download and run TFC.exe (Vista and above users right click and run as Administrator).

You may be asked to reboot when it is finished. Please do so.

After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#5
Violet_Shift

Violet_Shift

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okay, done and done. Took about six hours because of the time it took to get through my RAID.

Here's the (thankfully rather short) log.

C:\Users\All Users\{$4091-8610-6259-6353$}\4813394.exe a variant of MSIL/Injector.CKD trojan
C:\Users\All Users\{$4091-8610-6259-6353$}\chost.exe a variant of MSIL/Injector.CKD trojan
C:\Users\All Users\{$5951-8557-1735-5876$}\2890964.exe a variant of MSIL/Injector.CKD trojan
C:\Users\All Users\{$5951-8557-1735-5876$}\Intel® Common User Interfacet.exe a variant of MSIL/Injector.CKD trojan
C:\ProgramData\{$4091-8610-6259-6353$}\4813394.exe a variant of MSIL/Injector.CKD trojan cleaned by deleting - quarantined
C:\ProgramData\{$4091-8610-6259-6353$}\chost.exe a variant of MSIL/Injector.CKD trojan cleaned by deleting - quarantined
C:\ProgramData\{$5951-8557-1735-5876$}\2890964.exe a variant of MSIL/Injector.CKD trojan cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\{$5951-8557-1735-5876$}\Intel® Common User Interfacet.exe a variant of MSIL/Injector.CKD trojan cleaned by deleting - quarantined


It seemed it was unable to get rid of about half of the nasties.
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

It seemed it was unable to get rid of about half of the nasties.


If you are referring to the ones ESET found, it is reporting that they were quarantined unless I am missing something.

How is your machine now?
  • 0

#7
Violet_Shift

Violet_Shift

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It's still behaving weirdly.Seems more likely that I'll have to format.

I'm talking about the fist four... they seem to have a different path, and they were highlighted red by ESET.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
By the way I meant to tell you that cvtres.exe in the location on your machine is not bad. The bad one with the same name is located in "\%AppData%\Local\Temp\".

I'm talking about the fist four... they seem to have a different path, and they were highlighted red by ESET.


They look the same to me... just that "cleaned by deleting - quarantined" has been added.

Couple of things before we look further:

1. Did you reboot your computer after the ESET scan? One of those files can't be removed until next reboot.

2. Did this problem happen after you did something (say used a registry cleaner or perhaps installed a new program) or after an update to Windows or your Anti-Virus.

Edit:

On having another look at those files I do see what you mean. Their paths are different. :whistling:

We will have a look at that when you come back.

Edited by emeraldnzl, 02 January 2014 - 07:36 PM.
correction

  • 0

#9
Violet_Shift

Violet_Shift

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Checking the system uptime, yes I have rebooted. I think I did immediately after the scan.

This problem started happening after I was setting up a peripheral. I had to reboot to install unsigned drivers, and this was the first time I'd rebooted since the malware exposure (which happened a few days prior). The drivers were my first port of call for a culprit, but they've been erased and dealt with, and the problem persists. I think the whatever it was finally kicked into action with that reboot.
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Biscuithd who was helping you in your earlier thread has suggested that you might have a particular infection that does in fact compromise cvtres.exe even in it's correct location.

We need to cover that possibility. Because this infection attempts to interfere with our tools we need to take a different approach to using the one we want - Malwarebytes.

Please follow these instructions:

  • Open the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
  • Once there, open the Chameleon folder
  • Next, double-click on svchost.exe. This should result in a black DOS/command prompt window opening up.
  • Ensure that you are connected to the internet.
  • Follow the onscreen instructions to press a key to continue and Chameleon will proceed to update Malwarebytes Anti-Malware.
  • Click OK when it says that the database was updated successfully
  • Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
  • Upon completion of the scan, if anything has been detected, click on Show Results
  • Have Malwarebytes remove any threats that are detected by clicking Remove Selected and click Yes if prompted to reboot your computer to allow the removal process to complete
  • After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats
  • The logs are automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire reports in your next reply.

  • 0

Advertisements


#11
Violet_Shift

Violet_Shift

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
MBAM hit something else this time around. I rebooted but still no luck. Still having the same performance issues... but only with certain applications.

If it's messing with cvtres.exe maybe it's causing problems with the .NET interpreter? I'm not sure. MBAM also seems to be slowed down significantly, or maybe it's just a slow program. Not sure.

Here's the log.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.03.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Violet_Shift :: NATALYA [administrator]

Protection: Enabled

3/01/2014 8:03:57 p.m.
mbam-log-2014-01-03 (20-03-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237909
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Violet_Shift\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Looks like MBAM did find something there though. Thanks to Biscuithd for seeing that one. New to me Lol.

By the way did you run another quick scan with MBAM just to make sure it got everything?

Turning to the ESET ones. I am not a Techie but I think when you remove an item from ProgramData it removes it from \Users\All Users. From Vista on I believe ProgramData contains all user data. Having said that Win 8.1 is different animal again so maybe I could be corrected there.

Now

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]
  • 0

#13
Violet_Shift

Violet_Shift

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here's the log from that program.

Farbar Service Scanner Version: 05-12-2013
Ran by Violet_Shift (administrator) on 04-01-2014 at 13:11:40
Running from "C:\Users\Violet_Shift\Downloads"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-23 02:25] - [2013-08-23 02:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-17 17:29] - [2013-10-08 23:13] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A

C:\Windows\System32\dnsrslvr.dll
[2013-11-17 17:29] - [2013-10-08 18:48] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-14 05:33] - [2013-10-13 10:48] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-17 17:29] - [2013-10-07 15:13] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2013-11-17 17:29] - [2013-09-14 22:11] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50

C:\Windows\System32\iphlpsvc.dll
[2013-11-17 17:29] - [2013-10-08 17:50] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Go here for instructions on how to run System File Scanner in Win 8 and Win 8.1

Come back and tell me if there is any change in your machine.
  • 0

#15
Violet_Shift

Violet_Shift

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran SFC 3 times - from safe mode, from Windows normally, and at boot time.

Sadly they all came with the same error - apparently there are broken files that it can't fix.

It says there was some log file, but when I try to access it it just tells me access was denied.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP