Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I have istart123 junk [Solved]

Started by War Man , Aug 18 2014 02:55 PM

This topic is locked

#1
War Man

Posted 18 August 2014 - 02:55 PM

Member

Member
32 posts

I received istart123 by accident and want it removed. The removal guides all say to go to control panel and delete anything related to it, but I don't know which ones.

PC is 64 bit Windows 7

Avast and Malware bytes are my AV software.

#2
dbreeze

Posted 18 August 2014 - 03:13 PM

Trusted Helper

Malware Removal
2,216 posts

Hi War Man,

Welcome back to Geeks to Go (or not as the case may be). My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....

First .....

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Second .....

Malwarebytes Anti-Rootkit scan

Download Malwarebytes Anti-Rootkit from here to your desktop.
Run the file and follow the onscreen instructions to extract it to your desktop (by default)
Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats
When the scan is finished, even if malware is found, please do not click the CleanUp button. Just exit the program; it will make a log file as it closes.
On your desktop is a folder named mbar; inside it is a log file named mbar-log-date(time).txt. Please open this file and copy / paste the text here for review.

Things to include in your reply(s):

Any questions you have.
The FRST.txt log text.
The Addition.txt log text.
The MBAR log text.

Thank you for understanding and your help.

#3
War Man

Posted 19 August 2014 - 01:18 PM

Member

Topic Starter
Member
32 posts

What should do I about my homepage, it got changed to istart 123 and I clicked on reset to default on mozilla

firefox settings and it still didn't change. Darn thing tampered with the settings., same with internet explorer.

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by SEAN (administrator) on SEAN-PC on 19-08-2014 13:49:58
Running from C:\Users\SEAN\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\SEAN\Desktop\ccsetup415.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-29] (Microsoft Corporation)
HKU\S-1-5-21-3327738456-3466891826-1031852044-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-130 revD\wirelesscm.exe (D-Link)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 198.201.17.5

FireFox:
========
FF ProfilePath: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\firefox-add-ons.xml
FF Extension: EPUBReader - C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-02]
FF Extension: DuckDuckComplete! - C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\[email protected] [2013-09-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-01]
FF HKCU\...\Firefox\Extensions: [{DB6CA0D1-1B64-F610-6CB7-F7CEC993AD15}] - C:\Program Files (x86)\click-n-mark-soft\174.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-08-28] (Hi-Rez Studios) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-130 revD\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-01] ()
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1403334642\mediadev.exe" [X]
S2 WinDevSrv; "C:\ProgramData\UpdateServer\1403673398\webdev.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [228864 2010-04-02] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [538112 2008-07-01] (Atheros Communications, Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-01] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-01] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-01] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-01] ()
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-04-28] (Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2009-10-09] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 13:49 - 2014-08-19 13:50 - 00012605 _____ () C:\Users\SEAN\Desktop\FRST.txt
2014-08-19 13:48 - 2014-08-19 13:50 - 00000000 ____D () C:\FRST
2014-08-19 13:46 - 2014-08-19 13:46 - 02101760 _____ (Farbar) C:\Users\SEAN\Desktop\ccsetup415.exe
2014-08-18 02:39 - 2014-08-18 02:39 - 00000953 _____ () C:\Users\SEAN\.recently-used.xbel
2014-08-13 15:35 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 15:35 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 15:35 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 15:35 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 15:35 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 15:35 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 15:35 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 15:35 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 13:49 - 2014-07-15 22:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:49 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:49 - 2014-07-15 21:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:49 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:49 - 2014-07-15 21:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:49 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:49 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:49 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:49 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:49 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:49 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:49 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:49 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:48 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:48 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 13:48 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:48 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:48 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:48 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:48 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:48 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:48 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:48 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:48 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:48 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:48 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:48 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:48 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:48 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:48 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:48 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:48 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:48 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:48 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:48 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:48 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:48 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:48 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:48 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:48 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:48 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:48 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:48 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:48 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:48 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:48 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:48 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:48 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:48 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:48 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:48 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:48 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:48 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:48 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:48 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:48 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:48 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:48 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:48 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:48 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:48 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:48 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:48 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:48 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:48 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:48 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:48 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:48 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:48 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:48 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:48 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:48 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:48 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:48 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 14:49 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 14:49 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 14:49 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 14:49 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 14:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 14:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 14:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 14:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 17:08 - 2014-07-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 13:50 - 2014-08-19 13:49 - 00012605 _____ () C:\Users\SEAN\Desktop\FRST.txt
2014-08-19 13:50 - 2014-08-19 13:48 - 00000000 ____D () C:\FRST
2014-08-19 13:46 - 2014-08-19 13:46 - 02101760 _____ (Farbar) C:\Users\SEAN\Desktop\ccsetup415.exe
2014-08-19 13:44 - 2009-07-13 23:45 - 00295936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 00:17 - 2014-03-25 16:41 - 00000000 ____D () C:\ProgramData\Army Builder
2014-08-18 21:53 - 2010-12-30 14:10 - 01251391 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 21:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 20:26 - 2014-05-09 17:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 18:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:59 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:53 - 2011-01-18 21:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-18 18:51 - 2014-07-07 19:29 - 00010248 _____ () C:\Windows\setupact.log
2014-08-18 18:51 - 2011-06-01 13:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-18 18:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 16:00 - 2010-12-30 16:01 - 00595326 _____ () C:\Windows\PFRO.log
2014-08-18 15:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-08-18 13:38 - 2011-05-14 00:05 - 00001350 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-18 13:38 - 2011-01-01 02:09 - 00000000 ____D () C:\Users\SEAN\AppData\Local\CrashDumps
2014-08-18 13:38 - 2010-12-30 14:18 - 00001625 _____ () C:\Users\SEAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 02:40 - 2011-07-29 20:28 - 00000000 ____D () C:\Users\SEAN\.gimp-2.6
2014-08-18 02:39 - 2014-08-18 02:39 - 00000953 _____ () C:\Users\SEAN\.recently-used.xbel
2014-08-18 02:39 - 2010-12-30 14:11 - 00000000 ____D () C:\Users\SEAN
2014-08-18 02:11 - 2013-09-26 15:49 - 00000000 ____D () C:\Users\SEAN\Documents\A ti3 vassal game and Twilight Imperium
2014-08-18 02:11 - 2012-04-19 13:52 - 00000000 ____D () C:\Users\SEAN\Documents\1 Game concepts
2014-08-17 23:14 - 2011-03-05 01:25 - 00000000 ____D () C:\Users\SEAN\AppData\Roaming\Skype
2014-08-13 18:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:41 - 2013-08-29 01:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:39 - 2011-01-09 16:26 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 15:34 - 2014-04-30 00:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 00:33 - 2014-01-17 12:27 - 00000000 ____D () C:\Users\SEAN\Documents\1 Other text
2014-08-10 17:36 - 2011-03-05 01:25 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 00:10 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 21:06 - 2014-08-13 13:48 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-13 13:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 18:41 - 2014-08-13 13:48 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-13 13:48 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:11 - 2012-04-25 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 17:08 - 2014-07-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 09:52 - 2014-08-13 13:48 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 09:02 - 2014-08-13 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 09:01 - 2014-08-13 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 08:51 - 2014-08-13 13:48 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 08:30 - 2014-08-13 13:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 08:28 - 2014-08-13 13:48 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 08:28 - 2014-08-13 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 08:25 - 2014-08-13 13:48 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-13 13:48 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 08:11 - 2014-08-13 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 08:10 - 2014-08-13 13:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 08:04 - 2014-08-13 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 08:03 - 2014-08-13 13:48 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 08:00 - 2014-08-13 13:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 08:00 - 2014-08-13 13:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 07:59 - 2014-08-13 13:48 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 07:47 - 2014-08-13 13:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 07:40 - 2014-08-13 13:48 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-13 13:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 07:34 - 2014-08-13 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 07:33 - 2014-08-13 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 07:30 - 2014-08-13 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-13 13:48 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 07:28 - 2014-08-13 13:48 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:21 - 2014-08-13 13:48 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 07:19 - 2014-08-13 13:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 07:18 - 2014-08-13 13:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 07:17 - 2014-08-13 13:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 07:17 - 2014-08-13 13:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 07:12 - 2014-08-13 13:48 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 07:10 - 2014-08-13 13:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 07:10 - 2014-08-13 13:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 07:08 - 2014-08-13 13:48 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-13 13:48 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-13 13:48 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-13 13:48 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-13 13:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-13 13:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-13 13:48 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 06:39 - 2014-08-13 13:48 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 06:36 - 2014-08-13 13:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 06:34 - 2014-08-13 13:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-13 13:48 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-13 13:48 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-13 13:48 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 06:07 - 2014-08-13 13:48 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 06:07 - 2014-08-13 13:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 06:03 - 2014-08-13 13:48 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-13 13:48 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 05:26 - 2014-08-13 13:48 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-13 13:48 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-13 13:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-13 13:48 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-13 13:48 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 16:26 - 2012-06-09 09:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 16:26 - 2012-06-09 09:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 15:36 - 2012-06-09 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 07:42 - 2012-03-31 20:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-20 07:42 - 2011-05-18 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 21:05

==================== End Of Log ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by SEAN at 2014-08-19 13:50:50
Running from C:\Users\SEAN\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Advanced Tactical Center™ 1.0 (HKLM-x32\...\ATC_is1) (Version: 1.0.0.0 - Foolish Entertainment)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
Army Builder 3.4c (HKLM-x32\...\{43867B63-C464-4570-823D-D92DC08E3400}_is1) (Version: 3.4c - Lone Wolf Development, Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle for Wesnoth 1.10.7 (HKLM-x32\...\Battle for Wesnoth 1.10.7) (Version: 1.10.7 - )
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.1.2.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blood Bowl version 1.2.0.1 (HKLM-x32\...\BloodBowl_is1) (Version: 1.2.0.1 - Cyanide Entertainment)
Command & Conquer™ Red Alert™ 3 Demo (HKLM-x32\...\{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}) (Version: 1.0.1.0 - Electronic Arts)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
DWA-130 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 2.00 - D-Link)
ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
Empires (HKLM-x32\...\Steam App 17740) (Version: - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.01.02 - )
EVGA Precision 2.0.3 (HKLM-x32\...\Precision) (Version: 2.0.3 - EVGA Corporation)
FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Global Agenda Launcher (HKLM-x32\...\{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}) (Version: 1.0.0 - Hi-Rez Studios)
Global Agenda Live (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}) (Version: 1.5.1.5 - Hi-Rez Studios)
gmax (HKLM-x32\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version: - )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.4.6 - Reto-Moto)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Nero 9 Essentials (HKLM-x32\...\{335efe23-626a-4398-92db-35a92a73a7ff}) (Version: - Nero AG)
Nero BurnRights (x32 Version: 3.4.7.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.7.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version: - Uber Entertainment)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Registry Reviver (HKLM-x32\...\{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1) (Version: 2.1.648.9552 - ReviverSoft)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.3.6.19269 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Tribes Ascend Closed Beta (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
VASSAL (3.2.8) (HKLM-x32\...\VASSAL (3.2.8)) (Version: 3.2.8 - vassalengine.org)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - )
Warhammer 40,000: Space Marine Demo (HKLM-x32\...\Steam App 55410) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.3.4.15595 - Blizzard Entertainment)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3327738456-3466891826-1031852044-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\457\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

29-07-2014 17:53:11 Windows Update
31-07-2014 19:48:52 Windows Update
06-08-2014 00:32:37 Windows Update
09-08-2014 01:59:42 Windows Update
13-08-2014 18:42:00 Windows Update
13-08-2014 20:34:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-12 21:13 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3D5C253A-4364-406D-A84A-A455314FA1C8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3327738456-3466891826-1031852044-1000
Task: {4B846711-E5E9-42B5-ACFA-CF7599EEA35E} - System32\Tasks\{A860E591-DBA0-4E4B-ABA4-34948ADAA12E} => Firefox.exe http://ui.skype.com/...led;madedefault
Task: {7A64F620-6DF5-4845-BAA4-7065CF8B2910} - \FF Watcher {85D37433-F054-4AF7-8686-4777B557D9B8} No Task File <==== ATTENTION
Task: {996A8A05-CFFF-4C5A-97D6-7BB5FD6E6C32} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: {A631ED63-0251-4A89-B5D6-482EC39479A0} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {A7E7D307-5F58-4B6A-84A2-77DDCE5F91FC} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-25] (ASUSTeK Computer Inc.)
Task: {EAC7E750-9934-4FF2-B3C6-B37F35CCA42F} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-11-17] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 01:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x9b0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/18/2014 02:39:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e4

Start Time: 01cfbab77399c389

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: c29b5369-26aa-11e4-a08a-20cf30e790ce

Error: (08/16/2014 00:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FDResPub, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wsdapi.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca31
Exception code: 0xc0000005
Fault offset: 0x0000000000057ba6
Faulting process id: 0x814
Faulting application start time: 0xsvchost.exe_FDResPub0
Faulting application path: svchost.exe_FDResPub1
Faulting module path: svchost.exe_FDResPub2
Report Id: svchost.exe_FDResPub3

Error: (08/14/2014 08:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xa30
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/13/2014 06:33:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (08/10/2014 05:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00fbc638
Faulting process id: 0x90c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/09/2014 05:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0006ed38
Faulting process id: 0x5b8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/08/2014 06:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc78
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/01/2014 08:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfeef04bd
Faulting process id: 0xa08
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/26/2014 10:33:43 AM) (Source: BugSplat) (EventID: 1) (User: )
Description: coh2CoH2629981

System errors:
=============
Error: (08/19/2014 01:44:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/19/2014 01:44:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/19/2014 01:44:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/19/2014 01:44:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/19/2014 01:44:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/19/2014 01:44:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/19/2014 01:43:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/19/2014 01:43:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AsIO
AsUpIO
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6

Error: (08/19/2014 02:20:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/19/2014 02:20:08 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:
=========================
Error: (08/18/2014 01:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b9b001cfbb12e4e26a2bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllceb75d07-2706-11e4-b6ae-20cf30e790ce

Error: (08/18/2014 02:39:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.53210e401cfbab77399c3890C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exec29b5369-26aa-11e4-a08a-20cf30e790ce

Error: (08/16/2014 00:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_FDResPub6.1.7600.163854a5bc3c1wsdapi.dll6.1.7601.175144ce7ca31c00000050000000000057ba681401cfb91555f6284cC:\Windows\system32\svchost.exec:\windows\system32\wsdapi.dll9ef5052d-2508-11e4-b5f1-20cf30e790ce

Error: (08/14/2014 08:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500000000a3001cfb826ee778b5dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown4c786803-241a-11e4-adaa-20cf30e790ce

Error: (08/13/2014 06:33:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (08/10/2014 05:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500fbc63890c01cfb4eb0d91b44fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown69ce769f-20de-11e4-b5c3-20cf30e790ce

Error: (08/09/2014 05:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050006ed385b801cfb42273ad2d33C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dllc3acfa00-2015-11e4-a527-20cf30e790ce

Error: (08/08/2014 06:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500000000c7801cfb2fbb4ca7f36C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown0056a87f-1eef-11e4-b97f-20cf30e790ce

Error: (08/01/2014 08:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c0000005feef04bda0801cfadf17ee5378cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknowndc4667e9-19e4-11e4-8ab5-20cf30e790ce

Error: (07/26/2014 10:33:43 AM) (Source: BugSplat) (EventID: 1) (User: )
Description: coh2CoH2629981

CodeIntegrity Errors:
===================================
Date: 2013-08-28 23:28:26.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-28 23:28:26.476
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 12%
Total physical RAM: 6071.05 MB
Available physical RAM: 5325.99 MB
Total Pagefile: 12140.29 MB
Available Pagefile: 11422.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:683.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=917.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

mbar

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.19.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17239
SEAN :: SEAN-PC [administrator]

8/19/2014 1:55:01 PM
mbar-log-2014-08-19 (13-55-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 363670
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#4
dbreeze

Posted 19 August 2014 - 06:33 PM

Trusted Helper

Malware Removal
2,216 posts

Hi War Man,

Thanks for the logs; I am reviewing them now and will get appropriate fixes to you as soon as my Adviser approves them. I do have some questions for you though:

1) Why are you in Safe Mode with Networking? Can you not get to normal boot mode or is this what the removal directions told you to do?

2) Why did you rename FRST when you downloaded it? Would it not run any other way?

Thanks.

#5
War Man

Posted 20 August 2014 - 03:44 AM

Member

Topic Starter
Member
32 posts

Hi War Man,

Thanks for the logs; I am reviewing them now and will get appropriate fixes to you as soon as my Adviser approves them. I do have some questions for you though:

1) Why are you in Safe Mode with Networking? Can you not get to normal boot mode or is this what the removal directions told you to do?

2) Why did you rename FRST when you downloaded it? Would it not run any other way?

Thanks.

I just did it in safe mode as a precaution.

I did not rename FRST, I did used to have it installed during the previous time I asked for help in this forum and may have improperly removed it.

#6
dbreeze

Posted 20 August 2014 - 01:03 PM

Trusted Helper

Malware Removal
2,216 posts

Hello War Man,

I have scanned you logs and have some instructions to start fixing your system. Thanks for letting me know about the mode and renaming.

First ....

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\firefox-add-ons.xml
FF Extension: DuckDuckComplete! - C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\[email protected] [2013-09-22]
FF HKCU\...\Firefox\Extensions: [{DB6CA0D1-1B64-F610-6CB7-F7CEC993AD15}] - C:\Program Files (x86)\click-n-mark-soft\174.xpi
C:\Program Files (x86)\Pando Networks\Media Booster
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\duckduckgo.xml
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\firefox-add-ons.xml
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\[email protected]
C:\Program Files (x86)\click-n-mark-soft
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1403334642\mediadev.exe" [X]
S2 WinDevSrv; "C:\ProgramData\UpdateServer\1403673398\webdev.exe" [X]
C:\ProgramData\MediaDev
C:\ProgramData\UpdateServer
Task: {3D5C253A-4364-406D-A84A-A455314FA1C8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3327738456-3466891826-1031852044-1000
Task: {7A64F620-6DF5-4845-BAA4-7065CF8B2910} - \FF Watcher {85D37433-F054-4AF7-8686-4777B557D9B8} No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

end

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Second ....

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
Click the Report button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Thirdly ......

Run a fresh FRST scan and post the log in a reply.

Right click the FRST64.exe file on your desktop and select "Run as administrator" (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things to include in your next reply ....

The Fixlog.txt log text.
The AdwCleaner log text.
The fresh FRST.txt log text.

#7
War Man

Posted 20 August 2014 - 02:03 PM

Member

Topic Starter
Member
32 posts

Alright, looking at my adware cleaner folder, there is an old AdwCleaner[R0] of July 5, 2014. The newest

adware cleaner text i found was AdwCleaner[R1] so I will post that

Oh and another thing, my Vassal modules got deleted, I can reupload them I just noticed that happen. Just reporting anything unusual happening. Will reuploading them affect what we are doing here? I need it to play PBF board games.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by SEAN at 2014-08-20 14:40:59 Run:1
Running from C:\Users\SEAN\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\firefox-add-ons.xml
FF Extension: DuckDuckComplete! - C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\[email protected] [2013-09-22]
FF HKCU\...\Firefox\Extensions: [{DB6CA0D1-1B64-F610-6CB7-F7CEC993AD15}] - C:\Program Files (x86)\click-n-mark-soft\174.xpi
C:\Program Files (x86)\Pando Networks\Media Booster
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\duckduckgo.xml
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\firefox-add-ons.xml
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\[email protected]
C:\Program Files (x86)\click-n-mark-soft
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1403334642\mediadev.exe" [X]
S2 WinDevSrv; "C:\ProgramData\UpdateServer\1403673398\webdev.exe" [X]
C:\ProgramData\MediaDev
C:\ProgramData\UpdateServer
Task: {3D5C253A-4364-406D-A84A-A455314FA1C8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3327738456-3466891826-1031852044-1000
Task: {7A64F620-6DF5-4845-BAA4-7065CF8B2910} - \FF Watcher {85D37433-F054-4AF7-8686-4777B557D9B8} No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

end
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\duckduckgo.xml => Moved successfully.
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\firefox-add-ons.xml => Moved successfully.
C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\[email protected] => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{DB6CA0D1-1B64-F610-6CB7-F7CEC993AD15} => value deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster => Moved successfully.
"C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\duckduckgo.xml" => File/Directory not found.
"C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\searchplugins\firefox-add-ons.xml" => File/Directory not found.
"C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\[email protected]" => File/Directory not found.
"C:\Program Files (x86)\click-n-mark-soft" => File/Directory not found.
MediaDevSrv => Service deleted successfully.
WinDevSrv => Service deleted successfully.
"C:\ProgramData\MediaDev" => File/Directory not found.
"C:\ProgramData\UpdateServer" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D5C253A-4364-406D-A84A-A455314FA1C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D5C253A-4364-406D-A84A-A455314FA1C8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3327738456-3466891826-1031852044-1000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3327738456-3466891826-1031852044-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A64F620-6DF5-4845-BAA4-7065CF8B2910}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A64F620-6DF5-4845-BAA4-7065CF8B2910}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {85D37433-F054-4AF7-8686-4777B557D9B8}" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

# AdwCleaner v3.307 - Report created 20/08/2014 at 14:52:16
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SEAN - SEAN-PC
# Running from : C:\Users\SEAN\Desktop\adwcleaner_3.307.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.istart123.com/?type=sc&ts=1408387091&from=fimo&uid=ST31000528AS_6VP9A16FXXXX6VP9A16F )
Shortcut Found : C:\Users\SEAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.istart123.com/?type=sc&ts=1408387091&from=fimo&uid=ST31000528AS_6VP9A16FXXXX6VP9A16F )
Shortcut Found : C:\Users\SEAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.istart123.com/?type=sc&ts=1408387091&from=fimo&uid=ST31000528AS_6VP9A16FXXXX6VP9A16F )
Shortcut Found : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.istart123.com/?type=sc&ts=1408387091&from=fimo&uid=ST31000528AS_6VP9A16FXXXX6VP9A16F )
Shortcut Found : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( hxxp://www.istart123.com/?type=sc&ts=1408387091&from=fimo&uid=ST31000528AS_6VP9A16FXXXX6VP9A16F )
Shortcut Found : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk ( hxxp://www.istart123.com/?type=sc&ts=1408387091&from=fimo&uid=ST31000528AS_6VP9A16FXXXX6VP9A16F )
Shortcut Found : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk ( hxxp://www.istart123.com/?type=sc&ts=1408387091&from=fimo&uid=ST31000528AS_6VP9A16FXXXX6VP9A16F )

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3068 octets] - [05/07/2014 15:22:22]
AdwCleaner[R1].txt - [2716 octets] - [20/08/2014 14:52:16]
AdwCleaner[S0].txt - [3091 octets] - [05/07/2014 15:23:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2836 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by SEAN (administrator) on SEAN-PC on 20-08-2014 14:54:16
Running from C:\Users\SEAN\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\SEAN\Desktop\ccsetup415.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-29] (Microsoft Corporation)
HKU\S-1-5-21-3327738456-3466891826-1031852044-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-130 revD\wirelesscm.exe (D-Link)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 198.201.17.5

FireFox:
========
FF ProfilePath: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: EPUBReader - C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-08-28] (Hi-Rez Studios) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-130 revD\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-01] ()
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [228864 2010-04-02] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [538112 2008-07-01] (Atheros Communications, Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-01] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-01] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-01] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-01] ()
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-04-28] (Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2009-10-09] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 14:54 - 2014-08-20 14:54 - 00011429 _____ () C:\Users\SEAN\Desktop\FRST.txt
2014-08-20 14:49 - 2014-08-20 14:49 - 01361671 _____ () C:\Users\SEAN\Desktop\adwcleaner_3.307.exe
2014-08-19 13:54 - 2014-08-19 14:10 - 00000000 ____D () C:\Users\SEAN\Desktop\mbar
2014-08-19 13:54 - 2014-08-19 14:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 13:52 - 2014-08-19 13:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SEAN\Desktop\mbar-1.07.0.1012.exe
2014-08-19 13:48 - 2014-08-20 14:54 - 00000000 ____D () C:\FRST
2014-08-19 13:46 - 2014-08-19 13:46 - 02101760 _____ (Farbar) C:\Users\SEAN\Desktop\ccsetup415.exe
2014-08-18 02:39 - 2014-08-18 02:39 - 00000953 _____ () C:\Users\SEAN\.recently-used.xbel
2014-08-13 15:35 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 15:35 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 15:35 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 15:35 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 15:35 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 15:35 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 15:35 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 15:35 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 13:49 - 2014-07-15 22:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:49 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:49 - 2014-07-15 21:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:49 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:49 - 2014-07-15 21:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:49 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:49 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:49 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:49 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:49 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:49 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:49 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:49 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:48 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:48 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 13:48 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:48 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:48 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:48 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:48 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:48 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:48 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:48 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:48 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:48 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:48 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:48 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:48 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:48 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:48 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:48 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:48 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:48 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:48 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:48 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:48 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:48 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:48 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:48 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:48 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:48 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:48 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:48 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:48 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:48 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:48 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:48 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:48 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:48 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:48 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:48 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:48 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:48 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:48 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:48 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:48 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:48 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:48 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:48 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:48 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:48 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:48 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:48 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:48 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:48 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:48 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:48 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:48 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:48 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:48 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:48 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:48 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:48 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:48 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 14:49 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 14:49 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 14:49 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 14:49 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 14:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 14:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 14:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 14:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 17:08 - 2014-07-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 14:54 - 2014-08-20 14:54 - 00011429 _____ () C:\Users\SEAN\Desktop\FRST.txt
2014-08-20 14:54 - 2014-08-19 13:48 - 00000000 ____D () C:\FRST
2014-08-20 14:52 - 2014-07-05 15:22 - 00000000 ____D () C:\AdwCleaner
2014-08-20 14:49 - 2014-08-20 14:49 - 01361671 _____ () C:\Users\SEAN\Desktop\adwcleaner_3.307.exe
2014-08-20 14:46 - 2009-07-13 23:45 - 00295936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-20 14:45 - 2010-12-30 14:10 - 01291997 _____ () C:\Windows\WindowsUpdate.log
2014-08-20 14:45 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 14:45 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 14:43 - 2011-01-18 21:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-20 14:42 - 2014-06-21 01:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-20 14:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 14:41 - 2014-07-07 19:29 - 00010472 _____ () C:\Windows\setupact.log
2014-08-20 14:41 - 2011-06-01 13:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-20 14:40 - 2011-08-02 12:35 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-20 14:40 - 2011-01-09 16:31 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-20 14:40 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-20 00:19 - 2014-05-09 17:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 14:10 - 2014-08-19 13:54 - 00000000 ____D () C:\Users\SEAN\Desktop\mbar
2014-08-19 14:10 - 2014-08-19 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 13:54 - 2014-05-09 17:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 13:52 - 2014-08-19 13:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SEAN\Desktop\mbar-1.07.0.1012.exe
2014-08-19 13:46 - 2014-08-19 13:46 - 02101760 _____ (Farbar) C:\Users\SEAN\Desktop\ccsetup415.exe
2014-08-19 00:17 - 2014-03-25 16:41 - 00000000 ____D () C:\ProgramData\Army Builder
2014-08-18 21:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 16:00 - 2010-12-30 16:01 - 00595326 _____ () C:\Windows\PFRO.log
2014-08-18 15:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-08-18 13:38 - 2011-05-14 00:05 - 00001350 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-18 13:38 - 2011-01-01 02:09 - 00000000 ____D () C:\Users\SEAN\AppData\Local\CrashDumps
2014-08-18 13:38 - 2010-12-30 14:18 - 00001625 _____ () C:\Users\SEAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 02:40 - 2011-07-29 20:28 - 00000000 ____D () C:\Users\SEAN\.gimp-2.6
2014-08-18 02:39 - 2014-08-18 02:39 - 00000953 _____ () C:\Users\SEAN\.recently-used.xbel
2014-08-18 02:39 - 2010-12-30 14:11 - 00000000 ____D () C:\Users\SEAN
2014-08-18 02:11 - 2013-09-26 15:49 - 00000000 ____D () C:\Users\SEAN\Documents\A ti3 vassal game and Twilight Imperium
2014-08-18 02:11 - 2012-04-19 13:52 - 00000000 ____D () C:\Users\SEAN\Documents\1 Game concepts
2014-08-17 23:14 - 2011-03-05 01:25 - 00000000 ____D () C:\Users\SEAN\AppData\Roaming\Skype
2014-08-13 18:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:41 - 2013-08-29 01:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:39 - 2011-01-09 16:26 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 15:34 - 2014-04-30 00:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 00:33 - 2014-01-17 12:27 - 00000000 ____D () C:\Users\SEAN\Documents\1 Other text
2014-08-10 17:36 - 2011-03-05 01:25 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 00:10 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 21:06 - 2014-08-13 13:48 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-13 13:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2011-06-20 04:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 18:41 - 2014-08-13 13:48 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-13 13:48 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:11 - 2012-04-25 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 17:08 - 2014-07-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 09:52 - 2014-08-13 13:48 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 09:02 - 2014-08-13 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 09:01 - 2014-08-13 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 08:51 - 2014-08-13 13:48 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 08:30 - 2014-08-13 13:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 08:28 - 2014-08-13 13:48 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 08:28 - 2014-08-13 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 08:25 - 2014-08-13 13:48 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-13 13:48 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 08:11 - 2014-08-13 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 08:10 - 2014-08-13 13:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 08:04 - 2014-08-13 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 08:03 - 2014-08-13 13:48 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 08:00 - 2014-08-13 13:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 08:00 - 2014-08-13 13:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 07:59 - 2014-08-13 13:48 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 07:47 - 2014-08-13 13:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 07:40 - 2014-08-13 13:48 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-13 13:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 07:34 - 2014-08-13 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 07:33 - 2014-08-13 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 07:30 - 2014-08-13 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-13 13:48 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 07:28 - 2014-08-13 13:48 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:21 - 2014-08-13 13:48 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 07:19 - 2014-08-13 13:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 07:18 - 2014-08-13 13:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 07:17 - 2014-08-13 13:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 07:17 - 2014-08-13 13:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 07:12 - 2014-08-13 13:48 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 07:10 - 2014-08-13 13:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 07:10 - 2014-08-13 13:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 07:08 - 2014-08-13 13:48 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-13 13:48 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-13 13:48 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-13 13:48 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-13 13:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-13 13:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-13 13:48 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 06:39 - 2014-08-13 13:48 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 06:36 - 2014-08-13 13:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 06:34 - 2014-08-13 13:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-13 13:48 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-13 13:48 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-13 13:48 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 06:07 - 2014-08-13 13:48 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 06:07 - 2014-08-13 13:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 06:03 - 2014-08-13 13:48 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-13 13:48 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 05:26 - 2014-08-13 13:48 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-13 13:48 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-13 13:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-13 13:48 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-13 13:48 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 16:26 - 2012-06-09 09:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 16:26 - 2012-06-09 09:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 15:36 - 2012-06-09 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 21:05

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by SEAN at 2014-08-20 14:55:05
Running from C:\Users\SEAN\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Advanced Tactical Center™ 1.0 (HKLM-x32\...\ATC_is1) (Version: 1.0.0.0 - Foolish Entertainment)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
Army Builder 3.4c (HKLM-x32\...\{43867B63-C464-4570-823D-D92DC08E3400}_is1) (Version: 3.4c - Lone Wolf Development, Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle for Wesnoth 1.10.7 (HKLM-x32\...\Battle for Wesnoth 1.10.7) (Version: 1.10.7 - )
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.1.2.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blood Bowl version 1.2.0.1 (HKLM-x32\...\BloodBowl_is1) (Version: 1.2.0.1 - Cyanide Entertainment)
Command & Conquer™ Red Alert™ 3 Demo (HKLM-x32\...\{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}) (Version: 1.0.1.0 - Electronic Arts)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
DWA-130 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 2.00 - D-Link)
ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
Empires (HKLM-x32\...\Steam App 17740) (Version: - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.01.02 - )
EVGA Precision 2.0.3 (HKLM-x32\...\Precision) (Version: 2.0.3 - EVGA Corporation)
FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Global Agenda Launcher (HKLM-x32\...\{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}) (Version: 1.0.0 - Hi-Rez Studios)
Global Agenda Live (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}) (Version: 1.5.1.5 - Hi-Rez Studios)
gmax (HKLM-x32\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version: - )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.4.6 - Reto-Moto)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Nero 9 Essentials (HKLM-x32\...\{335efe23-626a-4398-92db-35a92a73a7ff}) (Version: - Nero AG)
Nero BurnRights (x32 Version: 3.4.7.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.7.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version: - Uber Entertainment)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Registry Reviver (HKLM-x32\...\{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1) (Version: 2.1.648.9552 - ReviverSoft)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.3.6.19269 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Tribes Ascend Closed Beta (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
VASSAL (3.2.8) (HKLM-x32\...\VASSAL (3.2.8)) (Version: 3.2.8 - vassalengine.org)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - )
Warhammer 40,000: Space Marine Demo (HKLM-x32\...\Steam App 55410) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.3.4.15595 - Blizzard Entertainment)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3327738456-3466891826-1031852044-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\457\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

29-07-2014 17:53:11 Windows Update
31-07-2014 19:48:52 Windows Update
06-08-2014 00:32:37 Windows Update
09-08-2014 01:59:42 Windows Update
13-08-2014 18:42:00 Windows Update
13-08-2014 20:34:35 Windows Update
20-08-2014 05:23:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-12 21:13 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4B846711-E5E9-42B5-ACFA-CF7599EEA35E} - System32\Tasks\{A860E591-DBA0-4E4B-ABA4-34948ADAA12E} => Firefox.exe http://ui.skype.com/...led;madedefault
Task: {996A8A05-CFFF-4C5A-97D6-7BB5FD6E6C32} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: {A631ED63-0251-4A89-B5D6-482EC39479A0} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {A7E7D307-5F58-4B6A-84A2-77DDCE5F91FC} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-25] (ASUSTeK Computer Inc.)
Task: {EAC7E750-9934-4FF2-B3C6-B37F35CCA42F} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-11-17] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 01:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x9b0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/18/2014 02:39:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e4

Start Time: 01cfbab77399c389

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: c29b5369-26aa-11e4-a08a-20cf30e790ce

Error: (08/16/2014 00:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FDResPub, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wsdapi.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca31
Exception code: 0xc0000005
Fault offset: 0x0000000000057ba6
Faulting process id: 0x814
Faulting application start time: 0xsvchost.exe_FDResPub0
Faulting application path: svchost.exe_FDResPub1
Faulting module path: svchost.exe_FDResPub2
Report Id: svchost.exe_FDResPub3

Error: (08/14/2014 08:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xa30
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/13/2014 06:33:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (08/10/2014 05:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00fbc638
Faulting process id: 0x90c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/09/2014 05:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0006ed38
Faulting process id: 0x5b8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/08/2014 06:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc78
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/01/2014 08:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfeef04bd
Faulting process id: 0xa08
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/26/2014 10:33:43 AM) (Source: BugSplat) (EventID: 1) (User: )
Description: coh2CoH2629981

System errors:
=============
Error: (08/20/2014 02:46:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/20/2014 02:46:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/20/2014 02:46:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/20/2014 02:46:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/20/2014 02:46:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/20/2014 02:46:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2014 02:46:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/20/2014 02:46:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AsIO
AsUpIO
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6

Error: (08/20/2014 02:31:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/20/2014 02:31:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (08/18/2014 01:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b9b001cfbb12e4e26a2bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllceb75d07-2706-11e4-b6ae-20cf30e790ce

Error: (08/18/2014 02:39:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.53210e401cfbab77399c3890C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exec29b5369-26aa-11e4-a08a-20cf30e790ce

Error: (08/16/2014 00:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_FDResPub6.1.7600.163854a5bc3c1wsdapi.dll6.1.7601.175144ce7ca31c00000050000000000057ba681401cfb91555f6284cC:\Windows\system32\svchost.exec:\windows\system32\wsdapi.dll9ef5052d-2508-11e4-b5f1-20cf30e790ce

Error: (08/14/2014 08:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500000000a3001cfb826ee778b5dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown4c786803-241a-11e4-adaa-20cf30e790ce

Error: (08/13/2014 06:33:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (08/10/2014 05:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500fbc63890c01cfb4eb0d91b44fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown69ce769f-20de-11e4-b5c3-20cf30e790ce

Error: (08/09/2014 05:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050006ed385b801cfb42273ad2d33C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dllc3acfa00-2015-11e4-a527-20cf30e790ce

Error: (08/08/2014 06:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500000000c7801cfb2fbb4ca7f36C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown0056a87f-1eef-11e4-b97f-20cf30e790ce

Error: (08/01/2014 08:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c0000005feef04bda0801cfadf17ee5378cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknowndc4667e9-19e4-11e4-8ab5-20cf30e790ce

Error: (07/26/2014 10:33:43 AM) (Source: BugSplat) (EventID: 1) (User: )
Description: coh2CoH2629981

CodeIntegrity Errors:
===================================
Date: 2013-08-28 23:28:26.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-28 23:28:26.476
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 12%
Total physical RAM: 6071.05 MB
Available physical RAM: 5310.21 MB
Total Pagefile: 12140.29 MB
Available Pagefile: 11412.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:683 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=917.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by War Man, 20 August 2014 - 02:09 PM.

#8
dbreeze

Posted 20 August 2014 - 06:21 PM

Trusted Helper

Malware Removal
2,216 posts

Hi War Man,

The Fixlist went fine and the AdwCleaner scan was insightful. But we need to redo the FRST scan and let's add a MBAM scan to see what a definition based scanner finds. Please follow the directions below:

First >>>>

Please reboot your system into Normal boot (not Safe Mode at all) and run the following:

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Right click the file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select the Addition.txt check box in the Optional Scan box.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
Because we asked for this option, the tool will generate another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Second >>>>

Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

Please click on the Export Log button and select the "As text file" from the drop-down list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.

Things we need to have in your next reply:

The fresh FRST.txt log.
The fresh Addition.txt log.
The MBAM scan log (if anything was found).

#9
dbreeze

Posted 20 August 2014 - 06:36 PM

Trusted Helper

Malware Removal
2,216 posts

Forgot to say, if you could hold off on the Vassel Modules until we are done, that may be best.

#10
War Man

Posted 21 August 2014 - 04:03 PM

Member

Topic Starter
Member
32 posts

Nothing on malwarebytes got detected.

FRST is first

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014
Ran by SEAN (administrator) on SEAN-PC on 21-08-2014 16:24:42
Running from C:\Users\SEAN\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(D-Link) C:\Program Files (x86)\D-Link\DWA-130 revD\wirelesscm.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-29] (Microsoft Corporation)
HKU\S-1-5-21-3327738456-3466891826-1031852044-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-130 revD\wirelesscm.exe (D-Link)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 198.201.17.5

FireFox:
========
FF ProfilePath: C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: EPUBReader - C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-08-28] (Hi-Rez Studios) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-130 revD\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-01] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [228864 2010-04-02] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [538112 2008-07-01] (Atheros Communications, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-01] ()
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-04-28] (Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2009-10-09] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 16:24 - 2014-08-21 16:24 - 00013256 _____ () C:\Users\SEAN\Desktop\FRST.txt
2014-08-21 16:22 - 2014-08-21 16:22 - 02101760 _____ (Farbar) C:\Users\SEAN\Desktop\FRST64.exe
2014-08-20 14:55 - 2014-08-20 14:55 - 00031534 _____ () C:\Users\SEAN\Desktop\Addition(old).txt
2014-08-20 14:54 - 2014-08-20 14:55 - 00036842 _____ () C:\Users\SEAN\Desktop\FRST(old).txt
2014-08-20 14:49 - 2014-08-20 14:49 - 01361671 _____ () C:\Users\SEAN\Desktop\adwcleaner_3.307.exe
2014-08-19 13:54 - 2014-08-19 14:10 - 00000000 ____D () C:\Users\SEAN\Desktop\mbar
2014-08-19 13:54 - 2014-08-19 14:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 13:52 - 2014-08-19 13:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SEAN\Desktop\mbar-1.07.0.1012.exe
2014-08-19 13:48 - 2014-08-21 16:24 - 00000000 ____D () C:\FRST
2014-08-18 02:39 - 2014-08-18 02:39 - 00000953 _____ () C:\Users\SEAN\.recently-used.xbel
2014-08-13 15:35 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 15:35 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 15:35 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 15:35 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 15:35 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 15:35 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 15:35 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 15:35 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 13:49 - 2014-07-15 22:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:49 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:49 - 2014-07-15 21:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:49 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:49 - 2014-07-15 21:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:49 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:49 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:49 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:49 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:49 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:49 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:49 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:49 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:49 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:49 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:49 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:48 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:48 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 13:48 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:48 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:48 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:48 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:48 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:48 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:48 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:48 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:48 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:48 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:48 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:48 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:48 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:48 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:48 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:48 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:48 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:48 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:48 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:48 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:48 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:48 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:48 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:48 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:48 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:48 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:48 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:48 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:48 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:48 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:48 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:48 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:48 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:48 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:48 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:48 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:48 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:48 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:48 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:48 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:48 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:48 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:48 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:48 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:48 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:48 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:48 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:48 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:48 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:48 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:48 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:48 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:48 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:48 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:48 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:48 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:48 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:48 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:48 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 14:49 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 14:49 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 14:49 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 14:49 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 14:49 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 14:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 14:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 14:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 14:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 17:08 - 2014-07-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 16:24 - 2014-08-21 16:24 - 00013256 _____ () C:\Users\SEAN\Desktop\FRST.txt
2014-08-21 16:24 - 2014-08-19 13:48 - 00000000 ____D () C:\FRST
2014-08-21 16:23 - 2010-12-30 14:10 - 01318602 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 16:22 - 2014-08-21 16:22 - 02101760 _____ (Farbar) C:\Users\SEAN\Desktop\FRST64.exe
2014-08-21 16:20 - 2011-01-18 21:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-21 16:19 - 2014-07-07 19:29 - 00010584 _____ () C:\Windows\setupact.log
2014-08-21 16:19 - 2011-06-01 13:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-21 16:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 16:18 - 2014-05-09 17:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 16:18 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 16:18 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 16:16 - 2011-01-01 02:09 - 00000000 ____D () C:\Users\SEAN\AppData\Local\CrashDumps
2014-08-21 16:10 - 2009-07-13 23:45 - 00295936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-20 14:55 - 2014-08-20 14:55 - 00031534 _____ () C:\Users\SEAN\Desktop\Addition(old).txt
2014-08-20 14:55 - 2014-08-20 14:54 - 00036842 _____ () C:\Users\SEAN\Desktop\FRST(old).txt
2014-08-20 14:52 - 2014-07-05 15:22 - 00000000 ____D () C:\AdwCleaner
2014-08-20 14:49 - 2014-08-20 14:49 - 01361671 _____ () C:\Users\SEAN\Desktop\adwcleaner_3.307.exe
2014-08-20 14:42 - 2014-06-21 01:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-20 14:40 - 2011-08-02 12:35 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-20 14:40 - 2011-01-09 16:31 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-20 14:40 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-19 14:10 - 2014-08-19 13:54 - 00000000 ____D () C:\Users\SEAN\Desktop\mbar
2014-08-19 14:10 - 2014-08-19 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 13:54 - 2014-05-09 17:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 13:52 - 2014-08-19 13:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SEAN\Desktop\mbar-1.07.0.1012.exe
2014-08-19 00:17 - 2014-03-25 16:41 - 00000000 ____D () C:\ProgramData\Army Builder
2014-08-18 21:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 16:00 - 2010-12-30 16:01 - 00595326 _____ () C:\Windows\PFRO.log
2014-08-18 15:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-08-18 13:38 - 2011-05-14 00:05 - 00001350 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-18 13:38 - 2010-12-30 14:18 - 00001625 _____ () C:\Users\SEAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 02:40 - 2011-07-29 20:28 - 00000000 ____D () C:\Users\SEAN\.gimp-2.6
2014-08-18 02:39 - 2014-08-18 02:39 - 00000953 _____ () C:\Users\SEAN\.recently-used.xbel
2014-08-18 02:39 - 2010-12-30 14:11 - 00000000 ____D () C:\Users\SEAN
2014-08-18 02:11 - 2013-09-26 15:49 - 00000000 ____D () C:\Users\SEAN\Documents\A ti3 vassal game and Twilight Imperium
2014-08-18 02:11 - 2012-04-19 13:52 - 00000000 ____D () C:\Users\SEAN\Documents\1 Game concepts
2014-08-17 23:14 - 2011-03-05 01:25 - 00000000 ____D () C:\Users\SEAN\AppData\Roaming\Skype
2014-08-13 18:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:41 - 2013-08-29 01:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:39 - 2011-01-09 16:26 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 15:34 - 2014-04-30 00:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 00:33 - 2014-01-17 12:27 - 00000000 ____D () C:\Users\SEAN\Documents\1 Other text
2014-08-10 17:36 - 2011-03-05 01:25 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 00:10 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 21:06 - 2014-08-13 13:48 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-13 13:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2011-06-20 04:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 18:41 - 2014-08-13 13:48 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-13 13:48 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:11 - 2012-04-25 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 17:08 - 2014-07-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 09:52 - 2014-08-13 13:48 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 09:02 - 2014-08-13 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 09:01 - 2014-08-13 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 08:51 - 2014-08-13 13:48 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 08:30 - 2014-08-13 13:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 08:28 - 2014-08-13 13:48 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 08:28 - 2014-08-13 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 08:25 - 2014-08-13 13:48 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-13 13:48 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 08:11 - 2014-08-13 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 08:10 - 2014-08-13 13:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 08:04 - 2014-08-13 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 08:03 - 2014-08-13 13:48 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 08:00 - 2014-08-13 13:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 08:00 - 2014-08-13 13:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 07:59 - 2014-08-13 13:48 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 07:47 - 2014-08-13 13:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 07:40 - 2014-08-13 13:48 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-13 13:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 07:34 - 2014-08-13 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 07:33 - 2014-08-13 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 07:30 - 2014-08-13 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-13 13:48 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 07:28 - 2014-08-13 13:48 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:21 - 2014-08-13 13:48 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 07:19 - 2014-08-13 13:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 07:18 - 2014-08-13 13:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 07:17 - 2014-08-13 13:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 07:17 - 2014-08-13 13:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 07:12 - 2014-08-13 13:48 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 07:10 - 2014-08-13 13:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 07:10 - 2014-08-13 13:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 07:08 - 2014-08-13 13:48 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-13 13:48 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-13 13:48 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-13 13:48 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-13 13:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-13 13:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-13 13:48 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 06:39 - 2014-08-13 13:48 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 06:36 - 2014-08-13 13:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 06:34 - 2014-08-13 13:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-13 13:48 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-13 13:48 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-13 13:48 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 06:07 - 2014-08-13 13:48 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 06:07 - 2014-08-13 13:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 06:03 - 2014-08-13 13:48 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-13 13:48 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 05:26 - 2014-08-13 13:48 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-13 13:48 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-13 13:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-13 13:48 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-13 13:48 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 16:26 - 2012-06-09 09:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 16:26 - 2012-06-09 09:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 15:36 - 2012-06-09 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 21:05

==================== End Of Log ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2014
Ran by SEAN at 2014-08-21 16:25:23
Running from C:\Users\SEAN\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Advanced Tactical Center™ 1.0 (HKLM-x32\...\ATC_is1) (Version: 1.0.0.0 - Foolish Entertainment)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
Army Builder 3.4c (HKLM-x32\...\{43867B63-C464-4570-823D-D92DC08E3400}_is1) (Version: 3.4c - Lone Wolf Development, Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle for Wesnoth 1.10.7 (HKLM-x32\...\Battle for Wesnoth 1.10.7) (Version: 1.10.7 - )
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.1.2.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blood Bowl version 1.2.0.1 (HKLM-x32\...\BloodBowl_is1) (Version: 1.2.0.1 - Cyanide Entertainment)
Command & Conquer™ Red Alert™ 3 Demo (HKLM-x32\...\{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}) (Version: 1.0.1.0 - Electronic Arts)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
DWA-130 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 2.00 - D-Link)
ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
Empires (HKLM-x32\...\Steam App 17740) (Version: - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.01.02 - )
EVGA Precision 2.0.3 (HKLM-x32\...\Precision) (Version: 2.0.3 - EVGA Corporation)
FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Global Agenda Launcher (HKLM-x32\...\{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}) (Version: 1.0.0 - Hi-Rez Studios)
Global Agenda Live (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}) (Version: 1.5.1.5 - Hi-Rez Studios)
gmax (HKLM-x32\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version: - )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.4.6 - Reto-Moto)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Nero 9 Essentials (HKLM-x32\...\{335efe23-626a-4398-92db-35a92a73a7ff}) (Version: - Nero AG)
Nero BurnRights (x32 Version: 3.4.7.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.7.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version: - Uber Entertainment)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Registry Reviver (HKLM-x32\...\{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1) (Version: 2.1.648.9552 - ReviverSoft)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.3.6.19269 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Tribes Ascend Closed Beta (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
VASSAL (3.2.8) (HKLM-x32\...\VASSAL (3.2.8)) (Version: 3.2.8 - vassalengine.org)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - )
Warhammer 40,000: Space Marine Demo (HKLM-x32\...\Steam App 55410) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.3.4.15595 - Blizzard Entertainment)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3327738456-3466891826-1031852044-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\457\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

29-07-2014 17:53:11 Windows Update
31-07-2014 19:48:52 Windows Update
06-08-2014 00:32:37 Windows Update
09-08-2014 01:59:42 Windows Update
13-08-2014 18:42:00 Windows Update
13-08-2014 20:34:35 Windows Update
20-08-2014 05:23:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-12 21:13 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4B846711-E5E9-42B5-ACFA-CF7599EEA35E} - System32\Tasks\{A860E591-DBA0-4E4B-ABA4-34948ADAA12E} => Firefox.exe http://ui.skype.com/...led;madedefault
Task: {996A8A05-CFFF-4C5A-97D6-7BB5FD6E6C32} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: {A631ED63-0251-4A89-B5D6-482EC39479A0} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {A7E7D307-5F58-4B6A-84A2-77DDCE5F91FC} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-25] (ASUSTeK Computer Inc.)
Task: {EAC7E750-9934-4FF2-B3C6-B37F35CCA42F} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-11-17] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-29 00:56 - 2013-01-18 10:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-19 18:57 - 2013-09-01 14:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-01 20:32 - 2014-07-01 20:32 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-21 16:12 - 2014-08-21 16:12 - 02800128 _____ () C:\Program Files\AVAST Software\Avast\defs\14082100\algo.dll
2013-08-28 23:42 - 2008-12-26 16:55 - 00368640 _____ () C:\Program Files (x86)\D-Link\DWA-130 revD\WlanDll.dll
2013-08-28 23:42 - 2007-11-27 19:31 - 00204800 _____ () C:\Program Files (x86)\D-Link\DWA-130 revD\WlanWps.dll
2010-08-02 14:33 - 2009-01-15 16:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2010-08-02 14:33 - 2009-03-25 18:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-07-01 20:32 - 2014-07-01 20:32 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 04:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00700041
Faulting process id: 0xbe8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/18/2014 01:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x9b0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/18/2014 02:39:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e4

Start Time: 01cfbab77399c389

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: c29b5369-26aa-11e4-a08a-20cf30e790ce

Error: (08/16/2014 00:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FDResPub, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wsdapi.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca31
Exception code: 0xc0000005
Fault offset: 0x0000000000057ba6
Faulting process id: 0x814
Faulting application start time: 0xsvchost.exe_FDResPub0
Faulting application path: svchost.exe_FDResPub1
Faulting module path: svchost.exe_FDResPub2
Report Id: svchost.exe_FDResPub3

Error: (08/14/2014 08:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xa30
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/13/2014 06:33:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (08/10/2014 05:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00fbc638
Faulting process id: 0x90c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/09/2014 05:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0006ed38
Faulting process id: 0x5b8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/08/2014 06:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc78
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/01/2014 08:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfeef04bd
Faulting process id: 0xa08
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

System errors:
=============
Error: (08/20/2014 05:58:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/20/2014 05:58:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/20/2014 05:58:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/20/2014 05:58:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/20/2014 05:58:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/20/2014 05:58:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2014 05:58:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/20/2014 05:58:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AsIO
AsUpIO
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6

Error: (08/20/2014 02:46:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/20/2014 02:46:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:
=========================
Error: (08/21/2014 04:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500700041be801cfbd8460dda6abC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknownc255a395-2977-11e4-a344-20cf30e790ce

Error: (08/18/2014 01:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b9b001cfbb12e4e26a2bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllceb75d07-2706-11e4-b6ae-20cf30e790ce

Error: (08/18/2014 02:39:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.53210e401cfbab77399c3890C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exec29b5369-26aa-11e4-a08a-20cf30e790ce

Error: (08/16/2014 00:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_FDResPub6.1.7600.163854a5bc3c1wsdapi.dll6.1.7601.175144ce7ca31c00000050000000000057ba681401cfb91555f6284cC:\Windows\system32\svchost.exec:\windows\system32\wsdapi.dll9ef5052d-2508-11e4-b5f1-20cf30e790ce

Error: (08/14/2014 08:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500000000a3001cfb826ee778b5dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown4c786803-241a-11e4-adaa-20cf30e790ce

Error: (08/13/2014 06:33:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (08/10/2014 05:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500fbc63890c01cfb4eb0d91b44fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown69ce769f-20de-11e4-b5c3-20cf30e790ce

Error: (08/09/2014 05:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050006ed385b801cfb42273ad2d33C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dllc3acfa00-2015-11e4-a527-20cf30e790ce

Error: (08/08/2014 06:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000500000000c7801cfb2fbb4ca7f36C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown0056a87f-1eef-11e4-b97f-20cf30e790ce

Error: (08/01/2014 08:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c0000005feef04bda0801cfadf17ee5378cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknowndc4667e9-19e4-11e4-8ab5-20cf30e790ce

CodeIntegrity Errors:
===================================
Date: 2013-08-28 23:28:26.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-28 23:28:26.476
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 6071.05 MB
Available physical RAM: 4621.35 MB
Total Pagefile: 12140.29 MB
Available Pagefile: 10640.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:683.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=917.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by War Man, 21 August 2014 - 04:04 PM.

#11
dbreeze

Posted 21 August 2014 - 06:38 PM

Trusted Helper

Malware Removal
2,216 posts

Thank you, War Man, for the logs and information. I am looking over the logs and will have a fix to you as soon as it is approved; just to let you know, your system is looking very well so far, there are some items to attend to so don't go away just yet. :geek:

#12
dbreeze

Posted 23 August 2014 - 01:09 PM

Trusted Helper

Malware Removal
2,216 posts

Hi War Man,

Sorry for the delay but there were some time issues with my Adviser. They apologize to you also. Moving on, let's clean what AdwCleaner found and then a final check with ESET Online Scanner.

First >>>>

Re-run AdwCleaner

Close all open windows and browsers.

Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to complete.
When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
Click the Clean button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S1].txt

Please post this log before moving onto the second step as this may take some time to finish.

Second >>>>>

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.

Please go here to run the scan and click on Run ESET Online Scanner
The next screen will be the ESET Online Scanner installer
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
Save the file to your desktop; you should see a file like this when the download is finished
Double click on this to start the installation of the ESET Online Scanner
In the new window that appears select the option YES, I accept the Terms of Use then click on Start
Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

- Remove found threats is Not checked
- Scan archives is checked
- Scan for potentially unsafe applications is checked
- Enable Anti-Stealth Technology is checked
Now click on: Start
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed, if any malware was detected, the summary screen will show a warning.
On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
Use Notepad to open the logfile you save on your desktop.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Just as a reminder, we are looking for the AdwCleaner log and the ESET Online Scanner log (and, of course, any questions you may have).

#13
War Man

Posted 24 August 2014 - 08:13 AM

Member

Topic Starter
Member
32 posts

Alright, well for starters. I previously did a scan of adwarecleaner, but afterwards I realized I had to do internet stuff, so I eventually did adwarecleaner a second time before eset scan. I'll put both logs of adware cleaner starting with oldest.

# AdwCleaner v3.308 - Report created 23/08/2014 at 22:35:11
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SEAN - SEAN-PC
# Running from : C:\Users\SEAN\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\SEAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\SEAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk
Shortcut Disinfected : C:\Users\SEAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCEE70C6-FA43-4B67-A889-80AF260D2435}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\prefs.js ]

Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [3068 octets] - [05/07/2014 15:22:22]
AdwCleaner[R1].txt - [2920 octets] - [20/08/2014 14:52:16]
AdwCleaner[R2].txt - [3230 octets] - [23/08/2014 22:29:59]
AdwCleaner[S0].txt - [3091 octets] - [05/07/2014 15:23:30]
AdwCleaner[S1].txt - [2503 octets] - [23/08/2014 22:35:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2563 octets] ##########

# AdwCleaner v3.308 - Report created 24/08/2014 at 07:42:22
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SEAN - SEAN-PC
# Running from : C:\Users\SEAN\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\SEAN\AppData\Roaming\Mozilla\Firefox\Profiles\xgsgehfh.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3068 octets] - [05/07/2014 15:22:22]
AdwCleaner[R1].txt - [2920 octets] - [20/08/2014 14:52:16]
AdwCleaner[R2].txt - [3230 octets] - [23/08/2014 22:29:59]
AdwCleaner[R3].txt - [1115 octets] - [24/08/2014 07:41:36]
AdwCleaner[S0].txt - [3091 octets] - [05/07/2014 15:23:30]
AdwCleaner[S1].txt - [2647 octets] - [23/08/2014 22:35:11]
AdwCleaner[S2].txt - [1037 octets] - [24/08/2014 07:42:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1097 octets] ##########

Now for ESET, everything seemed to go fine. I didn't start clicking/pressing keys until the screensaver popped up, should of turned that off before scanning. Also halfway through the scan, malware bytes just popped up, didn't do anything except be annoying as it usually does, might of auto-updated while I was scanning

C:\Program Files (x86)\Reviversoft\Registry Reviver\aso3sys.dll   probably a variant of Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\ASOHelper.dll   a variant of Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe   a variant of Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\SendLogs.exe   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\bg\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\cs\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\DA\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\DTCH\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\el\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\ENG\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\ES\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\fi\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\FR\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\GRMN\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\hu\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\in\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\ITLY\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\JA\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\no\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\pt\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\ro\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\sv\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\th\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Program Files (x86)\Reviversoft\Registry Reviver\ZH\regclean.ini   Win32/RegistryReviver potentially unwanted application
C:\Users\SEAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGHPNHCN\eDealsInstaller-Distribution[1].exe   multiple threats
C:\Users\SEAN\Downloads\ccsetup415.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application

I understand about the vassal modules, but may I download images or will that be too much interruption? I don't want to hold off the game on other players, just I need to be able to zoom in farther than seeing the image online to see my resources and I'll be fine.

Edited by War Man, 24 August 2014 - 08:16 AM.

#14
dbreeze

Posted 24 August 2014 - 01:05 PM

Trusted Helper

Malware Removal
2,216 posts

Hi War Man,

The scans look very good. Looks like AdwCleaner has removed the last pieces of the istart123 hijack malware and ESET only found one or two easily handled items.

Step1 >>>

The first thing I would advise is to uninstall ReviverSoft's Registry Reviver. I had noticed this earlier but needed some confirmation on the program and would like for you to read the following:
Rogue Registry Tool?
Registry Cleaners Not Recommended
Do I need a Registry Cleaner?

I would very strongly recommend you uninstall the program:

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

ReviverSoft's Registry Reviver

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Step2 >>>

Please delete the file (C:\Users\SEAN\Downloads\ccsetup415.exe) from your Downloads directory. I am thinking that this is an install of CCleaner from Piriform but it looks as though it was downloaded from a third party site and has a toolbar added to the install.

Step3 >>>

Not really a step but if you want to, I think the Vassal files would be safe for now as long as Avast is up to date and scanning them in the background.

I will have my Adviser go over my next steps which should see you clean and ready to go on your way.