Jump to content

Audio ads coming from nowhere


Recommended Posts

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to "Treat detections as malware"
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found

Then......

Download DDS from one of the links below and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/dds.scr
http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 or Win 8 right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
When done, DDS will open two (2) logs: DDS.txt and Attach.txt
Save both reports to your desktop
Please Copy & Paste the contents of the following logs in your next reply
You can ignore the note about zipping the Attach.txt file

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:
 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.7.2

Run by Cameron - New at 11:51:11 on 2014-04-18

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8157.2844 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe

C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\TiltWheelMouse.exe

C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe

C:\Users\Cameron - New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Razer\Core\RazerCore.exe

C:\Users\Cameron - New\AppData\Local\NDS\PCShow\NDSPCShowServer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe

C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe

C:\Program Files (x86)\Corsair\M65 Mouse\CorsTra.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Cameron - New\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Cameron - New\Downloads\FRST64.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\notepad.exe

svchost.exe

C:\Windows\system32\notepad.exe

svchost.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\Windows\System32\SndVol.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\taskmgr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [PCShowServer] C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe

uRun: [spotify Web Helper] "C:\Users\Cameron - New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Corsair M65 Mouse] C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com


TCP: NameServer = 192.168.1.1

TCP: Interfaces\{006ABFE4-251C-4CE7-9F6D-D88D7EF6E949} : DHCPNameServer = 192.168.1.1 68.105.28.12

TCP: Interfaces\{006ABFE4-251C-4CE7-9F6D-D88D7EF6E949}\34F6870294E6475627E656470296370235869647 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{006ABFE4-251C-4CE7-9F6D-D88D7EF6E949}\645736B60234F687 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{006ABFE4-251C-4CE7-9F6D-D88D7EF6E949}\759464940264F425024584540275946494C4543535 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{006ABFE4-251C-4CE7-9F6D-D88D7EF6E949}\8696 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{006ABFE4-251C-4CE7-9F6D-D88D7EF6E949}\E4544574541425 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{127087E5-F9D9-4A76-B6D7-B6C01BE99319} : DHCPNameServer = 192.168.1.1 68.105.28.12

TCP: Interfaces\{8620F79B-DD10-4E77-BE1F-031E2AF85B16} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [MouseDriver] TiltWheelMouse.exe

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - 

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 783864]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-11-4 345456]

R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-4-16 74432]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-7 328928]

R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-17 1809720]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-17 857912]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-7 328928]

R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-12-7 178528]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-7 328928]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-7 328928]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-7 328928]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-7 328928]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-12-7 1025712]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-12-7 219752]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-12-7 185792]

R2 PCloudd;PCloudd;C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2013-3-26 221536]

R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-10 32960]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-11-4 70592]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]

R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-17 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-17 119512]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-17 63192]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-11-4 311600]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-11-4 522360]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-4 333928]

R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-4-16 129472]

R3 SnakeEyes;Corsair M65 Gaming Mouse;C:\Windows\System32\drivers\SnakeEyes.sys [2013-3-24 25600]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-6-7 1301504]

R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2013-3-29 20048]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-10 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-1-21 197704]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]

S3 KbFilter_Kb_FlexDef3;HID Keyboard(FlexDef3) Driver Service;C:\Windows\System32\drivers\KbFilter_FlexDef3.sys [2012-12-6 22016]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv.sys [2013-11-26 42016]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-12-6 35232]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-1-21 96592]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-4 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2014-04-18 15:30:58 -------- d-----w- C:\FRST

2014-04-18 08:17:09 -------- d-sh--w- C:\$RECYCLE.BIN

2014-04-18 07:17:11 256000 ----a-w- C:\Windows\PEV.exe

2014-04-18 07:17:11 208896 ----a-w- C:\Windows\MBR.exe

2014-04-18 07:17:10 98816 ----a-w- C:\Windows\sed.exe

2014-04-18 07:14:48 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-18 07:04:16 -------- d-----w- C:\SUPERDelete

2014-04-18 07:01:20 -------- d-----w- C:\Users\Cameron - New\AppData\Roaming\SUPERAntiSpyware.com

2014-04-18 07:00:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2014-04-18 07:00:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2014-04-18 06:53:11 684 ----a-w- C:\backup.reg

2014-04-18 06:53:10 61440 ----a-w- C:\Windows\SysWow64\drivers\ggvmghm.sys

2014-04-18 06:53:10 574 ----a-w- C:\cleanup.bat

2014-04-18 06:47:44 388096 ----a-r- C:\Users\Cameron - New\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2014-04-18 06:47:44 -------- d-----w- C:\Program Files (x86)\Trend Micro

2014-04-18 06:10:02 -------- d-----w- C:\TDSSKiller_Quarantine

2014-04-18 06:04:24 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-04-18 06:04:03 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-04-18 06:04:02 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-04-18 06:04:02 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-04-18 06:04:02 -------- d-----w- C:\ProgramData\Malwarebytes

2014-04-18 06:04:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-17 05:16:39 74432 ----a-w- C:\Windows\System32\drivers\RzFilter.sys

2014-04-17 05:16:38 129472 ----a-w- C:\Windows\System32\drivers\RzDxgk.sys

2014-04-14 03:33:35 -------- d-----w- C:\Users\Cameron - New\AppData\Roaming\PDAppFlex

2014-04-09 15:08:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-04-09 15:08:05 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-04-09 15:08:00 362496 ----a-w- C:\Windows\System32\wow64win.dll

2014-04-09 15:08:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2014-04-09 15:08:00 243712 ----a-w- C:\Windows\System32\wow64.dll

2014-04-09 15:08:00 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2014-04-09 15:08:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2014-04-09 15:08:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2014-04-09 15:07:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2014-04-09 15:07:59 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2014-04-09 15:07:59 2048 ----a-w- C:\Windows\SysWow64\user.exe

2014-04-09 15:07:58 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2014-04-09 15:07:58 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys

2014-04-09 15:07:58 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll

2014-04-09 15:07:58 2048 ----a-w- C:\Windows\System32\iologmsg.dll

2014-04-09 15:07:58 190912 ----a-w- C:\Windows\System32\drivers\storport.sys

2014-04-09 15:07:56 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2014-04-08 00:11:12 -------- d-----w- C:\Users\Cameron - New\AppData\Local\DeSmuME

2014-03-28 23:05:52 -------- d-----w- C:\Users\Cameron - New\AppData\Local\Logitech® Webcam Software

2014-03-28 22:57:37 53248 ----a-r- C:\Users\Cameron - New\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

.

==================== Find3M  ====================

.

2014-04-17 05:00:22 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2014-03-18 02:02:08 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2014-03-18 01:54:54 345456 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2014-03-18 01:54:26 185792 ----a-w- C:\Windows\System32\mfevtps.exe

2014-03-18 01:49:44 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2014-03-18 01:47:30 522360 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2014-03-18 01:45:38 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2014-03-18 01:44:40 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2014-03-15 17:30:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-15 17:30:56 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-28 05:24:53 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2014-01-28 05:24:53 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll

2014-01-21 10:50:46 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys

2014-01-21 10:50:24 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys

2014-01-21 10:50:02 422712 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys

.

============= FINISH: 11:54:45.84 ===============


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 10/2/2012 9:18:00 PM

System Uptime: 4/18/2014 8:14:11 AM (3 hours ago)

.

Motherboard: ASRock |  | H61M-HVS

Processor: Intel® Core i7-3770 CPU @ 3.40GHz | CPUSocket | 3392/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 254.984 GiB free.

D: is CDROM ()

G: is FIXED (NTFS) - 186 GiB total, 36.604 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Ace of Spades

Action!

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 12 Plugin

Adobe Photoshop CC

Adobe Reader XI (11.0.06)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Battle.net

Battlefield 3™

Battlelog Web Plugins

Blacklight: Retribution

Bonjour

Call of Duty: World at War

CameraHelperMsi

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.10

Canon Utilities EOS Sample Music

Canon Utilities EOS Utility

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

Canon Utilities Movie Uploader for YouTube

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCleaner

Corsair M65 Gaming Mouse Driver V1.0

Counter-Strike: Source

Counter-Strike: Source Beta

Cox TV Connect

Cube World version 0.0.1

D3DX10

DartViewer

Dawngate

DayZ

doubleTwist

Dxtory version 2.0.120

EaseUS Data Recovery Wizard 7.5

erLT

ESN Sonar

Facebook Video Calling 2.0.0.447

ffdshow [rev 2527] [2008-12-19]

Focus Magic 4.01

Garry's Mod

Garry's Mod 13 Beta

Google Chrome

Google Drive

Google Earth

Google Talk Plugin

Google Update Helper

Gotham City Impostors: Free To Play

Grand Theft Auto IV

Gyazo 2.0.2

Hearthstone

HiJackThis

HP FWUpdateEDO2

HP Photo Creations

HP Photosmart 5510 series Basic Device Software

HP Photosmart 5510 series Help

HP Update

HPDiagnosticAlert

iCloud

iTunes

Java 7 Update 21 (64-bit)

Java Auto Updater

Junk Mail filter update

Lagarith lossless video codec (Remove Only)

League of Legends

LenovoEMC Storage Manager

Loadout

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 2.0.1.1004

McAfee SecurityCenter

Mesh Runtime

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft Games for Windows - LIVE Redistributable

Microsoft LifeCam

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Movie Studio Platinum 12.0 (64-bit)

Mozilla Firefox 26.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.8.15

NVIDIA Update Components

ooVoo

Open Broadcaster Software

Origin

osu!

PDF Settings CC

PlanetSide 2

PlanetSide 2 Live Test

Platform

Portal 2

QuickTime 7

Razer Comms

Razer Core

Realtek Ethernet Controller Driver For Windows 7

Recuva

Remote Mouse version 2.06

Rust

Safari

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition 

SimCity™

Skype™ 6.13

Sound Forge Audio Studio 10.0

Spotify

Steam

Strife

SUPERAntiSpyware

Team Fortress 2

TeamSpeak 3 Client

Terraria

The Elder Scrolls V: Skyrim

TI Connect 1.6

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

VIA Platform Device Manager

War Thunder Launcher 1.0.1.171

Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)

Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

WinRAR 5.01 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

4/18/2014 8:16:50 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

4/18/2014 8:16:50 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

4/18/2014 8:14:44 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  puntfwz

4/18/2014 8:14:35 AM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.

4/18/2014 12:52:06 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

4/18/2014 11:37:55 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

4/18/2014 1:04:45 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

4/17/2014 11:17:34 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.

4/17/2014 10:44:24 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

4/16/2014 12:40:59 PM, Error: Service Control Manager [7000]  - The McAfee Inc. mfeapfk service failed to start due to the following error:  The specified service does not exist.

4/16/2014 10:25:38 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

4/16/2014 1:17:43 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

4/16/2014 1:17:43 PM, Error: Service Control Manager [7000]  - The McAfee Platform Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

4/16/2014 1:17:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}

4/16/2014 1:17:15 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.

4/16/2014 1:17:15 PM, Error: Service Control Manager [7000]  - The McAfee Proxy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

4/16/2014 1:17:14 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.

4/16/2014 1:17:14 PM, Error: Service Control Manager [7000]  - The McAfee Personal Firewall Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

4/16/2014 1:17:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.

4/16/2014 1:17:13 PM, Error: Service Control Manager [7000]  - The McAfee Home Network service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

 

Link to post
Share on other sites

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Cameron - New [Admin rights]

Mode : Scan -- Date : 04/18/2014 12:31:27

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [7] -> KILLED [TermProc]

[sUSP PATH] NDSPCShowServer.exe -- C:\Users\Cameron - New\AppData\Local\NDS\PCShow\NDSPCShowServer.exe [7] -> KILLED [TermThr]

[sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer (C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3928490357-406338101-452910445-1006\[...]\Run : PCShowServer (C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [7]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

[Address] EAT @explorer.exe (AppCacheCheckManifest) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7CD2BC)

[Address] EAT @explorer.exe (AppCacheCloseHandle) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7CA1D8)

[Address] EAT @explorer.exe (AppCacheDeleteGroup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1BE0)

[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1C38)

[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7CA2BC)

[Address] EAT @explorer.exe (AppCacheFinalize) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1C90)

[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1CE8)

[Address] EAT @explorer.exe (AppCacheFreeGroupList) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD835488)

[Address] EAT @explorer.exe (AppCacheFreeIESpace) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F8570)

[Address] EAT @explorer.exe (AppCacheFreeSpace) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1DCC)

[Address] EAT @explorer.exe (AppCacheGetDownloadList) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1E24)

[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1E7C)

[Address] EAT @explorer.exe (AppCacheGetGroupList) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD835464)

[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1ED4)

[Address] EAT @explorer.exe (AppCacheGetInfo) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F1F2C)

[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7CBB30)

[Address] EAT @explorer.exe (AppCacheLookup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E56B8)

[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D5F8C)

[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD78BF24)

[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD791F50)

[Address] EAT @explorer.exe (CreateMD5SSOHash) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C9180)

[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F3808)

[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F36B8)

[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D5CC0)

[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD837200)

[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8371DC)

[Address] EAT @explorer.exe (CreateUrlCacheGroup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F2E4C)

[Address] EAT @explorer.exe (DeleteIE3Cache) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F7394)

[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F8BE0)

[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E94D0)

[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7FBD40)

[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7FBD40)

[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7FA1B0)

[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F2F4C)

[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B0270)

[Address] EAT @explorer.exe (DetectAutoProxyUrl) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B0694)

[Address] EAT @explorer.exe (DispatchAPICall) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7714E8)

[Address] EAT @explorer.exe (DllCanUnloadNow) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7EDC70)

[Address] EAT @explorer.exe (DllGetClassObject) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD787470)

[Address] EAT @explorer.exe (DllInstall) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD82CD10)

[Address] EAT @explorer.exe (DllRegisterServer) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892E30)

[Address] EAT @explorer.exe (DllUnregisterServer) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892E64)

[Address] EAT @explorer.exe (FindCloseUrlCache) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD77553C)

[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD79183C)

[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD77E8C8)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7EC580)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7764A0)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7889FC)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F2DE0)

[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F3044)

[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD791CA0)

[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD77EB5C)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7EC704)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F318C)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F335C)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD788680)

[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F352C)

[Address] EAT @explorer.exe (ForceNexusLookup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C9390)

[Address] EAT @explorer.exe (ForceNexusLookupExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C93E0)

[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F3648)

[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F78B8)

[Address] EAT @explorer.exe (FtpCommandA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89D968)

[Address] EAT @explorer.exe (FtpCommandW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1494)

[Address] EAT @explorer.exe (FtpCreateDirectoryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89DA4C)

[Address] EAT @explorer.exe (FtpCreateDirectoryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1630)

[Address] EAT @explorer.exe (FtpDeleteFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89DAEC)

[Address] EAT @explorer.exe (FtpDeleteFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1798)

[Address] EAT @explorer.exe (FtpFindFirstFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89DB8C)

[Address] EAT @explorer.exe (FtpFindFirstFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1900)

[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89DDF8)

[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1AD8)

[Address] EAT @explorer.exe (FtpGetFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89DEB8)

[Address] EAT @explorer.exe (FtpGetFileEx) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1C60)

[Address] EAT @explorer.exe (FtpGetFileSize) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89E0DC)

[Address] EAT @explorer.exe (FtpGetFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1DF4)

[Address] EAT @explorer.exe (FtpOpenFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89E36C)

[Address] EAT @explorer.exe (FtpOpenFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1EF8)

[Address] EAT @explorer.exe (FtpPutFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89E44C)

[Address] EAT @explorer.exe (FtpPutFileEx) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A1F88)

[Address] EAT @explorer.exe (FtpPutFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A20EC)

[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89E7CC)

[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A21C0)

[Address] EAT @explorer.exe (FtpRenameFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89E86C)

[Address] EAT @explorer.exe (FtpRenameFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A231C)

[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89E920)

[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A253C)

[Address] EAT @explorer.exe (GetProxyDllInfo) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD888D3C)

[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F3868)

[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F73F4)

[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7EB510)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F3B04)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F3CBC)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7DAB20)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D9C80)

[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F3F04)

[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F416C)

[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7A36A0)

[Address] EAT @explorer.exe (GopherCreateLocatorA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherCreateLocatorW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherFindFirstFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherFindFirstFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherGetAttributeA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherGetAttributeW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherOpenFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (GopherOpenFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD79C8C0)

[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7A2A20)

[Address] EAT @explorer.exe (HttpCheckDavCompliance) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B5078)

[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7DBD00)

[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7DBE60)

[Address] EAT @explorer.exe (HttpEndRequestA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D56C0)

[Address] EAT @explorer.exe (HttpEndRequestW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B5714)

[Address] EAT @explorer.exe (HttpGetServerCredentials) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8CD5FC)

[Address] EAT @explorer.exe (HttpGetTunnelSocket) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD897BD4)

[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E6090)

[Address] EAT @explorer.exe (HttpOpenRequestA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B5D6C)

[Address] EAT @explorer.exe (HttpOpenRequestW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD79ABE0)

[Address] EAT @explorer.exe (HttpPushClose) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8988B4)

[Address] EAT @explorer.exe (HttpPushEnable) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD898964)

[Address] EAT @explorer.exe (HttpPushWait) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8989BC)

[Address] EAT @explorer.exe (HttpQueryInfoA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD79F8B0)

[Address] EAT @explorer.exe (HttpQueryInfoW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7AF3A0)

[Address] EAT @explorer.exe (HttpSendRequestA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD832A14)

[Address] EAT @explorer.exe (HttpSendRequestExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B5814)

[Address] EAT @explorer.exe (HttpSendRequestExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D54A4)

[Address] EAT @explorer.exe (HttpSendRequestW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7A287C)

[Address] EAT @explorer.exe (HttpWebSocketClose) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C5E40)

[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C63CC)

[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C5F88)

[Address] EAT @explorer.exe (HttpWebSocketReceive) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C6878)

[Address] EAT @explorer.exe (HttpWebSocketSend) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C6DBC)

[Address] EAT @explorer.exe (HttpWebSocketShutdown) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8C707C)

[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7C04A4)

[Address] EAT @explorer.exe (InternetAlgIdToStringA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2440)

[Address] EAT @explorer.exe (InternetAlgIdToStringW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2618)

[Address] EAT @explorer.exe (InternetAttemptConnect) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88CC48)

[Address] EAT @explorer.exe (InternetAutodial) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD891EF0)

[Address] EAT @explorer.exe (InternetAutodialCallback) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88955C)

[Address] EAT @explorer.exe (InternetAutodialHangup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD891F88)

[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88CCB0)

[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88E0CC)

[Address] EAT @explorer.exe (InternetCheckConnectionA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88CDBC)

[Address] EAT @explorer.exe (InternetCheckConnectionW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88E1DC)

[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B67F8)

[Address] EAT @explorer.exe (InternetCloseHandle) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD798400)

[Address] EAT @explorer.exe (InternetCombineUrlA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D288)

[Address] EAT @explorer.exe (InternetCombineUrlW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD794DA8)

[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D33E4)

[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D33E4)

[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD82FA00)

[Address] EAT @explorer.exe (InternetConnectA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D3A0)

[Address] EAT @explorer.exe (InternetConnectW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7A1460)

[Address] EAT @explorer.exe (InternetCrackUrlA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7BC300)

[Address] EAT @explorer.exe (InternetCrackUrlW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F1DD0)

[Address] EAT @explorer.exe (InternetCreateUrlA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D4CC)

[Address] EAT @explorer.exe (InternetCreateUrlW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD794880)

[Address] EAT @explorer.exe (InternetDial) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892018)

[Address] EAT @explorer.exe (InternetDialA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892018)

[Address] EAT @explorer.exe (InternetDialW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8920D0)

[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B6804)

[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B686C)

[Address] EAT @explorer.exe (InternetErrorDlg) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D349C)

[Address] EAT @explorer.exe (InternetFindNextFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A0DF0)

[Address] EAT @explorer.exe (InternetFindNextFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8A3160)

[Address] EAT @explorer.exe (InternetFortezzaCommand) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD898A14)

[Address] EAT @explorer.exe (InternetFreeCookies) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D1254)

[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD803098)

[Address] EAT @explorer.exe (InternetGetCertByURL) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7721A8)

[Address] EAT @explorer.exe (InternetGetCertByURLA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7721A8)

[Address] EAT @explorer.exe (InternetGetConnectedState) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD793FF0)

[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8361B4)

[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8361B4)

[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B12A4)

[Address] EAT @explorer.exe (InternetGetCookieA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B7B40)

[Address] EAT @explorer.exe (InternetGetCookieEx2) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D1224)

[Address] EAT @explorer.exe (InternetGetCookieExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B7B64)

[Address] EAT @explorer.exe (InternetGetCookieExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D126C)

[Address] EAT @explorer.exe (InternetGetCookieW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B7E70)

[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D564)

[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88E2D0)

[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B6950)

[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B69A0)

[Address] EAT @explorer.exe (InternetGetProxyForUrl) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD802DE0)

[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D704)

[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D704)

[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88E48C)

[Address] EAT @explorer.exe (InternetGoOnline) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89217C)

[Address] EAT @explorer.exe (InternetGoOnlineA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD89217C)

[Address] EAT @explorer.exe (InternetGoOnlineW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892220)

[Address] EAT @explorer.exe (InternetHangUp) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8922B8)

[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD78A100)

[Address] EAT @explorer.exe (InternetLockRequestFile) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7DB8D0)

[Address] EAT @explorer.exe (InternetOpenA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B46D0)

[Address] EAT @explorer.exe (InternetOpenUrlA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D81C)

[Address] EAT @explorer.exe (InternetOpenUrlW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88E590)

[Address] EAT @explorer.exe (InternetOpenW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B4540)

[Address] EAT @explorer.exe (InternetQueryDataAvailable) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD790660)

[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD898A74)

[Address] EAT @explorer.exe (InternetQueryOptionA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD796F40)

[Address] EAT @explorer.exe (InternetQueryOptionW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7974F0)

[Address] EAT @explorer.exe (InternetReadFile) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B01F0)

[Address] EAT @explorer.exe (InternetReadFileExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E6D90)

[Address] EAT @explorer.exe (InternetReadFileExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E6D00)

[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D27F0)

[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2960)

[Address] EAT @explorer.exe (InternetSetCookieA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B7E90)

[Address] EAT @explorer.exe (InternetSetCookieEx2) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B7EB8)

[Address] EAT @explorer.exe (InternetSetCookieExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B7F18)

[Address] EAT @explorer.exe (InternetSetCookieExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7BBDA0)

[Address] EAT @explorer.exe (InternetSetCookieW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B7FBC)

[Address] EAT @explorer.exe (InternetSetDialState) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892338)

[Address] EAT @explorer.exe (InternetSetDialStateA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892338)

[Address] EAT @explorer.exe (InternetSetDialStateW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD892390)

[Address] EAT @explorer.exe (InternetSetFilePointer) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD83763C)

[Address] EAT @explorer.exe (InternetSetOptionA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD795EB0)

[Address] EAT @explorer.exe (InternetSetOptionExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88EBA4)

[Address] EAT @explorer.exe (InternetSetOptionExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88ECA0)

[Address] EAT @explorer.exe (InternetSetOptionW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD796370)

[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B6A38)

[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8B6AD0)

[Address] EAT @explorer.exe (InternetSetStatusCallback) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B64B0)

[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B64B0)

[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7FB9BC)

[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D8B0)

[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88D8B0)

[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD88E73C)

[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E7860)

[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E7860)

[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD84D9A8)

[Address] EAT @explorer.exe (InternetTimeToSystemTime) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD833590)

[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD833590)

[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8334C0)

[Address] EAT @explorer.exe (InternetUnlockRequestFile) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7DB644)

[Address] EAT @explorer.exe (InternetWriteFile) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D5760)

[Address] EAT @explorer.exe (InternetWriteFileExA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (InternetWriteFileExW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (IsHostInProxyBypassList) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B9E94)

[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F43A0)

[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8373E4)

[Address] EAT @explorer.exe (LoadUrlCacheContent) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8AA424)

[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2AD0)

[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7BD40C)

[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD82CF94)

[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7D46E4)

[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F44F0)

[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD772A20)

[Address] EAT @explorer.exe (ResumeSuspendedDownload) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8913F8)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F4600)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F47DC)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F49B4)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD835FD0)

[Address] EAT @explorer.exe (RunOnceUrlCache) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7721A8)

[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F4BB8)

[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F4CEC)

[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F4DEC)

[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F4DEC)

[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7B89B0)

[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7C8EE8)

[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F4FB8)

[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5174)

[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5364)

[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5524)

[Address] EAT @explorer.exe (ShowCertificate) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2AD0)

[Address] EAT @explorer.exe (ShowClientAuthCerts) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2AD0)

[Address] EAT @explorer.exe (ShowSecurityInfo) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2AF0)

[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8D2C80)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5644)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5644)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F577C)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7FFA10)

[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F58BC)

[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F59DC)

[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5A34)

[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5A80)

[Address] EAT @explorer.exe (UrlCacheCreateContainer) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD77EC5C)

[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7F8948)

[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD838A90)

[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD800A60)

[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5AD8)

[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7EC358)

[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5B30)

[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5B88)

[Address] EAT @explorer.exe (UrlCacheReloadSettings) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5BE8)

[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5C40)

[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5C98)

[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8F5CF8)

[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD7E2E78)

[Address] EAT @explorer.exe (UrlZonesDetach) : WS2_32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD8CD998)

[Address] EAT @explorer.exe (DllCanUnloadNow) : NLSData0009.dll -> HOOKED (C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0xEDE32350)

[Address] EAT @explorer.exe (DllGetClassObject) : NLSData0009.dll -> HOOKED (C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0xEDE32130)

[Address] EAT @explorer.exe (DllRegisterServer) : NLSData0009.dll -> HOOKED (C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0xEDE31F70)

[Address] EAT @explorer.exe (DllUnregisterServer) : NLSData0009.dll -> HOOKED (C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0xEDE32060)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EALX-009BA0 ATA Device +++++

--- User ---

[MBR] 952f243f0cdf6f6de23e322a8a5481ac

[bSP] 1f3dd92f86e75f8eff647019d12a6dd2 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) VRFS21200GBCSM ATA Device +++++

--- User ---

[MBR] 5706a9c8ba318290e552c44274b14f79

[bSP] c017b2c450e33a0b8a54d12423b62776 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 190780 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_04182014_123127.txt >>
Link to post
Share on other sites

Lets run some scans:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I see the problem:

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefindrpcss.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 23:47 on 18/04/2014 by Cameron - New

Administrator - Elevation successful

 

========== Filefind ==========

 

Searching for "rpcss.dll"

C:\Windows\System32\rpcss.dll ------- 515072 bytes [03:24 21/11/2010] [03:24 21/11/2010] 6B1844565AB2FC463CBED855CA43A88C

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5C627D1B1138676C0A7AB2C2C190D123

 

-= EOF =-

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then.........

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Last.......

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Let me know how it is, MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014

Ran by Cameron - New at 2014-04-19 10:47:32 Run:1

Running from C:\Users\Cameron - New\Desktop\frst

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll 

 

*****************

 

C:\Windows\System32\rpcss.dll => Moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

 

==== End of Fixlog ====

Link to post
Share on other sites

See if you can do this:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message
  • Please copy and the log in your reply.
  • MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014

Ran by SYSTEM on MININT-3DI44HQ on 19-04-2014 14:43:19

Running from G:\

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2366976 2010-03-02] (VIA)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1768960 2012-11-12] (Corsair Components  Inc)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)

HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1

HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1

HKU\Cameron\...\Run: [Google Update] => C:\Users\Cameron\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-03] (Google Inc.)

HKU\Cameron\...\Run: [spotify Web Helper] => C:\Users\Cameron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-14] (Spotify Ltd)

HKU\Cameron\...\Run: [PCShowServer] => C:\Users\Cameron\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [1625440 2013-10-02] (NDS Technologies)

HKU\Cameron\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Core\RazerCore.exe [1095872 2014-04-10] (Razer, Inc.)

HKU\Cameron - New\...\Run: [PCShowServer] => C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [1625440 2013-10-02] (NDS Technologies)

HKU\Cameron - New\...\Run: [spotify Web Helper] => C:\Users\Cameron - New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)

HKU\Cameron - New\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Core\RazerCore.exe [1095872 2014-04-10] (Razer, Inc.)

HKU\Cameron - New\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)

HKU\Cameron - New\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[s0].txt [2827 2014-04-19] ()

 

==================== Services (Whitelisted) =================

 

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

S2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-26] (LenovoEMC Ltd.)

S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-10] (Razer, Inc.)

S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]

S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

S3 KbFilter_Kb_FlexDef3; C:\Windows\System32\DRIVERS\KbFilter_FlexDef3.sys [22016 2010-09-03] (Siliten)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-19] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)

S0 puntfwz; C:\Windows\SysWOW64\drivers\ggvmghm.sys [61440 2014-04-17] ()

S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)

S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)

S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )

S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [25088 2009-04-16] ()

S3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2013-03-28] (Iomega Corporation)

S3 ALSysIO; \??\C:\Users\Cameron\AppData\Local\Temp\ALSysIO64.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]

S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]

S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

S3 rtlss; System32\Drivers\rtlss.sys [X]

S3 WinRing0_1_2_0; \??\C:\Users\Cameron\AppData\Local\Temp\Rar$EXa0.084\WinRing0x64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-19 09:48 - 2014-04-19 09:53 - 00000000 ____D () C:\AdwCleaner

2014-04-19 09:47 - 2014-04-19 09:48 - 01258805 _____ () C:\Users\Cameron - New\Desktop\AdwCleaner.exe

2014-04-19 09:46 - 2014-04-19 09:47 - 00000000 ____D () C:\Users\Cameron - New\Desktop\frst

2014-04-18 22:47 - 2014-04-18 22:51 - 00001086 _____ () C:\Users\Cameron - New\Desktop\SystemLook.txt

2014-04-18 22:47 - 2014-04-18 22:47 - 00165376 _____ () C:\Users\Cameron - New\Desktop\SystemLook_x64.exe

2014-04-18 14:35 - 2014-04-18 14:35 - 05195154 _____ (Swearware) C:\Users\Cameron - New\Desktop\ComboFix.exe

2014-04-18 14:20 - 2014-04-18 14:20 - 05195154 ____R (Swearware) C:\Users\Cameron - New\Downloads\ComboFix (1).exe

2014-04-18 11:31 - 2014-04-18 11:31 - 00039257 _____ () C:\Users\Cameron - New\Desktop\RKreport[0]_S_04182014_123127.txt

2014-04-18 11:10 - 2014-04-18 11:10 - 04527616 _____ () C:\Users\Cameron - New\Downloads\RogueKillerX64.exe

2014-04-18 10:54 - 2014-04-18 10:54 - 00024483 _____ () C:\Users\Cameron - New\Desktop\dds.txt

2014-04-18 10:54 - 2014-04-18 10:54 - 00014080 _____ () C:\Users\Cameron - New\Desktop\attach.txt

2014-04-18 10:48 - 2014-04-18 10:48 - 00688992 ____R (Swearware) C:\Users\Cameron - New\Desktop\dds.scr

2014-04-18 07:40 - 2014-04-18 07:49 - 00000647 _____ () C:\Users\Cameron - New\Downloads\Search.txt

2014-04-18 07:32 - 2014-04-18 07:33 - 00048015 _____ () C:\Users\Cameron - New\Downloads\Addition.txt

2014-04-18 07:31 - 2014-04-18 07:33 - 00053750 _____ () C:\Users\Cameron - New\Downloads\FRST.txt

2014-04-18 07:30 - 2014-04-19 14:43 - 00000000 ____D () C:\FRST

2014-04-18 07:14 - 2014-04-19 09:42 - 00000280 _____ () C:\Windows\setupact.log

2014-04-18 07:14 - 2014-04-18 14:29 - 00003144 _____ () C:\Windows\PFRO.log

2014-04-18 07:14 - 2014-04-18 07:14 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-18 00:16 - 2014-04-18 00:16 - 00031982 _____ () C:\ComboFix.txt

2014-04-17 23:17 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-17 23:17 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-17 23:17 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-17 23:17 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-17 23:17 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-17 23:17 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-17 23:17 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-17 23:17 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-17 23:14 - 2014-04-18 07:12 - 00000000 ____D () C:\Users\Cameron - New\Desktop\mbar

2014-04-17 23:14 - 2014-04-18 07:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-17 23:13 - 2014-04-17 23:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Cameron - New\Downloads\mbar-1.07.0.1009.exe

2014-04-17 23:11 - 2014-04-17 23:11 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller (1).exe

2014-04-17 23:07 - 2014-04-18 00:16 - 00000000 ____D () C:\Qoobox

2014-04-17 23:07 - 2014-04-17 23:07 - 00000000 ____D () C:\Users\Cameron - New\Desktop\oot

2014-04-17 23:06 - 2014-04-17 23:06 - 00465298 _____ () C:\Users\Cameron - New\Downloads\RootRepeal.rar

2014-04-17 23:04 - 2014-04-18 00:10 - 00000000 ____D () C:\Windows\erdnt

2014-04-17 23:04 - 2014-04-17 23:04 - 00000000 ____D () C:\SUPERDelete

2014-04-17 23:01 - 2014-04-18 23:01 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f.job

2014-04-17 23:01 - 2014-04-18 01:00 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3.job

2014-04-17 23:01 - 2014-04-17 23:01 - 00003620 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3

2014-04-17 23:01 - 2014-04-17 23:01 - 00003546 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f

2014-04-17 23:01 - 2014-04-17 23:01 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\SUPERAntiSpyware.com

2014-04-17 23:00 - 2014-04-17 23:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-04-17 23:00 - 2014-04-17 23:00 - 18736792 _____ (SUPERAntiSpyware) C:\Users\Cameron - New\Downloads\SUPERAntiSpyware.exe

2014-04-17 23:00 - 2014-04-17 23:00 - 05195154 ____R (Swearware) C:\Users\Cameron - New\Downloads\ComboFix.exe

2014-04-17 23:00 - 2014-04-17 23:00 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2014-04-17 23:00 - 2014-04-17 23:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-04-17 22:53 - 2014-04-17 22:53 - 00061440 _____ () C:\Windows\SysWOW64\Drivers\ggvmghm.sys

2014-04-17 22:53 - 2014-04-17 22:53 - 00000694 _____ () C:\Windows\SysWOW64\pmsxrhs.txt

2014-04-17 22:53 - 2014-04-17 22:53 - 00000684 _____ () C:\backup.reg

2014-04-17 22:53 - 2014-04-17 22:53 - 00000574 _____ () C:\cleanup.bat

2014-04-17 22:52 - 2014-04-17 22:52 - 00724952 _____ () C:\Users\Cameron - New\Desktop\avenger.zip

2014-04-17 22:52 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Cameron - New\Desktop\avenger

2014-04-17 22:51 - 2014-04-18 11:31 - 00000000 ____D () C:\Users\Cameron - New\Desktop\RK_Quarantine

2014-04-17 22:50 - 2014-04-17 22:50 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller.exe

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Downloads\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Downloads\addons.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Documents\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Documents\addons.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Desktop\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Desktop\addons.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\AppData\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\AppData\addons.sqlite

2014-04-17 22:47 - 2014-04-17 22:47 - 00003011 _____ () C:\Users\Cameron - New\Desktop\HiJackThis.lnk

2014-04-17 22:47 - 2014-04-17 22:47 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-17 22:46 - 2014-04-17 22:46 - 01402880 _____ () C:\Users\Cameron - New\Downloads\HijackThis.msi

2014-04-17 22:40 - 2014-04-17 22:40 - 00380416 _____ () C:\Users\Cameron - New\Downloads\onivouwx.exe

2014-04-17 22:10 - 2014-04-17 23:12 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-17 22:04 - 2014-04-19 09:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-04-17 22:04 - 2014-04-17 23:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-04-17 22:04 - 2014-04-17 22:04 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-17 22:04 - 2014-04-17 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-17 22:04 - 2014-04-17 22:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-17 22:04 - 2014-04-03 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-04-17 22:04 - 2014-04-03 08:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-04-17 22:03 - 2014-04-17 22:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Cameron - New\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-17 22:01 - 2014-04-17 22:01 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Cameron - New\Desktop\tdsskiller.exe

2014-04-17 21:58 - 2014-04-19 09:52 - 00000085 _____ () C:\Windows\System32\ppuxcv.fxh

2014-04-17 21:41 - 2014-04-19 09:52 - 00037888 _____ () C:\Windows\System32\vnbwgdc.joq

2014-04-17 21:41 - 2014-04-19 09:52 - 00000109 _____ () C:\Windows\System32\kojk.bzm

2014-04-17 21:41 - 2014-04-17 21:41 - 00000064 _____ () C:\Windows\System32\dqdbrbt.hve

2014-04-17 21:25 - 2014-04-17 21:25 - 00301959 ____S () C:\Windows\System32\bknovl.rff

2014-04-16 21:16 - 2014-04-16 21:16 - 00001253 _____ () C:\Users\Public\Desktop\Razer Comms.lnk

2014-04-16 21:16 - 2014-04-10 14:54 - 00129472 _____ (Razer, Inc.) C:\Windows\System32\Drivers\RzDxgk.sys

2014-04-16 21:16 - 2014-04-10 14:54 - 00074432 _____ (Razer, Inc.) C:\Windows\System32\Drivers\RzFilter.sys

2014-04-16 20:58 - 2014-04-16 20:59 - 46645840 _____ (Razer Inc.) C:\Users\Cameron - New\Downloads\RazerComms1.84.1.exe

2014-04-13 19:33 - 2014-04-13 19:33 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\PDAppFlex

2014-04-13 19:32 - 2014-04-13 19:32 - 00003522 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Cameron-PC-Cameron - New

2014-04-09 07:08 - 2014-03-30 17:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-04-09 07:08 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-04-09 07:08 - 2014-03-30 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-09 07:08 - 2014-03-30 15:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-09 07:08 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2014-04-09 07:08 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2014-04-09 07:08 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2014-04-09 07:08 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2014-04-09 07:08 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2014-04-09 07:08 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 07:08 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 07:08 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 07:07 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 07:07 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 07:07 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 07:07 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys

2014-04-09 07:07 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys

2014-04-09 07:07 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys

2014-04-09 07:07 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll

2014-04-09 07:07 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 07:07 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2014-04-07 16:11 - 2014-04-07 16:11 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\DeSmuME

2014-04-07 16:11 - 2013-01-27 20:00 - 536870912 _____ () C:\Users\Cameron - New\Desktop\Pokemon Black Version 2.nds

2014-04-03 21:43 - 2014-04-03 21:44 - 151288940 _____ () C:\Users\Cameron - New\Desktop\Pokemon Black Version 2.zip

2014-04-03 21:43 - 2014-04-03 21:43 - 01670925 _____ () C:\Users\Cameron - New\Desktop\desmume-0.9.10-win64.zip

2014-03-28 15:05 - 2014-03-28 15:05 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Logitech® Webcam Software

2014-03-28 14:58 - 2014-03-28 14:58 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-03-28 14:57 - 2014-03-28 14:57 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Leadertech

2014-03-28 14:54 - 2014-03-28 14:57 - 00000000 ____D () C:\Program Files (x86)\Logitech

2014-03-28 14:54 - 2014-03-28 14:54 - 00001631 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk

2014-03-28 14:52 - 2014-03-28 14:52 - 74637872 _____ (Logitech, Inc.) C:\Users\Cameron - New\Downloads\lws251.exe

2014-03-28 14:51 - 2014-03-28 23:41 - 00010999 _____ () C:\Windows\System32\lvcoinst.log

2014-03-28 14:51 - 2014-03-28 14:57 - 00000000 ____D () C:\Program Files\Common Files\logishrd

2014-03-23 15:16 - 2014-03-23 15:16 - 00000222 _____ () C:\Users\Cameron - New\Desktop\Rust.url

2014-03-23 10:09 - 2014-03-23 10:09 - 00002540 _____ () C:\Users\Cameron - New\Desktop\PlanetSide 2 Test.lnk

2014-03-23 10:08 - 2014-03-23 10:08 - 20095608 _____ () C:\Users\Cameron - New\Downloads\PS2_Test_setup.exe

 

==================== One Month Modified Files and Folders =======

 

2014-04-19 14:43 - 2014-04-18 07:30 - 00000000 ____D () C:\FRST

2014-04-19 13:32 - 2012-06-07 00:51 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-19 09:53 - 2014-04-19 09:48 - 00000000 ____D () C:\AdwCleaner

2014-04-19 09:53 - 2012-06-07 00:48 - 01542153 _____ () C:\Windows\WindowsUpdate.log

2014-04-19 09:52 - 2014-04-17 21:58 - 00000085 _____ () C:\Windows\System32\ppuxcv.fxh

2014-04-19 09:52 - 2014-04-17 21:41 - 00037888 _____ () C:\Windows\System32\vnbwgdc.joq

2014-04-19 09:52 - 2014-04-17 21:41 - 00000109 _____ () C:\Windows\System32\kojk.bzm

2014-04-19 09:52 - 2013-12-03 22:16 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Adobe

2014-04-19 09:50 - 2009-07-13 20:45 - 00026880 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-19 09:50 - 2009-07-13 20:45 - 00026880 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-19 09:48 - 2014-04-19 09:47 - 01258805 _____ () C:\Users\Cameron - New\Desktop\AdwCleaner.exe

2014-04-19 09:48 - 2014-03-15 20:37 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006UA.job

2014-04-19 09:47 - 2014-04-19 09:46 - 00000000 ____D () C:\Users\Cameron - New\Desktop\frst

2014-04-19 09:45 - 2012-10-03 12:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-19 09:43 - 2014-01-18 11:02 - 00411648 _____ () C:\Users\Cameron - New\AppData\Roaming\RZR_00209d904bfd86e33c8d76c88d9a.db

2014-04-19 09:42 - 2014-04-18 07:14 - 00000280 _____ () C:\Windows\setupact.log

2014-04-19 09:42 - 2014-04-17 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-04-19 09:42 - 2012-10-03 12:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-19 09:42 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-18 23:01 - 2014-04-17 23:01 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f.job

2014-04-18 23:01 - 2012-10-05 14:01 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001UA.job

2014-04-18 23:01 - 2012-10-03 15:21 - 00000260 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job

2014-04-18 22:51 - 2014-04-18 22:47 - 00001086 _____ () C:\Users\Cameron - New\Desktop\SystemLook.txt

2014-04-18 22:47 - 2014-04-18 22:47 - 00165376 _____ () C:\Users\Cameron - New\Desktop\SystemLook_x64.exe

2014-04-18 21:01 - 2012-10-05 14:01 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001Core.job

2014-04-18 19:48 - 2014-03-15 20:36 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006Core.job

2014-04-18 18:36 - 2012-10-20 21:31 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001UA.job

2014-04-18 14:35 - 2014-04-18 14:35 - 05195154 _____ (Swearware) C:\Users\Cameron - New\Desktop\ComboFix.exe

2014-04-18 14:29 - 2014-04-18 07:14 - 00003144 _____ () C:\Windows\PFRO.log

2014-04-18 14:29 - 2012-10-03 12:42 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-18 14:20 - 2014-04-18 14:20 - 05195154 ____R (Swearware) C:\Users\Cameron - New\Downloads\ComboFix (1).exe

2014-04-18 11:31 - 2014-04-18 11:31 - 00039257 _____ () C:\Users\Cameron - New\Desktop\RKreport[0]_S_04182014_123127.txt

2014-04-18 11:31 - 2014-04-17 22:51 - 00000000 ____D () C:\Users\Cameron - New\Desktop\RK_Quarantine

2014-04-18 11:10 - 2014-04-18 11:10 - 04527616 _____ () C:\Users\Cameron - New\Downloads\RogueKillerX64.exe

2014-04-18 11:00 - 2012-10-03 12:48 - 00000000 ____D () C:\Fraps

2014-04-18 10:54 - 2014-04-18 10:54 - 00024483 _____ () C:\Users\Cameron - New\Desktop\dds.txt

2014-04-18 10:54 - 2014-04-18 10:54 - 00014080 _____ () C:\Users\Cameron - New\Desktop\attach.txt

2014-04-18 10:48 - 2014-04-18 10:48 - 00688992 ____R (Swearware) C:\Users\Cameron - New\Desktop\dds.scr

2014-04-18 07:49 - 2014-04-18 07:40 - 00000647 _____ () C:\Users\Cameron - New\Downloads\Search.txt

2014-04-18 07:33 - 2014-04-18 07:32 - 00048015 _____ () C:\Users\Cameron - New\Downloads\Addition.txt

2014-04-18 07:33 - 2014-04-18 07:31 - 00053750 _____ () C:\Users\Cameron - New\Downloads\FRST.txt

2014-04-18 07:14 - 2014-04-18 07:14 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-18 07:12 - 2014-04-17 23:14 - 00000000 ____D () C:\Users\Cameron - New\Desktop\mbar

2014-04-18 07:12 - 2014-04-17 23:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-18 01:00 - 2014-04-17 23:01 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3.job

2014-04-18 00:16 - 2014-04-18 00:16 - 00031982 _____ () C:\ComboFix.txt

2014-04-18 00:16 - 2014-04-17 23:07 - 00000000 ____D () C:\Qoobox

2014-04-18 00:16 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default

2014-04-18 00:10 - 2014-04-17 23:04 - 00000000 ____D () C:\Windows\erdnt

2014-04-18 00:05 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-17 23:14 - 2014-04-17 22:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-04-17 23:13 - 2014-04-17 23:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Cameron - New\Downloads\mbar-1.07.0.1009.exe

2014-04-17 23:12 - 2014-04-17 22:10 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-17 23:11 - 2014-04-17 23:11 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller (1).exe

2014-04-17 23:07 - 2014-04-17 23:07 - 00000000 ____D () C:\Users\Cameron - New\Desktop\oot

2014-04-17 23:06 - 2014-04-17 23:06 - 00465298 _____ () C:\Users\Cameron - New\Downloads\RootRepeal.rar

2014-04-17 23:04 - 2014-04-17 23:04 - 00000000 ____D () C:\SUPERDelete

2014-04-17 23:01 - 2014-04-17 23:01 - 00003620 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3

2014-04-17 23:01 - 2014-04-17 23:01 - 00003546 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f

2014-04-17 23:01 - 2014-04-17 23:01 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\SUPERAntiSpyware.com

2014-04-17 23:01 - 2014-04-17 23:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-04-17 23:00 - 2014-04-17 23:00 - 18736792 _____ (SUPERAntiSpyware) C:\Users\Cameron - New\Downloads\SUPERAntiSpyware.exe

2014-04-17 23:00 - 2014-04-17 23:00 - 05195154 ____R (Swearware) C:\Users\Cameron - New\Downloads\ComboFix.exe

2014-04-17 23:00 - 2014-04-17 23:00 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2014-04-17 23:00 - 2014-04-17 23:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-04-17 22:53 - 2014-04-17 22:53 - 00061440 _____ () C:\Windows\SysWOW64\Drivers\ggvmghm.sys

2014-04-17 22:53 - 2014-04-17 22:53 - 00000694 _____ () C:\Windows\SysWOW64\pmsxrhs.txt

2014-04-17 22:53 - 2014-04-17 22:53 - 00000684 _____ () C:\backup.reg

2014-04-17 22:53 - 2014-04-17 22:53 - 00000574 _____ () C:\cleanup.bat

2014-04-17 22:52 - 2014-04-17 22:52 - 00724952 _____ () C:\Users\Cameron - New\Desktop\avenger.zip

2014-04-17 22:52 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Cameron - New\Desktop\avenger

2014-04-17 22:51 - 2013-07-26 13:28 - 00000000 ____D () C:\Users\Cameron\NSU

2014-04-17 22:51 - 2013-01-12 22:04 - 00000000 ____D () C:\Users\Cameron\wurm

2014-04-17 22:50 - 2014-04-17 22:50 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller.exe

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Downloads\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Downloads\addons.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Documents\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Documents\addons.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Desktop\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\Desktop\addons.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\AppData\extensions.sqlite

2014-04-17 22:50 - 2014-04-17 22:50 - 00000000 _____ () C:\Users\Cameron\AppData\addons.sqlite

2014-04-17 22:50 - 2013-12-11 23:08 - 00000000 ____D () C:\Users\Cameron\FrostWire

2014-04-17 22:50 - 2013-12-11 23:08 - 00000000 ____D () C:\Users\Cameron\.frostwire5

2014-04-17 22:50 - 2012-11-09 17:55 - 00000000 ____D () C:\Users\Cameron\.filecatalyst

2014-04-17 22:47 - 2014-04-17 22:47 - 00003011 _____ () C:\Users\Cameron - New\Desktop\HiJackThis.lnk

2014-04-17 22:47 - 2014-04-17 22:47 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-17 22:46 - 2014-04-17 22:46 - 01402880 _____ () C:\Users\Cameron - New\Downloads\HijackThis.msi

2014-04-17 22:40 - 2014-04-17 22:40 - 00380416 _____ () C:\Users\Cameron - New\Downloads\onivouwx.exe

2014-04-17 22:16 - 2014-02-01 19:08 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\TS3Client

2014-04-17 22:16 - 2012-10-03 13:13 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-04-17 22:15 - 2014-01-20 14:07 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\CrashDumps

2014-04-17 22:04 - 2014-04-17 22:04 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-17 22:04 - 2014-04-17 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-17 22:04 - 2014-04-17 22:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-17 22:03 - 2014-04-17 22:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Cameron - New\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-17 22:01 - 2014-04-17 22:01 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Cameron - New\Desktop\tdsskiller.exe

2014-04-17 21:41 - 2014-04-17 21:41 - 00000064 _____ () C:\Windows\System32\dqdbrbt.hve

2014-04-17 21:38 - 2014-01-17 22:51 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\DayZ

2014-04-17 21:36 - 2012-10-20 21:31 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001Core.job

2014-04-17 21:25 - 2014-04-17 21:25 - 00301959 ____S () C:\Windows\System32\bknovl.rff

2014-04-17 21:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\sysprep

2014-04-16 21:16 - 2014-04-16 21:16 - 00001253 _____ () C:\Users\Public\Desktop\Razer Comms.lnk

2014-04-16 21:16 - 2013-11-28 11:53 - 00000000 ____D () C:\ProgramData\Razer

2014-04-16 21:15 - 2013-11-28 11:53 - 00000000 ____D () C:\Windows\Razer Core

2014-04-16 21:14 - 2013-11-28 11:53 - 00000000 ____D () C:\Program Files (x86)\Razer

2014-04-16 21:00 - 2013-11-28 11:53 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2014-04-16 20:59 - 2014-04-16 20:58 - 46645840 _____ (Razer Inc.) C:\Users\Cameron - New\Downloads\RazerComms1.84.1.exe

2014-04-16 18:12 - 2014-01-17 22:52 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Spotify

2014-04-14 13:41 - 2014-01-17 22:53 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Spotify

2014-04-13 19:33 - 2014-04-13 19:33 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\PDAppFlex

2014-04-13 19:32 - 2014-04-13 19:32 - 00003522 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Cameron-PC-Cameron - New

2014-04-12 22:20 - 2014-01-23 22:11 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Skype

2014-04-11 15:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

2014-04-10 14:54 - 2014-04-16 21:16 - 00129472 _____ (Razer, Inc.) C:\Windows\System32\Drivers\RzDxgk.sys

2014-04-10 14:54 - 2014-04-16 21:16 - 00074432 _____ (Razer, Inc.) C:\Windows\System32\Drivers\RzFilter.sys

2014-04-09 07:12 - 2012-10-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-09 07:11 - 2013-12-21 01:05 - 00000000 ____D () C:\Windows\System32\MRT

2014-04-09 07:10 - 2012-10-15 15:06 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2014-04-07 16:11 - 2014-04-07 16:11 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\DeSmuME

2014-04-03 21:44 - 2014-04-03 21:43 - 151288940 _____ () C:\Users\Cameron - New\Desktop\Pokemon Black Version 2.zip

2014-04-03 21:43 - 2014-04-03 21:43 - 01670925 _____ () C:\Users\Cameron - New\Desktop\desmume-0.9.10-win64.zip

2014-04-03 08:51 - 2014-04-17 22:04 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-04-03 08:50 - 2014-04-17 22:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-04-01 20:01 - 2013-05-25 09:37 - 00000000 ____D () C:\Program Files (x86)\ManyCam

2014-03-30 17:16 - 2014-04-09 07:08 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-03-30 17:13 - 2014-04-09 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-03-30 16:13 - 2014-04-09 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-30 15:57 - 2014-04-09 07:08 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-29 15:40 - 2012-10-03 12:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-29 15:40 - 2012-10-03 12:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-28 23:41 - 2014-03-28 14:51 - 00010999 _____ () C:\Windows\System32\lvcoinst.log

2014-03-28 22:47 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-03-28 19:43 - 2014-03-15 20:37 - 00003926 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006UA

2014-03-28 19:43 - 2014-03-15 20:36 - 00003530 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006Core

2014-03-28 15:06 - 2012-10-22 15:34 - 00000000 ____D () C:\Windows\Minidump

2014-03-28 15:05 - 2014-03-28 15:05 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Logitech® Webcam Software

2014-03-28 14:58 - 2014-03-28 14:58 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-03-28 14:57 - 2014-03-28 14:57 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Leadertech

2014-03-28 14:57 - 2014-03-28 14:54 - 00000000 ____D () C:\Program Files (x86)\Logitech

2014-03-28 14:57 - 2014-03-28 14:51 - 00000000 ____D () C:\Program Files\Common Files\logishrd

2014-03-28 14:54 - 2014-03-28 14:54 - 00001631 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk

2014-03-28 14:52 - 2014-03-28 14:52 - 74637872 _____ (Logitech, Inc.) C:\Users\Cameron - New\Downloads\lws251.exe

2014-03-23 15:16 - 2014-03-23 15:16 - 00000222 _____ () C:\Users\Cameron - New\Desktop\Rust.url

2014-03-23 10:09 - 2014-03-23 10:09 - 00002540 _____ () C:\Users\Cameron - New\Desktop\PlanetSide 2 Test.lnk

2014-03-23 10:08 - 2014-03-23 10:08 - 20095608 _____ () C:\Users\Cameron - New\Downloads\PS2_Test_setup.exe

2014-03-22 20:29 - 2014-02-01 19:07 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-03-22 15:52 - 2013-03-13 20:45 - 00000000 ____D () C:\Program Files (x86)\War Thunder

2014-03-22 15:22 - 2014-01-18 16:43 - 00000000 ____D () C:\Users\Cameron - New\Documents\My Games

 

Files to move or delete:

====================

C:\Users\Cameron - New\AppData\Roaming\PLGComp.ini

 

 

Some content of TEMP:

====================

C:\Users\Cameron - New\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Cameron - New\AppData\Local\Temp\Quarantine.exe

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2014-04-18 14:03:26

 

==================== Memory info =========================== 

 

Percentage of memory in use: 10%

Total physical RAM: 8157.21 MB

Available physical RAM: 7316.61 MB

Total Pagefile: 8155.41 MB

Available Pagefile: 7305.27 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:252.21 GB) NTFS

Drive d: (SSD) (Fixed) (Total:186.31 GB) (Free:36.6 GB) NTFS

Drive g: (Lexar) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0EF126E8)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 51D0C07C)

Partition 1: (Not Active) - (Size=186 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=956 MB) - (Type=06)

 

 

LastRegBack: 2014-04-11 15:32

 

==================== End Of Log ============================

Link to post
Share on other sites

Are you able to boot into normal mode now??

If so......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014

Ran by Cameron - New (administrator) on CAMERON-PC on 19-04-2014 16:09:57

Running from C:\Users\Cameron - New\Desktop\frst 2

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(LenovoEMC Ltd.) C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe

(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(NDS Technologies) C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe

(Spotify Ltd) C:\Users\Cameron - New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(LenovoEMC) C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe

(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M65 Mouse\CorsTra.exe

() C:\Users\Cameron - New\AppData\Local\NDS\PCShow\NDSPCShowServer.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\SndVol.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Cameron - New\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2366976 2010-03-02] (VIA)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1768960 2012-11-12] (Corsair Components  Inc)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1

HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1

HKU\S-1-5-21-3928490357-406338101-452910445-1006\...\Run: [PCShowServer] => C:\Users\Cameron - New\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [1625440 2013-10-02] (NDS Technologies)

HKU\S-1-5-21-3928490357-406338101-452910445-1006\...\Run: [spotify Web Helper] => C:\Users\Cameron - New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)

HKU\S-1-5-21-3928490357-406338101-452910445-1006\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Core\RazerCore.exe [1095872 2014-04-10] (Razer, Inc.)

HKU\S-1-5-21-3928490357-406338101-452910445-1006\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.just-browse.info/?l=1&q={searchTerms}

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Cameron - New\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Cameron - New\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Cameron - New\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Cameron - New\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Cameron - New\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Cameron - New\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Cameron - New\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)

FF Plugin ProgramFiles/Appdata: C:\Users\Cameron - New\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Cameron - New\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-12-07]

 

Chrome: 

=======

CHR HomePage: 

CHR StartupUrls: "https://mail.google.com/mail/u/1/?ui=2&shva=1#inbox", "https://mail.google.com/mail/u/0/?ui=2&shva=1#inbox/143e581a02018e9f", "https://mail.google.com/mail/u/2/?shva=1#inbox", "https://www.facebook.com/", "https://imgflip.com/gif/6jaqj", "hxxp://movies.netflix.com/WiHome?movieid=70152108", "https://www.youtube.com/watch?v=GSNd8ecGaAI", "https://www.youtube.com/watch?v=Rd5yTzvz184", "hxxp://8tracks.com/mix_sets/liked:3441347", "hxxp://www.reddit.com/", "hxxp://answers.yahoo.com/activity?show=ELQLPUELSGY57OQN3ZQAFVWRVE&t=g&tab=question", "https://www.spotify.com/us/login/?forward_url=%2Fus%2Fpurchase%2Fproduct%2F3-for-1%2F%3Ffree_trial%3D1", "hxxp://weheartit.com/tag/kendall%20jenner", "https://www.google.com/search?q=kendall+jenner+tumblr&safe=off&espv=210&es_sm=122&source=lnms&tbm=isch&sa=X&ei=yv_RUtrYF43voAS8gYKICg&ved=0CAkQ_AUoAQ&biw=1440&bih=838#facrc=0%3Bkendall%20jenner%20weheartit&imgdii=_&imgrc=_", "https://twitter.com/", "hxxp://fenglee.com/game/aog/", "https://drive.google.com/#shared-with-me", "hxxp://www.youtube.com/watch?v=CMNry4PE93Y"

CHR Extension: (Google Drive) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]

CHR Extension: (Glow) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb [2014-02-05]

CHR Extension: (YouTube) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]

CHR Extension: (Adblock Plus) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-05]

CHR Extension: (Kingdom Rush) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2014-02-05]

CHR Extension: (Google Search) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]

CHR Extension: (Tampermonkey) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-02-05]

CHR Extension: (Save my Tabs) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\djadfifncobffjpicnkiegahdiobpaap [2014-02-05]

CHR Extension: (Video Downloader professional) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-02-05]

CHR Extension: (Causality Games) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-02-05]

CHR Extension: (SiteAdvisor) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-19]

CHR Extension: (Digital Clock) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2014-02-05]

CHR Extension: (Google Voice (by Google)) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-02-05]

CHR Extension: (BeGone) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2014-02-05]

CHR Extension: (Google Wallet) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]

CHR Extension: (Gmail) - C:\Users\Cameron - New\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]

CHR HKLM-x32\...\Chrome\Extension: [hapjcfhlhbidaflnbnnhkojdpeiooogl] - C:\Users\Cameron\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx [2013-06-05]

 

==================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)

S2 0274021397945348mcinstcleanup; C:\Windows\TEMP\027402~1.EXE [836168 2014-03-13] (McAfee, Inc.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)

R2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-26] (LenovoEMC Ltd.)

R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-10] (Razer, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 KbFilter_Kb_FlexDef3; C:\Windows\System32\DRIVERS\KbFilter_FlexDef3.sys [22016 2010-09-03] (Siliten)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-19] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)

U3 mfeavfk01; No ImagePath

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)

S0 puntfwz; C:\Windows\SysWOW64\drivers\ggvmghm.sys [61440 2014-04-17] ()

R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)

R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )

S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [25088 2009-04-16] ()

R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2013-03-29] (Iomega Corporation)

S3 ALSysIO; \??\C:\Users\Cameron\AppData\Local\Temp\ALSysIO64.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]

S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]

S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

S3 rtlss; System32\Drivers\rtlss.sys [X]

S3 WinRing0_1_2_0; \??\C:\Users\Cameron\AppData\Local\Temp\Rar$EXa0.084\WinRing0x64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-19 16:09 - 2014-04-19 16:09 - 00000000 ____D () C:\Users\Cameron - New\Desktop\frst 2

2014-04-19 16:08 - 2014-04-19 16:08 - 00000000 ____D () C:\Users\Cameron - New\Desktop\FRST-OlderVersion

2014-04-19 15:16 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

2014-04-19 10:48 - 2014-04-19 10:53 - 00000000 ____D () C:\AdwCleaner

2014-04-19 10:46 - 2014-04-19 15:50 - 00000000 ____D () C:\Users\Cameron - New\Desktop\frst

2014-04-18 23:47 - 2014-04-18 23:51 - 00001086 _____ () C:\Users\Cameron - New\Desktop\SystemLook.txt

2014-04-18 12:31 - 2014-04-18 12:31 - 00039257 _____ () C:\Users\Cameron - New\Desktop\RKreport[0]_S_04182014_123127.txt

2014-04-18 12:10 - 2014-04-18 12:10 - 04527616 _____ () C:\Users\Cameron - New\Downloads\RogueKillerX64.exe

2014-04-18 11:54 - 2014-04-18 11:54 - 00024483 _____ () C:\Users\Cameron - New\Desktop\dds.txt

2014-04-18 11:54 - 2014-04-18 11:54 - 00014080 _____ () C:\Users\Cameron - New\Desktop\attach.txt

2014-04-18 11:48 - 2014-04-18 11:48 - 00688992 ____R (Swearware) C:\Users\Cameron - New\Desktop\dds.scr

2014-04-18 08:40 - 2014-04-18 08:49 - 00000647 _____ () C:\Users\Cameron - New\Downloads\Search.txt

2014-04-18 08:32 - 2014-04-18 08:33 - 00048015 _____ () C:\Users\Cameron - New\Downloads\Addition.txt

2014-04-18 08:31 - 2014-04-18 08:33 - 00053750 _____ () C:\Users\Cameron - New\Downloads\FRST.txt

2014-04-18 08:30 - 2014-04-19 16:09 - 00000000 ____D () C:\FRST

2014-04-18 08:30 - 2014-04-19 16:08 - 02055680 _____ (Farbar) C:\Users\Cameron - New\Desktop\FRST64.exe

2014-04-18 08:14 - 2014-04-19 14:52 - 00000112 _____ () C:\Windows\setupact.log

2014-04-18 08:14 - 2014-04-18 08:14 - 00001814 _____ () C:\Windows\PFRO.log

2014-04-18 08:14 - 2014-04-18 08:14 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-18 01:16 - 2014-04-18 01:16 - 00031982 _____ () C:\ComboFix.txt

2014-04-18 00:17 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-18 00:17 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-18 00:17 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-18 00:17 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-18 00:17 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-18 00:17 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-18 00:17 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-18 00:17 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-18 00:14 - 2014-04-18 08:12 - 00000000 ____D () C:\Users\Cameron - New\Desktop\mbar

2014-04-18 00:14 - 2014-04-18 08:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-18 00:13 - 2014-04-18 00:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Cameron - New\Downloads\mbar-1.07.0.1009.exe

2014-04-18 00:11 - 2014-04-18 00:11 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller (1).exe

2014-04-18 00:07 - 2014-04-18 01:16 - 00000000 ____D () C:\Qoobox

2014-04-18 00:07 - 2014-04-18 00:07 - 00000000 ____D () C:\Users\Cameron - New\Desktop\oot

2014-04-18 00:06 - 2014-04-18 00:06 - 00465298 _____ () C:\Users\Cameron - New\Downloads\RootRepeal.rar

2014-04-18 00:04 - 2014-04-19 15:50 - 00000000 ____D () C:\Windows\erdnt

2014-04-18 00:04 - 2014-04-18 00:04 - 00000000 ____D () C:\SUPERDelete

2014-04-18 00:01 - 2014-04-19 16:01 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f.job

2014-04-18 00:01 - 2014-04-18 02:00 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3.job

2014-04-18 00:01 - 2014-04-18 00:01 - 00003620 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3

2014-04-18 00:01 - 2014-04-18 00:01 - 00003546 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f

2014-04-18 00:01 - 2014-04-18 00:01 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\SUPERAntiSpyware.com

2014-04-18 00:00 - 2014-04-18 00:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-04-18 00:00 - 2014-04-18 00:00 - 18736792 _____ (SUPERAntiSpyware) C:\Users\Cameron - New\Downloads\SUPERAntiSpyware.exe

2014-04-18 00:00 - 2014-04-18 00:00 - 05195154 ____R (Swearware) C:\Users\Cameron - New\Downloads\ComboFix.exe

2014-04-18 00:00 - 2014-04-18 00:00 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2014-04-18 00:00 - 2014-04-18 00:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-04-17 23:53 - 2014-04-17 23:53 - 00061440 _____ () C:\Windows\SysWOW64\Drivers\ggvmghm.sys

2014-04-17 23:53 - 2014-04-17 23:53 - 00000694 _____ () C:\Windows\SysWOW64\pmsxrhs.txt

2014-04-17 23:53 - 2014-04-17 23:53 - 00000684 _____ () C:\backup.reg

2014-04-17 23:53 - 2014-04-17 23:53 - 00000574 _____ () C:\cleanup.bat

2014-04-17 23:52 - 2014-04-17 23:52 - 00724952 _____ () C:\Users\Cameron - New\Desktop\avenger.zip

2014-04-17 23:52 - 2014-04-17 23:52 - 00000000 ____D () C:\Users\Cameron - New\Desktop\avenger

2014-04-17 23:51 - 2014-04-18 12:31 - 00000000 ____D () C:\Users\Cameron - New\Desktop\RK_Quarantine

2014-04-17 23:50 - 2014-04-17 23:50 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller.exe

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Downloads\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Downloads\addons.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Documents\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Documents\addons.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Desktop\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Desktop\addons.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\AppData\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\AppData\addons.sqlite

2014-04-17 23:47 - 2014-04-17 23:47 - 00003011 _____ () C:\Users\Cameron - New\Desktop\HiJackThis.lnk

2014-04-17 23:47 - 2014-04-17 23:47 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-04-17 23:47 - 2014-04-17 23:47 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-17 23:46 - 2014-04-17 23:46 - 01402880 _____ () C:\Users\Cameron - New\Downloads\HijackThis.msi

2014-04-17 23:40 - 2014-04-17 23:40 - 00380416 _____ () C:\Users\Cameron - New\Downloads\onivouwx.exe

2014-04-17 23:10 - 2014-04-18 00:12 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-17 23:04 - 2014-04-19 15:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-17 23:04 - 2014-04-18 00:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-17 23:04 - 2014-04-17 23:04 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-17 23:04 - 2014-04-17 23:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-17 23:04 - 2014-04-17 23:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-17 23:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-17 23:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-17 23:03 - 2014-04-17 23:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Cameron - New\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-17 23:01 - 2014-04-17 23:01 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Cameron - New\Downloads\tdsskiller.exe

2014-04-17 22:58 - 2014-04-19 16:03 - 00000082 _____ () C:\Windows\system32\ppuxcv.fxh

2014-04-17 22:41 - 2014-04-19 15:53 - 00037888 _____ () C:\Windows\system32\vnbwgdc.joq

2014-04-17 22:41 - 2014-04-19 15:53 - 00000109 _____ () C:\Windows\system32\kojk.bzm

2014-04-17 22:41 - 2014-04-17 22:41 - 00000064 _____ () C:\Windows\system32\dqdbrbt.hve

2014-04-17 22:25 - 2014-04-17 22:25 - 00301959 ____S () C:\Windows\system32\bknovl.rff

2014-04-16 22:16 - 2014-04-16 22:16 - 00001253 _____ () C:\Users\Public\Desktop\Razer Comms.lnk

2014-04-16 22:16 - 2014-04-10 15:54 - 00129472 _____ (Razer, Inc.) C:\Windows\system32\Drivers\RzDxgk.sys

2014-04-16 22:16 - 2014-04-10 15:54 - 00074432 _____ (Razer, Inc.) C:\Windows\system32\Drivers\RzFilter.sys

2014-04-16 21:58 - 2014-04-16 21:59 - 46645840 _____ (Razer Inc.) C:\Users\Cameron - New\Downloads\RazerComms1.84.1.exe

2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\PDAppFlex

2014-04-13 20:32 - 2014-04-13 20:32 - 00003522 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Cameron-PC-Cameron - New

2014-04-09 08:08 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-09 08:08 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-09 08:08 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-09 08:08 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-09 08:08 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:08 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 08:08 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 08:08 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 08:08 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 08:08 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 08:08 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 08:08 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 08:07 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 08:07 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 08:07 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 08:07 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 08:07 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 08:07 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 08:07 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 08:07 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 08:07 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-07 17:11 - 2014-04-07 17:11 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\DeSmuME

2014-04-07 17:11 - 2013-01-27 21:00 - 536870912 _____ () C:\Users\Cameron - New\Desktop\Pokemon Black Version 2.nds

2014-04-03 22:43 - 2014-04-03 22:44 - 151288940 _____ () C:\Users\Cameron - New\Desktop\Pokemon Black Version 2.zip

2014-04-03 22:43 - 2014-04-03 22:43 - 01670925 _____ () C:\Users\Cameron - New\Desktop\desmume-0.9.10-win64.zip

2014-03-28 16:05 - 2014-03-28 16:05 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Logitech® Webcam Software

2014-03-28 15:58 - 2014-03-28 15:58 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-03-28 15:57 - 2014-03-28 15:57 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Leadertech

2014-03-28 15:54 - 2014-03-28 15:57 - 00000000 ____D () C:\Program Files (x86)\Logitech

2014-03-28 15:54 - 2014-03-28 15:54 - 00001631 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk

2014-03-28 15:52 - 2014-03-28 15:52 - 74637872 _____ (Logitech, Inc.) C:\Users\Cameron - New\Downloads\lws251.exe

2014-03-28 15:51 - 2014-03-29 00:41 - 00010999 _____ () C:\Windows\system32\lvcoinst.log

2014-03-28 15:51 - 2014-03-28 15:57 - 00000000 ____D () C:\Program Files\Common Files\logishrd

2014-03-23 16:16 - 2014-03-23 16:16 - 00000222 _____ () C:\Users\Cameron - New\Desktop\Rust.url

2014-03-23 11:09 - 2014-03-23 11:09 - 00002570 _____ () C:\Users\Cameron - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Test.lnk

2014-03-23 11:09 - 2014-03-23 11:09 - 00002540 _____ () C:\Users\Cameron - New\Desktop\PlanetSide 2 Test.lnk

2014-03-23 11:08 - 2014-03-23 11:08 - 20095608 _____ () C:\Users\Cameron - New\Downloads\PS2_Test_setup.exe

 

==================== One Month Modified Files and Folders =======

 

2014-04-19 16:09 - 2014-04-19 16:09 - 00000000 ____D () C:\Users\Cameron - New\Desktop\frst 2

2014-04-19 16:09 - 2014-04-18 08:30 - 00000000 ____D () C:\FRST

2014-04-19 16:08 - 2014-04-19 16:08 - 00000000 ____D () C:\Users\Cameron - New\Desktop\FRST-OlderVersion

2014-04-19 16:08 - 2014-04-18 08:30 - 02055680 _____ (Farbar) C:\Users\Cameron - New\Desktop\FRST64.exe

2014-04-19 16:03 - 2014-04-17 22:58 - 00000082 _____ () C:\Windows\system32\ppuxcv.fxh

2014-04-19 16:01 - 2014-04-18 00:01 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f.job

2014-04-19 16:01 - 2012-10-05 15:01 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001UA.job

2014-04-19 16:01 - 2012-10-03 16:21 - 00000260 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job

2014-04-19 15:56 - 2014-04-17 23:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-19 15:53 - 2014-04-17 22:41 - 00037888 _____ () C:\Windows\system32\vnbwgdc.joq

2014-04-19 15:53 - 2014-04-17 22:41 - 00000109 _____ () C:\Windows\system32\kojk.bzm

2014-04-19 15:50 - 2014-04-19 10:46 - 00000000 ____D () C:\Users\Cameron - New\Desktop\frst

2014-04-19 15:50 - 2014-04-18 00:04 - 00000000 ____D () C:\Windows\erdnt

2014-04-19 15:50 - 2013-12-07 13:59 - 00000000 ____D () C:\Program Files (x86)\McAfee.com

2014-04-19 15:50 - 2013-12-07 13:58 - 00000000 ____D () C:\Program Files\McAfee.com

2014-04-19 15:50 - 2013-12-07 13:58 - 00000000 ____D () C:\Program Files\McAfee

2014-04-19 15:50 - 2013-05-31 23:37 - 00000000 ____D () C:\Users\Administrator

2014-04-19 15:50 - 2012-10-02 21:18 - 00000000 ___HD () C:\Users\Cameron

2014-04-19 15:50 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-04-19 15:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration

2014-04-19 15:48 - 2014-03-15 21:37 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006UA.job

2014-04-19 15:46 - 2012-10-03 13:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-19 15:18 - 2013-12-07 14:00 - 00001851 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2014-04-19 15:16 - 2012-10-03 13:42 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-19 15:09 - 2013-12-07 13:45 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-04-19 15:06 - 2013-12-07 13:58 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-04-19 15:02 - 2013-12-03 23:16 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Adobe

2014-04-19 15:00 - 2009-07-13 21:45 - 00026880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-19 15:00 - 2009-07-13 21:45 - 00026880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-19 14:54 - 2014-01-18 12:02 - 00411648 _____ () C:\Users\Cameron - New\AppData\Roaming\RZR_00209d904bfd86e33c8d76c88d9a.db

2014-04-19 14:53 - 2012-10-03 13:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-19 14:52 - 2014-04-18 08:14 - 00000112 _____ () C:\Windows\setupact.log

2014-04-19 14:52 - 2013-12-03 23:15 - 00000000 ____D () C:\Users\Cameron - New

2014-04-19 14:52 - 2012-06-07 01:51 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-19 14:52 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-19 10:53 - 2014-04-19 10:48 - 00000000 ____D () C:\AdwCleaner

2014-04-18 23:51 - 2014-04-18 23:47 - 00001086 _____ () C:\Users\Cameron - New\Desktop\SystemLook.txt

2014-04-18 14:26 - 2012-06-07 01:48 - 01513390 _____ () C:\Windows\WindowsUpdate.log

2014-04-18 13:36 - 2012-10-20 22:31 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001UA.job

2014-04-18 12:31 - 2014-04-18 12:31 - 00039257 _____ () C:\Users\Cameron - New\Desktop\RKreport[0]_S_04182014_123127.txt

2014-04-18 12:31 - 2014-04-17 23:51 - 00000000 ____D () C:\Users\Cameron - New\Desktop\RK_Quarantine

2014-04-18 12:10 - 2014-04-18 12:10 - 04527616 _____ () C:\Users\Cameron - New\Downloads\RogueKillerX64.exe

2014-04-18 12:00 - 2012-10-03 13:48 - 00000000 ____D () C:\Fraps

2014-04-18 11:54 - 2014-04-18 11:54 - 00024483 _____ () C:\Users\Cameron - New\Desktop\dds.txt

2014-04-18 11:54 - 2014-04-18 11:54 - 00014080 _____ () C:\Users\Cameron - New\Desktop\attach.txt

2014-04-18 11:48 - 2014-04-18 11:48 - 00688992 ____R (Swearware) C:\Users\Cameron - New\Desktop\dds.scr

2014-04-18 08:49 - 2014-04-18 08:40 - 00000647 _____ () C:\Users\Cameron - New\Downloads\Search.txt

2014-04-18 08:33 - 2014-04-18 08:32 - 00048015 _____ () C:\Users\Cameron - New\Downloads\Addition.txt

2014-04-18 08:33 - 2014-04-18 08:31 - 00053750 _____ () C:\Users\Cameron - New\Downloads\FRST.txt

2014-04-18 08:14 - 2014-04-18 08:14 - 00001814 _____ () C:\Windows\PFRO.log

2014-04-18 08:14 - 2014-04-18 08:14 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-18 08:12 - 2014-04-18 00:14 - 00000000 ____D () C:\Users\Cameron - New\Desktop\mbar

2014-04-18 08:12 - 2014-04-18 00:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-18 02:00 - 2014-04-18 00:01 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3.job

2014-04-18 01:16 - 2014-04-18 01:16 - 00031982 _____ () C:\ComboFix.txt

2014-04-18 01:16 - 2014-04-18 00:07 - 00000000 ____D () C:\Qoobox

2014-04-18 01:16 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default

2014-04-18 01:05 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-18 00:14 - 2014-04-17 23:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-18 00:13 - 2014-04-18 00:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Cameron - New\Downloads\mbar-1.07.0.1009.exe

2014-04-18 00:12 - 2014-04-17 23:10 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-18 00:11 - 2014-04-18 00:11 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller (1).exe

2014-04-18 00:07 - 2014-04-18 00:07 - 00000000 ____D () C:\Users\Cameron - New\Desktop\oot

2014-04-18 00:06 - 2014-04-18 00:06 - 00465298 _____ () C:\Users\Cameron - New\Downloads\RootRepeal.rar

2014-04-18 00:04 - 2014-04-18 00:04 - 00000000 ____D () C:\SUPERDelete

2014-04-18 00:01 - 2014-04-18 00:01 - 00003620 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b6c5bb64-f344-47cb-acce-2c9e1c573af3

2014-04-18 00:01 - 2014-04-18 00:01 - 00003546 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 89923c26-ed0f-44bd-a734-e25f6e7c0b4f

2014-04-18 00:01 - 2014-04-18 00:01 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\SUPERAntiSpyware.com

2014-04-18 00:01 - 2014-04-18 00:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-04-18 00:00 - 2014-04-18 00:00 - 18736792 _____ (SUPERAntiSpyware) C:\Users\Cameron - New\Downloads\SUPERAntiSpyware.exe

2014-04-18 00:00 - 2014-04-18 00:00 - 05195154 ____R (Swearware) C:\Users\Cameron - New\Downloads\ComboFix.exe

2014-04-18 00:00 - 2014-04-18 00:00 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2014-04-18 00:00 - 2014-04-18 00:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-04-17 23:53 - 2014-04-17 23:53 - 00061440 _____ () C:\Windows\SysWOW64\Drivers\ggvmghm.sys

2014-04-17 23:53 - 2014-04-17 23:53 - 00000694 _____ () C:\Windows\SysWOW64\pmsxrhs.txt

2014-04-17 23:53 - 2014-04-17 23:53 - 00000684 _____ () C:\backup.reg

2014-04-17 23:53 - 2014-04-17 23:53 - 00000574 _____ () C:\cleanup.bat

2014-04-17 23:52 - 2014-04-17 23:52 - 00724952 _____ () C:\Users\Cameron - New\Desktop\avenger.zip

2014-04-17 23:52 - 2014-04-17 23:52 - 00000000 ____D () C:\Users\Cameron - New\Desktop\avenger

2014-04-17 23:51 - 2013-07-26 14:28 - 00000000 ____D () C:\Users\Cameron\NSU

2014-04-17 23:51 - 2013-01-12 23:04 - 00000000 ____D () C:\Users\Cameron\wurm

2014-04-17 23:50 - 2014-04-17 23:50 - 03972608 _____ () C:\Users\Cameron - New\Downloads\RogueKiller.exe

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Downloads\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Downloads\addons.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Documents\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Documents\addons.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Desktop\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\Desktop\addons.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\AppData\extensions.sqlite

2014-04-17 23:50 - 2014-04-17 23:50 - 00000000 _____ () C:\Users\Cameron\AppData\addons.sqlite

2014-04-17 23:50 - 2013-12-12 00:08 - 00000000 ____D () C:\Users\Cameron\FrostWire

2014-04-17 23:50 - 2013-12-12 00:08 - 00000000 ____D () C:\Users\Cameron\.frostwire5

2014-04-17 23:50 - 2012-11-09 18:55 - 00000000 ____D () C:\Users\Cameron\.filecatalyst

2014-04-17 23:47 - 2014-04-17 23:47 - 00003011 _____ () C:\Users\Cameron - New\Desktop\HiJackThis.lnk

2014-04-17 23:47 - 2014-04-17 23:47 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-04-17 23:47 - 2014-04-17 23:47 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-04-17 23:46 - 2014-04-17 23:46 - 01402880 _____ () C:\Users\Cameron - New\Downloads\HijackThis.msi

2014-04-17 23:40 - 2014-04-17 23:40 - 00380416 _____ () C:\Users\Cameron - New\Downloads\onivouwx.exe

2014-04-17 23:16 - 2014-02-01 20:08 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\TS3Client

2014-04-17 23:16 - 2012-10-03 14:13 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-04-17 23:15 - 2014-01-20 15:07 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\CrashDumps

2014-04-17 23:04 - 2014-04-17 23:04 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-17 23:04 - 2014-04-17 23:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-17 23:04 - 2014-04-17 23:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-17 23:03 - 2014-04-17 23:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Cameron - New\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-17 23:01 - 2014-04-17 23:01 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Cameron - New\Downloads\tdsskiller.exe

2014-04-17 22:41 - 2014-04-17 22:41 - 00000064 _____ () C:\Windows\system32\dqdbrbt.hve

2014-04-17 22:38 - 2014-01-17 23:51 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\DayZ

2014-04-17 22:36 - 2012-10-20 22:31 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001Core.job

2014-04-17 22:25 - 2014-04-17 22:25 - 00301959 ____S () C:\Windows\system32\bknovl.rff

2014-04-17 22:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep

2014-04-17 22:01 - 2012-10-05 15:01 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1001Core.job

2014-04-17 20:48 - 2014-03-15 21:36 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006Core.job

2014-04-16 22:16 - 2014-04-16 22:16 - 00001253 _____ () C:\Users\Public\Desktop\Razer Comms.lnk

2014-04-16 22:16 - 2013-11-28 12:53 - 00000000 ____D () C:\ProgramData\Razer

2014-04-16 22:15 - 2013-11-28 12:53 - 00000000 ____D () C:\Windows\Razer Core

2014-04-16 22:14 - 2013-11-28 12:53 - 00000000 ____D () C:\Program Files (x86)\Razer

2014-04-16 22:00 - 2013-11-28 12:53 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2014-04-16 21:59 - 2014-04-16 21:58 - 46645840 _____ (Razer Inc.) C:\Users\Cameron - New\Downloads\RazerComms1.84.1.exe

2014-04-16 19:12 - 2014-01-17 23:52 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Spotify

2014-04-15 20:49 - 2013-12-03 23:16 - 00000000 ___RD () C:\Users\Cameron - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 14:41 - 2014-01-17 23:53 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Spotify

2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\PDAppFlex

2014-04-13 20:32 - 2014-04-13 20:32 - 00003522 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Cameron-PC-Cameron - New

2014-04-12 23:20 - 2014-01-23 23:11 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Skype

2014-04-11 16:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2014-04-10 15:54 - 2014-04-16 22:16 - 00129472 _____ (Razer, Inc.) C:\Windows\system32\Drivers\RzDxgk.sys

2014-04-10 15:54 - 2014-04-16 22:16 - 00074432 _____ (Razer, Inc.) C:\Windows\system32\Drivers\RzFilter.sys

2014-04-09 08:12 - 2012-10-02 22:17 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-09 08:11 - 2013-12-21 02:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-09 08:10 - 2012-10-15 16:06 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-07 17:11 - 2014-04-07 17:11 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\DeSmuME

2014-04-03 22:44 - 2014-04-03 22:43 - 151288940 _____ () C:\Users\Cameron - New\Desktop\Pokemon Black Version 2.zip

2014-04-03 22:43 - 2014-04-03 22:43 - 01670925 _____ () C:\Users\Cameron - New\Desktop\desmume-0.9.10-win64.zip

2014-04-03 09:51 - 2014-04-17 23:04 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-17 23:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 21:01 - 2013-05-25 10:37 - 00000000 ____D () C:\Program Files (x86)\ManyCam

2014-03-30 18:16 - 2014-04-09 08:08 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-30 18:13 - 2014-04-09 08:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-30 17:13 - 2014-04-09 08:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-30 16:57 - 2014-04-09 08:08 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-29 16:40 - 2012-10-03 13:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-29 16:40 - 2012-10-03 13:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-29 00:41 - 2014-03-28 15:51 - 00010999 _____ () C:\Windows\system32\lvcoinst.log

2014-03-28 23:47 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-28 20:43 - 2014-03-15 21:37 - 00003926 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006UA

2014-03-28 20:43 - 2014-03-15 21:36 - 00003530 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3928490357-406338101-452910445-1006Core

2014-03-28 16:06 - 2012-10-22 16:34 - 00000000 ____D () C:\Windows\Minidump

2014-03-28 16:05 - 2014-03-28 16:05 - 00000000 ____D () C:\Users\Cameron - New\AppData\Local\Logitech® Webcam Software

2014-03-28 15:58 - 2014-03-28 15:58 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-03-28 15:57 - 2014-03-28 15:57 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Leadertech

2014-03-28 15:57 - 2014-03-28 15:54 - 00000000 ____D () C:\Program Files (x86)\Logitech

2014-03-28 15:57 - 2014-03-28 15:51 - 00000000 ____D () C:\Program Files\Common Files\logishrd

2014-03-28 15:54 - 2014-03-28 15:54 - 00001631 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk

2014-03-28 15:52 - 2014-03-28 15:52 - 74637872 _____ (Logitech, Inc.) C:\Users\Cameron - New\Downloads\lws251.exe

2014-03-23 16:16 - 2014-03-23 16:16 - 00000222 _____ () C:\Users\Cameron - New\Desktop\Rust.url

2014-03-23 16:16 - 2014-02-03 18:20 - 00000000 ____D () C:\Users\Cameron - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-03-23 11:09 - 2014-03-23 11:09 - 00002570 _____ () C:\Users\Cameron - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Test.lnk

2014-03-23 11:09 - 2014-03-23 11:09 - 00002540 _____ () C:\Users\Cameron - New\Desktop\PlanetSide 2 Test.lnk

2014-03-23 11:08 - 2014-03-23 11:08 - 20095608 _____ () C:\Users\Cameron - New\Downloads\PS2_Test_setup.exe

2014-03-22 21:29 - 2014-02-01 20:07 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-03-22 16:52 - 2013-03-13 21:45 - 00000000 ____D () C:\Program Files (x86)\War Thunder

2014-03-22 16:22 - 2014-01-18 17:43 - 00000000 ____D () C:\Users\Cameron - New\Documents\My Games

 

Files to move or delete:

====================

C:\Users\Cameron - New\AppData\Roaming\PLGComp.ini

 

 

Some content of TEMP:

====================

C:\Users\Cameron - New\AppData\Local\Temp\ntdll_dump.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2010-11-20 20:24] - [2010-11-20 20:24] - 0515072 ____N (Microsoft Corporation) 6B1844565AB2FC463CBED855CA43A88C

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-11 16:32

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

 

-----------------------------------------------------------------------

Then I need to see the Addition.txt

Run FRST again and click scan Make sure the Addition Box is checked!!

Post back the 2 logs.....MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.