1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] R.A.T help anyone?

Discussion in 'Malware Removal Help' started by tylertokeo45, Jun 11, 2014.

  1. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    so I think I have been battling a R.A.T (remote administrative tool). Because my melwarebytes sometime ago blocked "svchost.exe" from the system32 area and i traced the ip that it gave me and it led to Europe, o.0 and before i thought i had the R.A.T I went to buy credits for my game off Paypal and then the next day my account was hacked from EUROPE.. i don't think its a coincidence but of course since i'm very paranoid I checked the cmd netstat -ano and whipped out my task manager and tried to locate it. But didn't find any matches that where established or anything like that.. I have been stumped for weeks now on if i have one or not and if i do how the hell do i delete it cause i know you cant delete any windows files.

    I don't have a picture of the malwarebytes blocking the website and i wrote down the ip but know i cant find it. =(
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi tyler

    Please take note of the following:

    1. Please do not run any other tools unless instructed.
    2. Please don't install or uninstall anything unless asked.
    3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
    4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
    5. Please reply to this thread. Do not start a new topic.

    You don't say what OS you are running.
    So we'll run a program that is compatible with all Windows OS.

    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    Both reports from FRST


    Thanks.
     
    Last edited: Jun 12, 2014
  3. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    here is the first.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
    Ran by Owner (administrator) on OWNER-PC on 12-06-2014 15:48:33
    Running from C:\Users\Owner\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\plugin-nm-server.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7016520 2013-02-05] (Realtek Semiconductor)
    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-11-08] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-05-15] (CyberGhost S.R.L.)
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\MountPoints2: E - E:\SETUP.EXE
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AlienwareDock.lnk
    ShortcutTarget: AlienwareDock.lnk -> C:\Windows\Red Alienware Skin Pack\AlienwareDock\AlienwareDock.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Refresh.lnk
    ShortcutTarget: Refresh.lnk -> C:\Windows\Red Alienware Skin Pack\Tools\Refresh.cmd (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
    ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
    ShortcutTarget: YzShadow.lnk -> C:\Windows\Red Alienware Skin Pack\YzShadow\YzShadow.exe (No File)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alienware Dock.lnk
    ShortcutTarget: Alienware Dock.lnk -> C:\Windows\Red Alienware Skin Pack\AlienwareDock\AlienwareDock.exe (No File)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91447747B841CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={44ACC803-B822-11E2-A3F0-D43D7E2CBE1D}
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={44ACC803-B822-11E2-A3F0-D43D7E2CBE1D}
    SearchScopes: HKCU - DefaultScope {CD5F5E77-F25B-4E14-B707-5F8545054088} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
    SearchScopes: HKCU - {CD5F5E77-F25B-4E14-B707-5F8545054088} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={44ACC803-B822-11E2-A3F0-D43D7E2CBE1D}
    BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: 74.208.10.249 gs.apple.com
    Tcpip\Parameters: [DhcpNameServer] 64.233.217.2 64.233.217.3
    Tcpip\..\Interfaces\{BB8A100C-C6BC-4AC2-A532-8DAD333F9AFC}: [NameServer]206.67.220.123,4.2.2.5

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vl8enoz2.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: geocomply.com/gc_browser_plugin_client_c - C:\PROGRA~2\NJWSOP~1.COM\bin\gc\npgc-browser-plugin-client-c.dll (GeoComply)
    FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-dd7ca4fae8d24153\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-04-26]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-04-26]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-04-26]
    FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-26]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-26]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-04-26]
    CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-26]
    CHR Extension: (Kaspersky Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-05-21]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2014-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Owner\AppData\Local\Google\Chrome\\User Data\\Default\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-05-08]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-11-08] (Kaspersky Lab ZAO)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-16] () [File not signed]
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
    S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
    R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-05-15] (CyberGhost S.R.L)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
    S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-05-09] ()
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
    S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
    S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [572096 2014-04-23] (Valve Corporation) [File not signed]
    R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-09-17] (Microsoft Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-21] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-21] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-08] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-08] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-04] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-12] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
    R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-06-12 15:48 - 2014-06-12 15:49 - 00023541 _____ () C:\Users\Owner\Desktop\FRST.txt
    2014-06-12 15:47 - 2014-06-12 15:48 - 00000000 ____D () C:\FRST
    2014-06-12 15:46 - 2014-06-12 15:46 - 02081792 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-06-12 15:46 - 2014-06-12 15:46 - 02081792 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2014-06-11 23:16 - 2014-06-11 23:16 - 00000000 ___RD () C:\Sandbox
    2014-06-11 23:15 - 2014-06-11 23:25 - 00001440 _____ () C:\Windows\Sandboxie.ini
    2014-06-11 23:15 - 2014-06-11 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
    2014-06-11 23:15 - 2014-06-11 23:14 - 00000910 _____ () C:\Users\Owner\Desktop\Sandboxed Web Browser.lnk
    2014-06-11 23:14 - 2014-06-11 23:14 - 00000000 ____D () C:\Program Files\Sandboxie
    2014-06-11 14:58 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-11 14:58 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-06-11 14:58 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-11 14:58 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-06-11 14:58 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-06-11 14:58 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-06-11 14:58 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-11 14:58 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-06-11 14:58 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-06-11 14:58 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-06-11 14:58 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-06-11 14:58 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-06-11 14:58 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-06-11 14:58 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-11 14:58 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-11 14:58 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-06-11 14:58 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-06-11 14:58 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-11 14:58 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-06-11 14:58 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-11 14:58 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-06-11 14:58 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-06-11 14:58 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-06-11 14:58 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-06-11 14:58 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-06-11 14:58 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-06-11 14:58 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-06-11 14:58 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-11 14:58 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-06-11 14:58 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-06-11 14:58 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-06-11 14:58 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-11 14:58 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-06-11 14:58 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-06-11 14:58 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-06-11 14:58 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-06-11 14:58 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-06-11 14:58 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-06-11 14:58 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-06-11 14:58 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-06-11 14:58 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-06-11 14:58 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-11 14:58 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-06-11 14:58 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-11 14:58 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-06-11 14:58 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-06-11 14:58 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-06-11 14:58 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-06-11 14:58 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-06-11 14:58 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-06-11 14:58 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-06-11 14:58 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-06-11 14:58 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-06-11 14:58 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-06-11 14:58 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-06-11 14:58 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-06-11 14:58 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-06-11 14:58 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-06-11 14:58 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-06-11 14:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-06-11 14:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-06-11 14:57 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-11 14:57 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-11 14:57 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-11 14:57 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-06-11 14:57 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-06-11 14:57 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-11 14:57 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-06-10 21:44 - 2014-06-10 21:44 - 00000000 ____H () C:\Users\Owner\Documents\Default.rdp
    2014-06-10 20:41 - 2014-06-10 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\CyberGhost
    2014-06-10 20:40 - 2014-06-10 20:45 - 00000000 ____D () C:\Program Files\CyberGhost 5
    2014-06-10 20:40 - 2014-06-10 20:41 - 00000000 ____D () C:\Program Files\TAP-Windows
    2014-06-10 20:40 - 2014-06-10 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
    2014-06-07 22:09 - 2014-06-12 12:43 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-06-07 19:57 - 2014-06-11 23:11 - 00000000 ____D () C:\Users\Owner\Desktop\Dolphin-x64
    2014-06-07 19:57 - 2014-06-07 20:25 - 00000000 ____D () C:\Users\Owner\Documents\Dolphin Emulator
    2014-06-07 08:03 - 2014-06-07 08:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2989532F.sys
    2014-06-05 19:08 - 2014-06-05 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2014-06-05 19:08 - 2014-06-05 19:08 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-05-31 12:42 - 2014-05-31 12:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\46E87B4B.sys
    2014-05-30 17:44 - 2014-05-30 17:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18B5334E.sys
    2014-05-27 19:21 - 2014-06-07 08:29 - 00000000 ____D () C:\Program Files (x86)\Nightly
    2014-05-25 11:40 - 2014-06-12 14:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-25 11:39 - 2014-05-30 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-25 11:39 - 2014-05-30 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-25 11:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-25 11:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-22 13:52 - 2014-05-22 13:52 - 00308104 _____ () C:\Windows\Minidump\052214-21996-01.dmp
    2014-05-19 18:41 - 2014-05-25 21:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
    2014-05-15 17:29 - 2014-05-15 17:29 - 00003042 _____ () C:\Windows\System32\Tasks\{FDEDEA7D-791C-4D83-AAAB-1FF71763919C}
    2014-05-15 17:25 - 2014-05-15 17:25 - 00003042 _____ () C:\Windows\System32\Tasks\{1BAC66E7-8C0E-484B-BA03-B3D490496EE2}
    2014-05-15 17:22 - 2008-07-10 16:33 - 00079896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
    2014-05-15 17:22 - 2008-07-10 16:33 - 00050200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
    2014-05-15 17:18 - 2014-05-15 17:20 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
    2014-05-15 17:18 - 2014-05-15 17:18 - 00000000 ____D () C:\Windows\SysWOW64\1033
    2014-05-15 17:18 - 2014-05-15 17:18 - 00000000 ____D () C:\Windows\system32\1033
    2014-05-15 17:17 - 2014-05-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
    2014-05-15 17:15 - 2014-05-15 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
    2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-05-15 17:13 - 2014-05-17 03:02 - 00001417 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
    2014-05-15 17:13 - 2014-05-15 17:13 - 00000000 ____D () C:\Users\Owner\Documents\Visual Studio 2008
    2014-05-15 17:13 - 2014-05-15 17:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
    2014-05-15 17:11 - 2014-05-17 03:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-05-15 17:11 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
    2014-05-15 17:11 - 2014-05-15 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
    2014-05-15 17:11 - 2014-05-15 17:11 - 00000000 ____D () C:\Program Files\Microsoft SDKs
    2014-05-15 17:11 - 2014-05-15 17:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2014-05-15 17:10 - 2014-05-15 17:10 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
    2014-05-13 21:03 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-13 21:03 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-13 21:01 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-13 21:01 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-13 21:01 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-13 21:01 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-13 21:01 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-13 21:01 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-13 21:01 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-13 21:01 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-13 21:01 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-13 21:01 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-13 21:01 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-13 21:01 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-13 21:01 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-13 21:01 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-13 21:01 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-13 21:01 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-13 21:01 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-13 21:01 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-13 21:01 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-13 21:01 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-13 21:01 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-13 21:01 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-13 21:01 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-13 21:01 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-13 21:01 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-05-13 19:58 - 2014-05-13 19:58 - 00000000 ____D () C:\Users\Owner\Documents\Activision

    ==================== One Month Modified Files and Folders =======

    2014-06-12 15:49 - 2014-06-12 15:48 - 00023541 _____ () C:\Users\Owner\Desktop\FRST.txt
    2014-06-12 15:49 - 2013-04-24 15:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
    2014-06-12 15:48 - 2014-06-12 15:47 - 00000000 ____D () C:\FRST
    2014-06-12 15:48 - 2014-01-04 16:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-06-12 15:46 - 2014-06-12 15:46 - 02081792 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-06-12 15:46 - 2014-06-12 15:46 - 02081792 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2014-06-12 15:45 - 2013-04-26 18:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
    2014-06-12 15:34 - 2013-04-26 18:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-06-12 15:30 - 2013-04-26 19:58 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-06-12 15:21 - 2013-04-26 18:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-06-12 14:53 - 2014-05-25 11:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-12 14:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
    2014-06-12 14:34 - 2013-04-26 18:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-06-12 12:50 - 2013-04-24 18:13 - 01090490 _____ () C:\Windows\WindowsUpdate.log
    2014-06-12 12:43 - 2014-06-07 22:09 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-06-12 12:43 - 2009-07-14 00:51 - 00117415 _____ () C:\Windows\setupact.log
    2014-06-12 12:42 - 2013-09-22 17:35 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-06-12 12:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-12 12:40 - 2009-07-14 00:45 - 00025648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-06-12 12:40 - 2009-07-14 00:45 - 00025648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-06-12 00:50 - 2013-08-18 02:23 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-12 00:48 - 2013-04-24 19:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-06-12 00:46 - 2014-05-06 17:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-06-11 23:25 - 2014-06-11 23:15 - 00001440 _____ () C:\Windows\Sandboxie.ini
    2014-06-11 23:16 - 2014-06-11 23:16 - 00000000 ___RD () C:\Sandbox
    2014-06-11 23:15 - 2014-06-11 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
    2014-06-11 23:14 - 2014-06-11 23:15 - 00000910 _____ () C:\Users\Owner\Desktop\Sandboxed Web Browser.lnk
    2014-06-11 23:14 - 2014-06-11 23:14 - 00000000 ____D () C:\Program Files\Sandboxie
    2014-06-11 23:11 - 2014-06-07 19:57 - 00000000 ____D () C:\Users\Owner\Desktop\Dolphin-x64
    2014-06-11 21:19 - 2013-05-09 21:39 - 00000044 _____ () C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
    2014-06-11 00:23 - 2013-04-26 18:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
    2014-06-10 23:35 - 2010-11-20 23:47 - 00218266 _____ () C:\Windows\PFRO.log
    2014-06-10 21:44 - 2014-06-10 21:44 - 00000000 ____H () C:\Users\Owner\Documents\Default.rdp
    2014-06-10 20:45 - 2014-06-10 20:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\CyberGhost
    2014-06-10 20:45 - 2014-06-10 20:40 - 00000000 ____D () C:\Program Files\CyberGhost 5
    2014-06-10 20:41 - 2014-06-10 20:40 - 00000000 ____D () C:\Program Files\TAP-Windows
    2014-06-10 20:40 - 2014-06-10 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
    2014-06-10 18:44 - 2013-04-26 18:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-06-10 18:44 - 2013-04-26 18:13 - 00000000 ____D () C:\ProgramData\Skype
    2014-06-08 14:20 - 2013-04-24 15:20 - 00000000 __SHD () C:\Recovery
    2014-06-08 13:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-06-08 05:13 - 2014-06-11 14:57 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-08 05:08 - 2014-06-11 14:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-07 20:25 - 2014-06-07 19:57 - 00000000 ____D () C:\Users\Owner\Documents\Dolphin Emulator
    2014-06-07 15:43 - 2014-05-10 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-06-07 08:29 - 2014-05-27 19:21 - 00000000 ____D () C:\Program Files (x86)\Nightly
    2014-06-07 08:03 - 2014-06-07 08:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2989532F.sys
    2014-06-05 19:30 - 2014-05-01 09:48 - 00000000 ____D () C:\Users\Owner\Orion
    2014-06-05 19:08 - 2014-06-05 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2014-06-05 19:08 - 2014-06-05 19:08 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-06-05 19:08 - 2014-05-10 15:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2014-06-05 19:08 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-06-04 18:34 - 2014-04-12 17:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2014-05-31 12:42 - 2014-05-31 12:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\46E87B4B.sys
    2014-05-30 19:44 - 2014-05-25 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-30 19:44 - 2014-05-25 11:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-30 17:44 - 2014-05-30 17:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18B5334E.sys
    2014-05-30 06:21 - 2014-06-11 14:57 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-30 06:02 - 2014-06-11 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-30 06:02 - 2014-06-11 14:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-05-30 05:45 - 2014-06-11 14:58 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-05-30 05:39 - 2014-06-11 14:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-05-30 05:39 - 2014-06-11 14:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-05-30 05:38 - 2014-06-11 14:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-05-30 05:28 - 2014-06-11 14:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-05-30 05:27 - 2014-06-11 14:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-05-30 05:24 - 2014-06-11 14:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-05-30 05:21 - 2014-06-11 14:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-05-30 05:21 - 2014-06-11 14:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-05-30 05:20 - 2014-06-11 14:58 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-05-30 05:18 - 2014-06-11 14:58 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-30 05:11 - 2014-06-11 14:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-05-30 05:08 - 2014-06-11 14:58 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-05-30 05:06 - 2014-06-11 14:58 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-05-30 05:02 - 2014-06-11 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-30 04:55 - 2014-06-11 14:58 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-05-30 04:49 - 2014-06-11 14:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-05-30 04:46 - 2014-06-11 14:58 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-30 04:44 - 2014-06-11 14:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-05-30 04:44 - 2014-06-11 14:58 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-05-30 04:43 - 2014-06-11 14:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-05-30 04:42 - 2014-06-11 14:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-05-30 04:38 - 2014-06-11 14:58 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-05-30 04:35 - 2014-06-11 14:58 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-05-30 04:34 - 2014-06-11 14:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-05-30 04:33 - 2014-06-11 14:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-05-30 04:30 - 2014-06-11 14:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-05-30 04:29 - 2014-06-11 14:58 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-05-30 04:28 - 2014-06-11 14:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-05-30 04:27 - 2014-06-11 14:58 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-05-30 04:24 - 2014-06-11 14:58 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-05-30 04:23 - 2014-06-11 14:58 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-05-30 04:16 - 2014-06-11 14:58 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-05-30 04:10 - 2014-06-11 14:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-05-30 04:06 - 2014-06-11 14:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-05-30 04:04 - 2014-06-11 14:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-30 04:02 - 2014-06-11 14:58 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-05-30 03:56 - 2014-06-11 14:58 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-05-30 03:56 - 2014-06-11 14:57 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-05-30 03:54 - 2014-06-11 14:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-05-30 03:50 - 2014-06-11 14:58 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-05-30 03:49 - 2014-06-11 14:58 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-05-30 03:43 - 2014-06-11 14:58 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-05-30 03:40 - 2014-06-11 14:58 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-05-30 03:30 - 2014-06-11 14:58 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-05-30 03:21 - 2014-06-11 14:58 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-05-30 03:15 - 2014-06-11 14:58 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-05-30 03:13 - 2014-06-11 14:58 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-05-30 03:13 - 2014-06-11 14:57 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-05-26 11:07 - 2013-06-05 22:14 - 00000000 ____D () C:\Windows\Minidump
    2014-05-25 21:41 - 2014-05-19 18:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent
    2014-05-25 11:39 - 2013-12-31 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-05-25 11:39 - 2013-09-30 15:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-24 02:01 - 2014-01-04 16:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\FullTiltPoker
    2014-05-24 02:01 - 2014-01-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
    2014-05-24 01:42 - 2014-01-04 16:29 - 00000000 ____D () C:\Users\Owner\Documents\NJ.WSOP.com
    2014-05-23 22:25 - 2014-04-16 15:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\ArmA 2 OA
    2014-05-22 13:52 - 2014-05-22 13:52 - 00308104 _____ () C:\Windows\Minidump\052214-21996-01.dmp
    2014-05-22 13:52 - 2013-12-21 10:23 - 618724543 _____ () C:\Windows\MEMORY.DMP
    2014-05-21 16:41 - 2013-04-26 18:13 - 00628320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
    2014-05-21 16:41 - 2013-04-26 18:13 - 00091008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
    2014-05-17 03:03 - 2014-05-15 17:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
    2014-05-17 03:02 - 2014-05-17 03:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
    2014-05-17 03:02 - 2014-05-15 17:13 - 00001417 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
    2014-05-15 17:29 - 2014-05-15 17:29 - 00003042 _____ () C:\Windows\System32\Tasks\{FDEDEA7D-791C-4D83-AAAB-1FF71763919C}
    2014-05-15 17:25 - 2014-05-15 17:25 - 00003042 _____ () C:\Windows\System32\Tasks\{1BAC66E7-8C0E-484B-BA03-B3D490496EE2}
    2014-05-15 17:22 - 2013-05-26 20:28 - 00890226 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-05-15 17:21 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2014-05-15 17:20 - 2014-05-15 17:18 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
    2014-05-15 17:20 - 2014-05-15 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
    2014-05-15 17:18 - 2014-05-15 17:18 - 00000000 ____D () C:\Windows\SysWOW64\1033
    2014-05-15 17:18 - 2014-05-15 17:18 - 00000000 ____D () C:\Windows\system32\1033
    2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
    2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-05-15 17:15 - 2014-05-15 17:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
    2014-05-15 17:13 - 2014-05-15 17:13 - 00000000 ____D () C:\Users\Owner\Documents\Visual Studio 2008
    2014-05-15 17:13 - 2014-05-15 17:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
    2014-05-15 17:11 - 2014-05-15 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
    2014-05-15 17:11 - 2014-05-15 17:11 - 00000000 ____D () C:\Program Files\Microsoft SDKs
    2014-05-15 17:11 - 2014-05-15 17:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2014-05-15 17:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-05-15 17:10 - 2014-05-15 17:10 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
    2014-05-15 10:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-05-14 15:43 - 2013-04-24 15:23 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-14 15:43 - 2013-04-24 15:23 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-13 20:48 - 2014-01-04 16:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-13 20:48 - 2014-01-04 16:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-05-13 20:48 - 2014-01-04 16:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-05-13 19:58 - 2014-05-13 19:58 - 00000000 ____D () C:\Users\Owner\Documents\Activision

    Files to move or delete:
    ====================
    C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
    C:\Users\Owner\jagex_cl_runescape_LIVE.dat
    C:\Users\Owner\jagex_cl_runescape_LIVE_BETA.dat
    C:\Users\Owner\jagex_cl_speccollect_LIVE.dat
    C:\Users\Owner\random.dat


    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7390006.dll
    C:\Users\Owner\AppData\Local\Temp\ICReinstall_FileZilla_3.7.4.1_win32-setup.exe
    C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-2-g85f5776-b3023jnks.dll
    C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
    C:\Users\Owner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\Owner\AppData\Local\Temp\WrapperSoftonicOmgSearchProtect.exe
    C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-06-08 12:38

    ==================== End Of Log ============================

    also the addition thingy

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
    Ran by Owner at 2014-06-12 15:49:48
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{039B859F-360B-58D8-F86F-C277BA6ED7D8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
    Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
    Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)
    Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
    Axife Mouse Recorder DEMO 5.01 (HKLM-x32\...\Axife Mouse Recorder DEMO_is1) (Version: - Axife Software)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
    BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
    Burnoutâ„¢ Paradise: The Ultimate Box (HKLM-x32\...\{1CDC8E7D-CDFC-4C2B-A080-23D943354625}) (Version: 1.1.0.0 - Electronic Arts)
    Call of Duty - World at War (HKLM-x32\...\{2775C25A-DF39-44AA-8E59-E0447DC164C2}) (Version: 1.00.0000 - Modern)
    Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: - ) Hidden
    Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
    Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: - ) Hidden
    Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
    Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: - ) Hidden
    Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
    Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: - ) Hidden
    Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
    Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: - ) Hidden
    Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
    Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - )
    Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
    Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version: - Treyarch)
    Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
    Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
    CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
    DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
    DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
    Diablo II Shareware (HKCU\...\Diablo II Shareware) (Version: - )
    Diablo II Shareware (HKLM-x32\...\Diablo II Shareware) (Version: - )
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
    Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Game Studios)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FATE (HKLM-x32\...\Steam App 246840) (Version: - WildTangent)
    FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.4.2.WIN.FullTilt.COM - )
    GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
    HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
    Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
    Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
    Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
    Left 4 Dead 2 Add-on Support (HKLM-x32\...\Steam App 564) (Version: - Valve)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0a1 - Mozilla)
    MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
    MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
    NEStalgia (HKLM-x32\...\Steam App 249550) (Version: - Silk Games)
    Nightly 32.0a1 (x86 en-US) (HKLM-x32\...\Nightly 32.0a1 (x86 en-US)) (Version: 32.0a1 - Mozilla)
    NJ.WSOP.com (HKLM-x32\...\NJ.WSOP.com) (Version: - )
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
    NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
    NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
    Oracle VM VirtualBox 4.2.22 (HKLM\...\{CC9889DA-F802-4C85-B543-15C02543BA29}) (Version: 4.2.22 - Oracle Corporation)
    Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version: - The Men Who Wear Many Hats)
    Poke (HKLM-x32\...\{FC9F924E-9472-45F1-980D-8267E47AA054}) (Version: 2.0.1 - CodeFromThe70s.org)
    Project 64 version 2.0.0.14 (HKLM-x32\...\Project 64_is1) (Version: 2.0.0.14 - )
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
    Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6839 - Realtek Semiconductor Corp.)
    RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
    ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
    Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
    SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
    Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
    Skypeâ„¢ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.3.0.2 - Splashtop Inc.)
    Splashtop Streamer (x32 Version: 2.3.0.2 - Splashtop Inc.) Hidden
    Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
    SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    TL-WN822N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.00.0000 - TP-LINK)
    TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
    Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    ==================== Restore Points =========================

    29-05-2014 04:00:07 Scheduled Checkpoint
    30-05-2014 21:13:57 Windows Update
    03-06-2014 19:36:29 Windows Update
    06-06-2014 21:02:27 Windows Update
    11-06-2014 00:40:51 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
    11-06-2014 02:48:02 Windows Defender Checkpoint
    11-06-2014 18:53:08 Windows Update
    12-06-2014 04:45:44 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2013-11-11 17:05 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
    74.208.10.249 gs.apple.com

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1775C6DA-04B7-4619-B524-6A09082D2E1B} - System32\Tasks\{6358E87C-BB5D-489F-9F92-C66DAED0C887} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.105/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
    Task: {209E01C5-3E77-4AD2-AF64-8D8C05F62EAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
    Task: {4C1EBFFE-F243-4453-A975-CD10CD6825D3} - System32\Tasks\{EA807CB4-C01F-4827-91FB-0DA4DB0276F8} => C:\Program Files (x86)\Steam\Steam.exe [2014-05-29] (Valve Corporation)
    Task: {53C3F551-602E-4706-B1E4-FE26A39B4D20} - System32\Tasks\{FDEDEA7D-791C-4D83-AAAB-1FF71763919C} => C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29] (Microsoft Corporation)
    Task: {56A514C6-F3F5-4ED2-8D80-3A046013530C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
    Task: {616F528D-3BF7-472A-A154-E689765ED804} - System32\Tasks\{62FC6D11-21B9-46BD-A75A-EDA8C95391E5} => C:\Users\Owner\Desktop\Xpadder.exe
    Task: {7B6637D0-C0A6-4510-8D10-86763896E2D7} - System32\Tasks\{1BAC66E7-8C0E-484B-BA03-B3D490496EE2} => C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29] (Microsoft Corporation)
    Task: {FDBBE2B1-6F4F-44AC-8BBD-48D8FF990165} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-04-24 19:27 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-09-12 17:20 - 2012-09-12 17:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2013-09-19 19:16 - 2013-09-19 19:16 - 00012520 _____ () C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
    2013-09-19 19:16 - 2013-09-19 19:16 - 00015080 _____ () C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
    2013-09-19 19:16 - 2013-09-19 19:16 - 00014056 _____ () C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
    2014-05-09 15:07 - 2014-05-09 15:07 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2012-08-17 21:39 - 2013-04-26 18:33 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
    2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
    2014-05-22 13:53 - 2014-04-29 20:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
    2014-04-22 19:01 - 2014-04-29 20:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
    2014-05-22 13:53 - 2014-04-29 20:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
    2014-01-10 21:19 - 2014-04-29 20:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
    2013-03-25 14:23 - 2014-05-16 21:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2014-05-22 13:53 - 2014-05-29 13:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-05-22 13:53 - 2014-04-28 20:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
    2013-04-19 13:10 - 2014-05-29 13:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2013-03-26 16:16 - 2014-05-01 19:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2012-12-11 09:51 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    2012-12-11 09:51 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
    2012-12-11 09:51 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
    2014-02-11 15:29 - 2014-02-11 15:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2014-05-24 22:36 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
    2014-05-24 22:36 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
    2014-05-24 22:36 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
    2014-05-24 22:36 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
    2014-05-24 22:36 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
    2014-05-24 22:36 - 2014-05-13 19:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    MSCONFIG\Services: TermService => 3

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/12/2014 00:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/12/2014 00:44:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
    Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
    at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (06/12/2014 00:39:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
    Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
    at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (06/11/2014 11:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/11/2014 11:50:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DataProxy.exe, version: 2.30.4.2751, time stamp: 0x515c1403
    Faulting module name: DataProxy.exe, version: 2.30.4.2751, time stamp: 0x515c1403
    Exception code: 0x40000015
    Fault offset: 0x0014cbc0
    Faulting process id: 0x1060
    Faulting application start time: 0xDataProxy.exe0
    Faulting application path: DataProxy.exe1
    Faulting module path: DataProxy.exe2
    Report Id: DataProxy.exe3

    Error: (06/10/2014 11:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/10/2014 11:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: fa0

    Start Time: 01cf84fd463c04e0

    Termination Time: 59

    Application Path: C:\Windows\Explorer.EXE

    Report Id: 635f8288-f118-11e3-b075-d43d7e2cbe1d

    Error: (06/10/2014 09:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DataProxy.exe, version: 2.30.4.2751, time stamp: 0x515c1403
    Faulting module name: DataProxy.exe, version: 2.30.4.2751, time stamp: 0x515c1403
    Exception code: 0x40000015
    Fault offset: 0x0014cbc0
    Faulting process id: 0x21f4
    Faulting application start time: 0xDataProxy.exe0
    Faulting application path: DataProxy.exe1
    Faulting module path: DataProxy.exe2
    Report Id: DataProxy.exe3

    Error: (06/10/2014 08:46:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DataProxy.exe, version: 2.30.4.2751, time stamp: 0x515c1403
    Faulting module name: DataProxy.exe, version: 2.30.4.2751, time stamp: 0x515c1403
    Exception code: 0x40000015
    Fault offset: 0x0014cbc0
    Faulting process id: 0x118c
    Faulting application start time: 0xDataProxy.exe0
    Faulting application path: DataProxy.exe1
    Faulting module path: DataProxy.exe2
    Report Id: DataProxy.exe3

    Error: (06/10/2014 06:43:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (06/12/2014 02:12:49 PM) (Source: BROWSER) (EventID: 8032) (User: )
    Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BB8A100C-C6BC-4AC2-A532-8DAD333F9AFC}.
    The backup browser is stopping.

    Error: (06/12/2014 00:44:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The BlueStacks Android Service service terminated with the following error:
    %%1064

    Error: (06/12/2014 00:43:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
    %%1053

    Error: (06/12/2014 00:43:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Log Rotator Service service to connect.

    Error: (06/12/2014 00:42:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (06/12/2014 00:39:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The BlueStacks Android Service service terminated with the following error:
    %%1064

    Error: (06/12/2014 00:39:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (06/12/2014 00:39:24 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:37:57 PM on ‎6/‎12/‎2014 was unexpected.

    Error: (06/12/2014 00:37:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (06/11/2014 04:41:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The BlueStacks Android Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (06/12/2014 00:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/12/2014 00:44:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
    Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
    at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (06/12/2014 00:39:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
    Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
    at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (06/11/2014 11:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/11/2014 11:50:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DataProxy.exe2.30.4.2751515c1403DataProxy.exe2.30.4.2751515c1403400000150014cbc0106001cf858cc790adf3C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exeC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe1df290cb-f180-11e3-9917-d43d7e2cbe1d

    Error: (06/10/2014 11:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/10/2014 11:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Explorer.EXE6.1.7601.17567fa001cf84fd463c04e059C:\Windows\Explorer.EXE635f8288-f118-11e3-b075-d43d7e2cbe1d

    Error: (06/10/2014 09:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DataProxy.exe2.30.4.2751515c1403DataProxy.exe2.30.4.2751515c1403400000150014cbc021f401cf85146274e4e2C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exeC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exea912997f-f107-11e3-b075-d43d7e2cbe1d

    Error: (06/10/2014 08:46:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DataProxy.exe2.30.4.2751515c1403DataProxy.exe2.30.4.2751515c1403400000150014cbc0118c01cf850e89500dfcC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exeC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.execfe4e8d8-f101-11e3-b075-d43d7e2cbe1d

    Error: (06/10/2014 06:43:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2014-06-12 12:59:51.569
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:59:51.564
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:59:51.552
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:59:51.550
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:52:37.453
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:52:37.432
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:52:37.430
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:52:37.426
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-12 12:52:37.400
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-08 15:05:02.903
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 32%
    Total physical RAM: 8182.69 MB
    Available physical RAM: 5530.64 MB
    Total Pagefile: 16363.56 MB
    Available Pagefile: 13099 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (anthonys drive) (Fixed) (Total:931.41 GB) (Free:679.41 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 89D3149B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    and I also tried restoring the whole system but its a custom build and I don't know where i put the win 7 cd's
    thanks for the help too.
     
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi tyler

    Was this just a one of thing or has it happened since?

    I see from the report that Bit Torrent has previously been installed:

    P2P Warning
    Please note that as long as you use any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    You may decide to continue P2P sharing in the future, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

    FRST has flagged up explorer.exe as possibly being infected.
    We'll sort that and will then get a deeper scan done to double check this.

    Step 1
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 2
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    43c570796652d991e1e20da3e3b6dbf8.gif


    800cf471fe28906ff16e98b15f499276.gif

    This is an example, you may rename ComboFix to anything you want.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.

      Vista/Win7 users should right click on the icon and select Run as Administrator.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    26e77460a9cbaa26ac39f09f454a3e72.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    da265dcd8e88403401ae34d7ec7d9943.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    In your next reply, please submit:
    Fixlog.txt
    Combofix.txt


    Thanks.
     

    Attached Files:

  5. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    here is the combofix.txt:
    ComboFix 14-06-12.01 - Owner 06/12/2014 19:11:45.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5604 [GMT -4:00]
    Running from: C:\Users\Owner\Desktop\Combo-Fix.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\install.exe
    C:\Users\Owner\AppData\Roaming\log.dat
    C:\Win
    C:\Win\W95.IMG
    C:\Win\w98.img
    C:\Windows\PFRO.log
    C:\Windows\SysWow64\themeui.dll.tmp
    C:\Windows\SysWow64\uxtheme.dll.tmp


    ((((((((((((((((((((((((( Files Created from 2014-05-12 to 2014-06-12 )))))))))))))))))))))))))))))))


    2014-06-12 23:32:43 . 2014-06-12 23:32:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2014-06-12 23:17:05 . 2014-06-12 23:17:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FC4A9E2-E55C-4302-83F2-B36D67856AD0}\offreg.dll
    2014-06-12 19:47:36 . 2014-06-12 23:00:50 -------- d-----w- C:\FRST
    2014-06-12 03:16:24 . 2014-06-12 03:16:24 -------- d-----r- C:\Sandbox
    2014-06-12 03:14:41 . 2014-06-12 03:14:41 -------- d-----w- C:\Program Files\Sandboxie
    2014-06-11 18:57:59 . 2014-06-02 06:03:17 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2014-06-11 18:57:59 . 2014-05-30 10:22:03 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2014-06-11 18:57:59 . 2014-05-30 08:49:21 195584 ----a-w- C:\Windows\system32\msrating.dll
    2014-06-11 18:57:59 . 2014-05-30 08:46:55 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2014-06-11 18:57:59 . 2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\system32\wininet.dll
    2014-06-11 18:57:59 . 2014-05-30 07:20:09 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2014-06-11 18:57:59 . 2014-05-30 07:13:09 846336 ----a-w- C:\Windows\system32\ieapfltr.dll
    2014-06-11 18:57:58 . 2014-05-30 10:21:26 23414784 ----a-w- C:\Windows\system32\mshtml.dll
    2014-06-11 18:57:58 . 2014-05-30 09:11:24 940032 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-06-11 18:57:29 . 2014-06-08 09:13:05 506368 ----a-w- C:\Windows\system32\aepdu.dll
    2014-06-11 18:57:29 . 2014-06-08 09:08:04 424448 ----a-w- C:\Windows\system32\aeinv.dll
    2014-06-11 18:54:17 . 2014-04-30 23:20:02 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FC4A9E2-E55C-4302-83F2-B36D67856AD0}\mpengine.dll
    2014-06-11 00:41:37 . 2014-06-11 00:45:51 -------- d-----w- C:\Users\Owner\AppData\Local\CyberGhost
    2014-06-11 00:40:39 . 2014-06-11 00:41:32 -------- d-----w- C:\Program Files\TAP-Windows
    2014-06-11 00:40:16 . 2014-06-11 00:45:50 -------- d-----w- C:\Program Files\CyberGhost 5
    2014-06-10 22:44:27 . 2014-06-10 22:44:27 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
    2014-06-07 12:03:38 . 2014-06-07 12:03:38 122584 ----a-w- C:\Windows\system32\drivers\2989532F.sys
    2014-06-05 23:08:13 . 2014-06-05 23:08:14 -------- d-----w- C:\Program Files\McAfee Security Scan
    2014-05-31 16:42:53 . 2014-05-31 16:42:53 122584 ----a-w- C:\Windows\system32\drivers\46E87B4B.sys
    2014-05-30 21:44:06 . 2014-05-30 21:44:06 119512 ----a-w- C:\Windows\system32\drivers\18B5334E.sys
    2014-05-27 23:21:59 . 2014-06-07 12:29:53 -------- d-----w- C:\Program Files (x86)\Nightly
    2014-05-25 15:40:25 . 2014-06-12 23:06:29 122584 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-25 15:39:32 . 2014-05-30 23:44:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-25 15:39:32 . 2014-05-12 11:26:10 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
    2014-05-25 15:39:32 . 2014-05-12 11:26:00 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
    2014-05-17 07:02:11 . 2014-05-17 07:02:11 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
    2014-05-15 21:22:23 . 2008-07-10 20:33:02 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
    2014-05-15 21:22:05 . 2008-07-10 20:33:02 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
    2014-05-15 21:18:54 . 2014-05-15 21:20:24 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2014-05-15 21:18:54 . 2014-05-15 21:18:54 -------- d-----w- C:\Windows\SysWow64\1033
    2014-05-15 21:18:54 . 2014-05-15 21:18:54 -------- d-----w- C:\Windows\system32\1033
    2014-05-15 21:15:13 . 2014-05-15 21:21:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2014-05-15 21:15:02 . 2014-05-15 21:15:02 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2014-05-15 21:15:02 . 2014-05-15 21:15:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-05-15 21:13:19 . 2014-05-15 21:13:19 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help
    2014-05-15 21:11:36 . 2014-05-15 21:15:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 9.0
    2014-05-15 21:11:36 . 2014-05-15 21:11:36 -------- d-----w- C:\Program Files (x86)\Microsoft SDKs
    2014-05-15 21:11:35 . 2014-05-17 07:03:08 -------- d-----w- C:\ProgramData\Microsoft Help
    2014-05-15 21:11:09 . 2014-05-15 21:11:09 -------- d-----w- C:\Program Files\Microsoft SDKs
    2014-05-15 21:10:59 . 2014-05-15 21:10:59 -------- d-----w- C:\Program Files\Microsoft Visual Studio 9.0
    2014-05-14 01:03:49 . 2014-03-25 02:43:12 14175744 ----a-w- C:\Windows\system32\shell32.dll
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2014-06-12 04:48:45 . 2013-04-24 23:34:02 95414520 ----a-w- C:\Windows\system32\MRT.exe
    2014-05-21 20:41:19 . 2013-04-26 22:13:29 628320 ----a-w- C:\Windows\system32\drivers\klif.sys
    2014-05-21 20:41:18 . 2013-04-26 22:13:29 91008 ----a-w- C:\Windows\system32\drivers\klflt.sys
    2014-05-14 00:48:50 . 2014-01-04 20:26:48 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-14 00:48:50 . 2014-01-04 20:26:48 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-12 11:25:56 . 2013-12-31 23:34:25 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2014-05-10 15:52:29 . 2014-05-09 19:07:29 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-05-09 19:07:13 . 2014-05-09 19:07:13 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
    2014-05-09 19:07:13 . 2014-05-09 19:07:13 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2014-04-02 13:27:17 . 2013-11-23 16:43:11 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-04-02 13:27:05 . 2013-11-23 16:43:11 1225920 ----a-w- C:\Windows\system32\nvspcap64.dll
    2014-03-31 13:35:08 . 2010-11-21 03:27:21 270496 ------w- C:\Windows\system32\MpSigStub.exe
    2014-03-21 19:43:52 . 2014-04-18 18:36:12 40392 ----a-w- C:\Windows\system32\drivers\nvvad64v.sys
    2014-03-21 19:43:50 . 2014-04-18 18:36:12 33568 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-03-21 19:43:50 . 2013-09-22 21:58:12 37320 ----a-w- C:\Windows\system32\nvaudcap64v.dll
    2014-03-16 23:16:48 . 2014-03-16 23:17:33 312744 ----a-w- C:\Windows\system32\javaws.exe
    2014-03-16 23:16:48 . 2014-03-16 23:16:54 189352 ----a-w- C:\Windows\system32\javaw.exe
    2014-03-16 23:16:48 . 2014-03-16 23:16:54 189352 ----a-w- C:\Windows\system32\java.exe
    2014-03-16 23:16:48 . 2014-03-16 23:16:54 108968 ----a-w- C:\Windows\system32\WindowsAccessBridge-64.dll


    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.

    [7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [-] 2013-04-24 19:22:01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll

    [-] 2013-04-24 19:22:01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\SysWOW64\user32.dll
    [7] 2010-11-21 03:24:20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2014-05-29 17:36:48 1754816]
    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2014-05-08 15:25:40 21446272]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:52 1475584]
    "CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.EXE" [2014-05-15 14:40:50 404080]
    "SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2014-05-29 18:33:00 784392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-12 22:22:20 642216]
    "AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-11-08 23:11:17 356128]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 14:16:26 254336]
    "Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [2014-05-31 20:26:48 585048]
    "BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" [2014-05-01 16:59:34 832272]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
    TP-LINK Wireless Configuration Utility.lnk - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-4-26 788992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;C:\Program Files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
    R3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys;C:\Windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 kltdi;kltdi;C:\Windows\system32\DRIVERS\kltdi.sys;C:\Windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;C:\Windows\system32\DRIVERS\kneps.sys;C:\Windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    S2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 CGVPNCliService;CyberGhost 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe;C:\Program Files\CyberGhost 5\Service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys;C:\Windows\SYSNATIVE\DRIVERS\athurx.sys [x]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\system32\DRIVERS\klkbdflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 rzendpt;rzendpt;C:\Windows\system32\DRIVERS\rzendpt.sys;C:\Windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
    S3 rzudd;Razer Keyboard Driver;C:\Windows\system32\DRIVERS\rzudd.sys;C:\Windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-06-12 22:35:03 1091912 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

    Contents of the 'Scheduled Tasks' folder

    2014-06-12 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-04 20:26:50 . 2014-05-14 00:48:51]

    2014-06-12 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 22:10:32 . 2013-04-26 22:10:31]

    2014-06-12 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 22:10:32 . 2013-04-26 22:10:31]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-02-05 23:11:44 7016520]
    "ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2014-04-02 13:27:05 1225920]
    "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 13:29:05 2201032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    ------- Supplementary Scan -------

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 64.233.217.2 64.233.217.3
    TCP: Interfaces\{BB8A100C-C6BC-4AC2-A532-8DAD333F9AFC}: NameServer = 206.67.220.123,4.2.2.5
    TCP: Interfaces\{BB8A100C-C6BC-4AC2-A532-8DAD333F9AFC}\2375942554235303: NameServer = 206.67.220.123,4.2.2.5
    TCP: Interfaces\{BB8A100C-C6BC-4AC2-A532-8DAD333F9AFC}\5627569726F6469702C6F667563702D697027796669612: NameServer = 206.67.220.123,4.2.2.5
    TCP: Interfaces\{BB8A100C-C6BC-4AC2-A532-8DAD333F9AFC}\75F47512536333639303: NameServer = 206.67.220.123,4.2.2.5
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vl8enoz2.default\

    - - - - ORPHANS REMOVED - - - -

    Wow6432Node-HKCU-Run-Overwolf - C:\Program Files (x86)\Overwolf\Overwolf.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-Nvtmru - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
    AddRemove-BattlEye for A2 - C:\Program Files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
    AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe

    here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02
    Ran by Owner at 2014-06-12 19:00:44 Run:1
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\MountPoints2: E - E:\SETUP.EXE
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AlienwareDock.lnk
    ShortcutTarget: AlienwareDock.lnk -> C:\Windows\Red Alienware Skin Pack\AlienwareDock\AlienwareDock.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Refresh.lnk
    ShortcutTarget: Refresh.lnk -> C:\Windows\Red Alienware Skin Pack\Tools\Refresh.cmd (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
    ShortcutTarget: YzShadow.lnk -> C:\Windows\Red Alienware Skin Pack\YzShadow\YzShadow.exe (No File)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alienware Dock.lnk
    ShortcutTarget: Alienware Dock.lnk -> C:\Windows\Red Alienware Skin Pack\AlienwareDock\AlienwareDock.exe (No File)
    SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={44ACC803-B822-11E2-A3F0-D43D7E2CBE1D}
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={44ACC803-B822-11E2-A3F0-D43D7E2CBE1D}
    SearchScopes: HKCU - DefaultScope {CD5F5E77-F25B-4E14-B707-5F8545054088} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
    SearchScopes: HKCU - {CD5F5E77-F25B-4E14-B707-5F8545054088} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={44ACC803-B822-11E2-A3F0-D43D7E2CBE1D}
    CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Owner\AppData\Local\Google\Chrome\\User Data\\Default\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-05-08]
    2014-05-19 18:41 - 2014-05-25 21:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent
    C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7390006.dll
    C:\Users\Owner\AppData\Local\Temp\ICReinstall_FileZilla_3.7.4.1_win32-setup.exe
    C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-2-g85f5776-b3023jnks.dll
    C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
    C:\Users\Owner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\Owner\AppData\Local\Temp\WrapperSoftonicOmgSearchProtect.exe
    C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe
    Hosts:
    Reboot:








    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    'HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3760230208-2459408212-1992281555-1000'=> Key not found.
    HKU\S-1-5-21-3760230208-2459408212-1992281555-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AlienwareDock.lnk => Moved successfully.
    C:\Windows\Red Alienware Skin Pack\AlienwareDock\AlienwareDock.exe not found.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Refresh.lnk => Moved successfully.
    C:\Windows\Red Alienware Skin Pack\Tools\Refresh.cmd not found.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk => Moved successfully.
    C:\Windows\Red Alienware Skin Pack\YzShadow\YzShadow.exe not found.
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alienware Dock.lnk => Moved successfully.
    C:\Windows\Red Alienware Skin Pack\AlienwareDock\AlienwareDock.exe not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
    'HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD5F5E77-F25B-4E14-B707-5F8545054088}' => Key deleted successfully.
    'HKCR\CLSID\{CD5F5E77-F25B-4E14-B707-5F8545054088}'=> Key not found.
    'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
    'HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
    'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj' => Key deleted successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\\User Data\\Default\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx => Moved successfully.
    C:\Users\Owner\AppData\Roaming\BitTorrent => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7390006.dll => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\ICReinstall_FileZilla_3.7.4.1_win32-setup.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-2-g85f5776-b3023jnks.dll => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\WrapperSoftonicOmgSearchProtect.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.


    The system needed a reboot.

    ==== End of Fixlog ====
     
  6. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    and the malwarebytes thing came up a few times maybe a week ago, and my friend i guess downloaded music on my computer and used bit torrent saying it was good but i uninstalled it.
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi tyler

    You just caught me before i go to bed. ( it's 1.15am here )

    Very wise choice.

    No sign of any svchost infection..... but we are removing some others.

    I'd like you to do an ESET OnlineScan
    64Bit users, please see note at the bottom.

    You may find it beneficial to close your resident AV program before running the scan.

    It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
    To prevent this happening:
    When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

    Enable Anti-Stealth technology



    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic,

    Note:
    You will need to use Internet explorer for this scan

    Note:
    As you are running a 64bit system:
    The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

    Please post the Eset report in your next reply.

    Thanks

    Will check for replies after i finish work tomorrow.
     
    Last edited: Jun 12, 2014
  8. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\ICReinstall_FileZilla_3.7.4.1_win32-setup.exe.xBAD Win32/InstallCore.KM potentially unwanted application deleted - quarantined
    C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\WrapperSoftonicOmgSearchProtect.exe.xBAD Win32/Toolbar.Conduit.R potentially unwanted application deleted - quarantined


    there's the threats that where found but they seem like .PUP to me

    and whats the difference between my kaspersky and the eset online virus thing?
     
  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi tyler,

    Yes, they are.
    Eset found entries that we had already removed with FRST. (C:\FRST\Quarantine)
    Those entries were in fact quite safe, but Eset was still notifying us of them.

    Not easy to explain, but simply put..... all AV's search in slightly different ways and with different virus strings. ( not all will search for PUP's either )
    No one AV will find everything.
    Look on it as a second opinion.
    That is not to say that Kaspersky isn't good at what it does though.
    Each AV has strengths and weakness's
    .

    This is from your Combofix report:
    Kaspersky should have disabled Windows Defender when it was installed.
    The 2 realtime scanners can conflict and cancel eachother out.

    I recommend that you disable Windows Defender:
    • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
    • Click on Tools & Settings >> Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Click Save.
    • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

    Because PUP's have clearly been found i think the best course of action is to run some dedicated Adware removal tools.
    Just to make sure everything has been removed and any settings altered by them are corrected.

    Step 1
    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    In your next reply, please submit:
    JRT.txt
    AdwCleaner report


    Thanks.
    [/LIST]
     
  10. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    windows defender is bugging out like hell, when i opened it it said a problem caused this program's service to stop. *blah* *blah* so i click start now button and i get " this operation returned because the timeout period expired. (error code: 0x800705b4) " so here is the adw scan without the windows defender thing turned off



    # AdwCleaner v3.212 - Report created 13/06/2014 at 20:20:14
    # Updated 05/06/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\VisualBee
    Folder Deleted : C:\Program Files (x86)\SweetIM
    Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
    Folder Deleted : C:\Users\Owner\AppData\Local\DefineExt

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\visualbee
    Key Deleted : HKLM\Software\visualbee

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Mozilla Firefox v29.0.1 (en-US)

    [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vl8enoz2.default\prefs.js ]


    -\\ Google Chrome v35.0.1916.153

    [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WCL3&o=APN10665&locale=en_US&apn_uid=&apn_ptnrs=^AF5&apn_sauid=&apn_dtid=^YYYYYY^YY^US&&q={searchTerms}
    Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F0B09A5C-6E95-41AE-AE1F-27C0A2BF02A3&n=77fc8ebd&ind=2013040317&p=Z7chr999YYus&si=XXXXXXXXXX&searchfor={searchTerms}
    Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=32C1844BF53C5BCA
    Deleted [Search Provider] : hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82155&iwk=248&lng=en
    Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={308BFA60-9984-11E2-A127-28924A3DA444}
    Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN34657232562577219&ctid=CT3309350&UM=2
    Deleted [Search Provider] : hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82155&iwk=248&lng=en
    Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F0B09A5C-6E95-41AE-AE1F-27C0A2BF02A3&n=77fc8ebd&ind=2013040317&p=Z7chr999YYus&si=XXXXXXXXXX&searchfor={searchTerms}
    Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN67744620418306237&ctid=CT3287822&UM=2
    Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869
    Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={308BFA60-9984-11E2-A127-28924A3DA444}
    Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=WCL3&o=APN10665&locale=en_US&apn_uid=&apn_ptnrs=^AF5&apn_sauid=&apn_dtid=^YYYYYY^YY^US&&q={searchTerms}
    Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

    *************************

    AdwCleaner[R0].txt - [4347 octets] - [13/06/2014 20:19:06]
    AdwCleaner[S0].txt - [4243 octets] - [13/06/2014 20:20:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4303 octets] ##########
     
  11. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi tyler,

    We can run a quick check to see if Windows Defender is actually running and if it is.... close it.

    Click start, type Windows Defender in the box for Search Programs and Files.
    Click on Windows Defender.
    Does a box come up to say that Windows Defender is turned off?
    If so, that's great.
    If not....
    When Windows Defender opens, select Options.
    From the Options menu, select Administrator. In the box on the right, unclick 'Use this Program'.
    Save and Exit.

    Going back to your original post:
    I take it that since then you have changed your Paypal password?

    On the question of a RAT being installed.
    They can be difficult to detect because they usually don't show up in lists of running programs or tasks.
    This is because the actions they perform can be similar to those of legitimate programs.
    As FRST detected that your Explorer.exe was infected.... i'd say there's a pretty good chance, this is where it may have been hiding.
    After cleaning this with FRST, Combofix was run..... this also throws up a warning if Explorer.exe is infected, which it didn't this time.
    So Combofix confirmed the problem had been rectified.
    The C:\install.exe file that was removed is a favourite for the bad guys.
    So yes, there is a possibility that a RAT was installed (either through a game download, Piggy back on a PUP or through an infected email) but the scans are showing no signs now.
    To be on the safe side though, i would recommend changing all of your passwords on the system.
    RATs are good at harvesting this type of info.

    If you have no more questions and the system is running well .... we can start to finish off the cleaning process.
     
  12. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    no box pops up it just has a yellow shield with the ! mark in it and says a there is a problem *blah* *blah* it just says this in the program, it wont let me go threw scan, History, and tools. just the ? mark and the about windows defender junk.

    and yes, i changed all that info and do most my transactions off my phone now and the computer is also a lot faster then it was.

    and i have a question since you seem to be very clever when it comes to malware, i just found this program called "sandboxie" if im not sure a .exe file is an infection and i open it with this program will my computer still be ok?. because i have a few friends that use this application when they're not sure. And if you don't know what it is you right click the application and click open in sand boxed mode or whatever, and it keeps the files and stuff that it puts on your computer is a private section... i don't know if you got that cause i am terrible at explaining things threw a keyboard but just look up sandboxie on Google and check it out. i just want to know i can fall back on it when needed.
     
  13. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tyler,

    Normally something with a yellow shield and an ! mark, would be something that we would look into because it signifies a problem.
    But as Windows Defender is a program we don't want running any way ...... we'll leave it.

    That's good to hear. :)

    Yes i had noticed that you had downloaded the program and assumed it was for extra protection.
    Yes it will give you that extra layer of security and peace of mind.
    I personally have never used it, but friends of mine that use it say they wouldn't be without it.
    It was once thought that this extra layer was impregnable ..... but this isn't the case.
    Unique malware evades sandboxes

    The bad guys will always find a way around any security program.

    Yes that's right.
    But don't forget your other security .... most people do.
    Anything that you are not sure of (or a new download ) can be checked by your AV or by MBAM.
    Right click on any file, .exe. etc and you should get options to run a scan on that file, .exe etc with MBAM or your resident AV program.


    Let's finish the cleaning process and remove the tools we have used.
    We'll also set you a fresh restore point.

    Step 1
    As you have previously run MBAM.....
    Restart MBAM.
    Click on the History tab >> Quarantine
    Tick to select any items and then click the Delete button.
    Close MBAM.


    Step 2
    Download Delfix and save it to your desktop.
    • Ensure Remove disinfection tools is checked.
    • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

      e784dacb6998c919c2f136ca95e82545.png
      .
    • Click the Run button.
    When the tool has finished, a log will open in notepad.... but i don't actually need this report

    Step 3
    Eset
    can be removed using the Remove Programs feature in Control Panel.


    To find out how you may have been infected....read this topic:
    How did i get infected?

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Use an AntiVirus Software

    Only install one AntiVirus program

    Update your AntiVirus Software regularly

    Use a Firewall

    Only install one software Firewall

    Scan regularly with a 'Stand Alone' Anti-Malware scanner:
    Installing another scanner that you can run once or twice a week is always beneficial.
    Something like:
    Malwarebytes Anti-Malware
    SUPERAntiSypware

    Remember to update these programs each time before running.
    You can install more than one of these if you only run them as stand alone programs.

    Use an alternative browser to Internet Explorer:
    Some excellent alternatives to MS Internet Explorer are:

    Firefox
    For added security, add the NoScript extension to this browser:
    Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
    also consider adding:
    WOT - Safe Browsing Tool

    Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
    Btw: you don't have to make a contribution.

    Opera

    Keep a backup of your registry
    Keeping a regular backup of your registry will help when something goes wrong.
    Use a program like:
    Erunt

    A full tutorial on how to set up and use Erunt can be found here:
    Erunt tutorial

    Keep your system clean of temp files etc, using a 'Cleaner':

    Cleaners are programs that will help to clean out your:
    Windows temp files
    Current user temp files
    Cookies
    Temporary Internet flies
    Browser history
    Recycle bin
    Etc.......
    In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
    Programs like:
    TFC by OldTimer
    ATF Cleaner

    Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
    Alternatively, turn on the Automatic Updates.

    Peer to Peer programs
    Don't be tempted to use Peer to Peer programs.
    Many of the downloads are bundled with malware.

    Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

    Follow this list and your potential for being infected again will reduce dramatically.

    Glad I was able to help.

    Safe surfing. 200636f9a90a19cb85ecf0ba93831af6.gif
     
  14. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    Just when you thought I was done a new problem is layer before us! My computer is stuck at the starting windows screen I'm typing this threw my phone currently. First time I Boot d today it was going really slow and got the blue screen so I shut it down and turned back on now its stuck here...
     
  15. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    Sorry if things are spelt wrong its my phone again
     
  16. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    I didn't do anything either like installing stuff...
     
  17. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    Now it won't give me anything just disk read error Ctrl alt Del to restart
     
  18. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    It just let me access windows repair and when it did loading windows files it stopped a good 75% way to the end...vdo out think someone deleted my windows files?!
     
  19. tylertokeo45

    tylertokeo45 Registered Members

    Joined:
    Jun 11, 2014
    Messages:
    17
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    msi motherboard (don't know the model) [custom build]
    CPU:
    a4-3300 APU, 2.5 ghz dual core (amd)
    Memory:
    8 gigs, crosair
    Hard Drive:
    1 tb
    Graphics Card:
    nvidia geforce 650 pny edition (factory boosted)
    Power Supply:
    500w
    Never mind I'll take the computer to my friends dad computer shop and he will completely reset the system for free

    Thank you for tour help I'll be on the forums in a few days prior to this
     
  20. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Sounds like it may be a hard drive failure.
     

Share This Page