PDA

View Full Version : Possible Hack, Hijacking or Virus



EmpressPhoenix
2014-06-04, 00:41
I have this feeling that my computer was compromised last night. My internet stopped working. I had to restart my laptop, it took forever to shut down. And then, it took forever to boot up. When it did, I was taken to a temporary windows account, which I had to log out of and log back into my account. Right after that, I got an email from my Mother. Her email was compromised. This all happened after a horrid fight with a now ex. I would hate to think he or anyone he knows is responsible for this, but it was just to coincidental. Also, a friend told me, that her brother told her..there is a virus going around. With that knowledge, I felt it best to come here. Right before I came here, my CPU was running at 100%.

Whether it be a virus or a hacker, I would really like to have it looked at.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384 BrowserJavaVersion: 10.55.2
Run by Owner at 15:32:56 on 2014-06-03
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5596.3373 [GMT -5:00]
.
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Team Speak 3\ts3client_win64.exe
C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ie
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [SearchProtection] "C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{46A9D7A3-BA03-426C-BC76-F9A4C3EB1832} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.aywas.com/news/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2014-2-9 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2014-3-28 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2014-2-9 199008]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-31 35232]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-10-14 142960]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-7-18 28160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2014-2-9 266896]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2014-2-9 683664]
R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2014-2-9 41272]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2014-2-9 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2014/02/08 23:49:47;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-16 245264]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2014-2-9 43832]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-02 01:22:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\3909
2014-06-02 01:22:07 -------- d-----w- C:\GOG Games
2014-05-31 00:06:48 -------- d-----w- C:\Users\Owner\AppData\Roaming\OBS
2014-05-31 00:06:20 -------- d-----w- C:\Program Files\OBS
2014-05-31 00:06:15 -------- d-----w- C:\Program Files (x86)\OBS
2014-05-30 05:21:58 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-30 05:21:58 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-30 05:21:58 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-05-30 05:21:58 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-05-28 17:23:15 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B9E679A-1843-47A6-B943-D061E8EE50F2}\mpengine.dll
2014-05-24 11:22:34 258224 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-10 09:54:34 -------- d-----w- C:\Users\Owner\dwhelper
2014-05-05 06:33:46 -------- d-----w- C:\Program Files (x86)\Gravity
.
==================== Find3M ====================
.
2014-04-22 21:45:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-29 02:08:42 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-03-24 07:09:47 70010368 ----a-w- C:\Windows\System32\imageres.dll
2014-03-22 12:46:09 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2014-03-22 02:11:55 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 15:33:56.11 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-03 15:37:08
-----------------------------
15:37:08.365 OS Version: Windows x64 6.2.9200
15:37:08.365 Number of processors: 4 586 0x1001
15:37:08.367 ComputerName: 7360BE7 UserName: Owner
15:37:08.439 Initialze error 1
15:39:12.471 AVAST engine defs: 14060300
15:43:14.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
15:43:14.981 Disk 0 Vendor: ST640LM001_HN-M640MBB 2AR10002 Size: 610480MB BusType: 11
15:43:15.015 Disk 0 MBR read successfully
15:43:15.017 Disk 0 MBR scan
15:43:15.025 Disk 0 unknown MBR code
15:43:15.041 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:43:15.050 Disk 0 scanning C:\Windows\system32\drivers
15:43:15.053 Service scanning
15:43:15.839 Modules scanning
15:43:15.844 Disk 0 trace - called modules:
15:43:15.894 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:43:15.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ad0060]
15:43:15.905 3 CLASSPNP.SYS[fffff8800190a8aa] -> nt!IofCallDriver -> [0xfffffa80065de950]
15:43:16.244 5 hpdskflt.sys[fffff88001f48339] -> nt!IofCallDriver -> [0xfffffa80053fdb20]
15:43:16.251 7 amd_xata.sys[fffff88001376634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa80053ff060]
15:43:16.256 AVAST engine scan C:\Windows
15:43:16.264 AVAST engine scan C:\Windows\system32
15:43:16.270 AVAST engine scan C:\Windows\system32\drivers
15:43:16.277 AVAST engine scan C:\Users\Owner
15:43:16.284 AVAST engine scan C:\ProgramData
15:43:16.290 Scan finished successfully
15:43:47.274 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
15:43:47.282 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2014-03-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-05-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-05-09 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-05-27 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-05-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

OCD
2014-06-04, 02:33
Hi EmpressPhoenix,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================


Right after that, I got an email from my Mother. Her email was compromised.
Can you describe how you know the email was compromised? What characteristics did it display?


This all happened after a horrid fight with a now ex. I would hate to think he or anyone he knows is responsible for this, but it was just to coincidental.
I would recommend that you change all passwords if you feel your ex might be responsible. Especially, if you use your computer for any type of banking. You also might want to monitor your financial accounts closely until you are certain they haven't been compromised.

=========================

Your initial logs don't look too bad, let's dig a bit deeper.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) DeFogger

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.
Right click and select "Run as Administrator" DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
If it needs to, DeFogger may ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

checkup.txt
AdwCleaner[R0].txt
FRST.txt
Addition.txt
Answer to email question.
Also describe any symptoms you are expereincing.

EmpressPhoenix
2014-06-05, 21:52
I know my mother's email was hacked, because she told me. I never clicked on the link inside the email, but, I did reply to it asking her wtf? She emailed back to inform her account had been hacked. I figured it had been, as, my mother always contacts me over facebook if anything. Never email.
I can't exactly remember what happened with my computer before this happened. It was running a bit slow, and since then there are a times where it runs at 100% CPU capacity when it shouldn't be, and lags sometimes. It's not normal, as, this is a new computer.
Also, unrelated but, how do I delete old attachments I have here at SNF? I have quite a few and it's kind of an ocd thing that they are still there. Unless I have no limit in space to the attachments.

Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

# AdwCleaner v3.212 - Report created 05/06/2014 at 12:54:54
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Owner - 7360BE7
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Owner\AppData\Roaming\Search Protection

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"474122\",\"name\":\"ELECTRIC BLUE NEON --A N I M A T E D--\",\"headerURL\":\"hxxp://getpersonas-cdn.mozilla.net/static/2/2/474122/ELECTRICBLUENEON[...]
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "false");

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\h8vzlbxq.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1855 octets] - [05/06/2014 12:54:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1915 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Owner (administrator) on 7360BE7 on 05-06-2014 13:44:40
Running from C:\Users\Owner\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot, Inc.) C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(TeamSpeak Systems GmbH) C:\Program Files\Team Speak 3\ts3client_win64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-07-16] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [SearchProtection] => C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-04] (Google Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {b4418b01-b416-11e3-be74-082e5f79e668} - "F:\autorun.exe"
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=599486&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BC8BD8D4D45CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
SearchScopes: HKCU - {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default
FF Homepage: hxxp://www.aywas.com/news/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\yahoo_ff.xml
FF Extension: ActiveGS - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\activegs@freetoolsassociation.com [2014-06-04]
FF Extension: LavaFox V2-Blue - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\djziggy@gmail.com [2014-06-03]
FF Extension: Blue Fox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-03-21]
FF Extension: Vendetta Online Theme - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9} [2014-03-21]
FF Extension: HP Detect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2014-03-21]
FF Extension: DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Strike - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{021bfe80-a015-11de-8a39-0800200c9a66}.xpi [2014-03-21]
FF Extension: NoScript - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-21]

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=599486&ilc=12&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-18]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-18]
CHR Extension: (Universe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkhmhnhknbjjggjfagcaaoimilkogcn [2014-04-18]
CHR Extension: (Website Logon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-07-09] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-07-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-28] (Disc Soft Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 13:44 - 2014-06-05 13:45 - 00017031 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 13:44 - 2014-06-05 13:44 - 00000000 ____D () C:\FRST
2014-06-05 12:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 12:54 - 2014-06-05 12:56 - 00000000 ____D () C:\AdwCleaner
2014-06-05 12:53 - 2014-06-05 12:53 - 01333465 _____ () C:\Users\Owner\Desktop\adwcleaner_3.212.exe
2014-06-05 12:49 - 2014-06-05 12:49 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-06-05 12:49 - 2014-06-05 12:49 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-06-05 01:16 - 2014-06-05 01:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DarkSoulsII
2014-06-05 01:14 - 2014-06-05 01:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Game Updater
2014-06-05 01:03 - 2014-06-05 01:03 - 00001737 _____ () C:\Users\Public\Desktop\Dark Souls 2.lnk
2014-06-05 01:03 - 2014-06-05 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2
2014-06-05 00:16 - 2014-06-05 00:16 - 00000000 ____D () C:\Games
2014-06-05 00:13 - 2014-06-05 00:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Setup Integrity Check
2014-06-04 23:29 - 2014-06-04 23:29 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-04 23:28 - 2014-06-04 23:28 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 23:24 - 2014-06-04 23:24 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-06-04 01:47 - 2014-06-04 01:47 - 00000000 ____D () C:\Users\Owner\Documents\ActiveGSLocalData
2014-06-03 15:43 - 2014-06-03 15:43 - 00001903 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-03 15:43 - 2014-06-03 15:43 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-03 15:36 - 2014-06-03 15:37 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-03 15:32 - 2014-06-03 15:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2014-06-03 15:32 - 2014-06-03 15:32 - 00000000 ____D () C:\Windows\ERDNT
2014-06-03 15:30 - 2014-06-03 15:31 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-03 15:30 - 2014-06-03 15:30 - 00000909 _____ () C:\Users\Owner\Desktop\ERUNT.lnk
2014-06-03 15:30 - 2014-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-03 15:29 - 2014-06-03 15:29 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2014-06-03 00:27 - 2014-06-03 00:27 - 00000117 _____ () C:\Windows\system32\netcfg--925314703.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318884.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318400.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925317964.txt
2014-06-02 03:13 - 2014-06-02 03:13 - 00001289 _____ () C:\Users\Owner\Desktop\Battle.net.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00001678 _____ () C:\Users\Public\Desktop\Papers, Please.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\3909
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers, Please [GOG.com]
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\GOG Games
2014-05-30 19:06 - 2014-05-30 19:06 - 00000939 _____ () C:\Users\Owner\Desktop\Open Broadcaster Software.lnk
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-30 19:04 - 2014-05-30 19:04 - 08541018 _____ () C:\Users\Owner\Downloads\OBS_0_624b_Installer.exe
2014-05-30 13:01 - 2014-05-30 13:01 - 00814735 _____ () C:\Users\Owner\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-30 00:19 - 2014-05-30 00:19 - 29014160 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup 29.0.1.exe
2014-05-29 23:29 - 2014-05-30 01:18 - 00000000 ____D () C:\Users\Owner\Desktop\D&D
2014-05-22 20:43 - 2014-05-22 20:43 - 00000218 _____ () C:\Users\Owner\.recently-used.xbel
2014-05-19 19:55 - 2014-05-19 20:40 - 00000000 ____D () C:\Users\Owner\Desktop\SCREENIES
2014-05-18 14:42 - 2014-05-18 14:42 - 00000000 ____D () C:\Users\Owner\Desktop\FunPics
2014-05-11 06:09 - 2014-05-11 06:10 - 00000117 _____ () C:\Windows\system32\netcfg-1403042572.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403039452.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038672.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038266.txt
2014-05-10 04:54 - 2014-05-10 04:54 - 00000000 ____D () C:\Users\Owner\dwhelper

==================== One Month Modified Files and Folders =======

2014-06-05 13:45 - 2014-06-05 13:44 - 00017031 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 13:45 - 2014-02-09 04:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-06-05 13:44 - 2014-06-05 13:44 - 00000000 ____D () C:\FRST
2014-06-05 13:35 - 2014-03-21 16:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-06-05 13:30 - 2014-04-08 23:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.purple
2014-06-05 13:23 - 2014-04-04 17:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA.job
2014-06-05 13:16 - 2014-04-18 04:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 13:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-05 12:56 - 2014-06-05 12:54 - 00000000 ____D () C:\AdwCleaner
2014-06-05 12:53 - 2014-06-05 12:53 - 01333465 _____ () C:\Users\Owner\Desktop\adwcleaner_3.212.exe
2014-06-05 12:49 - 2014-06-05 12:49 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-06-05 12:49 - 2014-06-05 12:49 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-06-05 12:49 - 2014-02-09 04:52 - 00000000 ____D () C:\Users\Owner
2014-06-05 05:13 - 2014-03-22 18:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2014-06-05 04:59 - 2014-04-27 18:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-05 02:23 - 2014-04-04 17:12 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core.job
2014-06-05 01:49 - 2014-03-21 22:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TS3Client
2014-06-05 01:43 - 2014-02-09 04:51 - 01969241 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 01:26 - 2014-03-21 22:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-06-05 01:16 - 2014-06-05 01:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DarkSoulsII
2014-06-05 01:14 - 2014-06-05 01:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Game Updater
2014-06-05 01:03 - 2014-06-05 01:03 - 00001737 _____ () C:\Users\Public\Desktop\Dark Souls 2.lnk
2014-06-05 01:03 - 2014-06-05 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2
2014-06-05 00:16 - 2014-06-05 00:16 - 00000000 ____D () C:\Games
2014-06-05 00:13 - 2014-06-05 00:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Setup Integrity Check
2014-06-05 00:11 - 2014-03-21 22:39 - 00000000 ___RD () C:\Users\Owner\Desktop\MY GAMES
2014-06-05 00:08 - 2014-03-22 18:32 - 00000000 ___RD () C:\Users\Owner\Desktop\MINECRAFT STUFF
2014-06-05 00:08 - 2014-03-21 19:12 - 00000000 ___RD () C:\Users\Owner\Desktop\PHOENIX
2014-06-04 23:32 - 2014-03-21 22:38 - 00000000 ___RD () C:\Users\Owner\Desktop\VIDEO
2014-06-04 23:29 - 2014-06-04 23:29 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-04 23:28 - 2014-06-04 23:28 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 23:24 - 2014-06-04 23:24 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-06-04 23:16 - 2014-04-18 04:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 23:11 - 2014-03-21 21:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-06-04 17:41 - 2014-03-21 19:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\mIRC
2014-06-04 01:47 - 2014-06-04 01:47 - 00000000 ____D () C:\Users\Owner\Documents\ActiveGSLocalData
2014-06-03 15:43 - 2014-06-03 15:43 - 00001903 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-03 15:43 - 2014-06-03 15:43 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-03 15:40 - 2014-03-21 22:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-03 15:39 - 2014-03-21 22:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-03 15:37 - 2014-06-03 15:36 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-03 15:32 - 2014-06-03 15:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2014-06-03 15:32 - 2014-06-03 15:32 - 00000000 ____D () C:\Windows\ERDNT
2014-06-03 15:31 - 2014-06-03 15:30 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-03 15:31 - 2014-02-09 04:53 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 15:30 - 2014-06-03 15:30 - 00000909 _____ () C:\Users\Owner\Desktop\ERUNT.lnk
2014-06-03 15:30 - 2014-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-03 15:29 - 2014-06-03 15:29 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2014-06-03 15:22 - 2014-03-21 17:41 - 00007597 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-06-03 15:06 - 2014-03-21 22:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-06-03 00:39 - 2014-02-09 04:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4167589968-2693423342-2315446607-1002
2014-06-03 00:35 - 2014-03-21 16:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-03 00:35 - 2014-03-21 16:39 - 00000000 ____D () C:\ProgramData\Skype
2014-06-03 00:30 - 2014-03-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 00:30 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 00:30 - 2012-07-26 02:19 - 00292720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-03 00:29 - 2014-03-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 00:29 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-03 00:27 - 2014-06-03 00:27 - 00000117 _____ () C:\Windows\system32\netcfg--925314703.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318884.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318400.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925317964.txt
2014-06-02 03:13 - 2014-06-02 03:13 - 00001289 _____ () C:\Users\Owner\Desktop\Battle.net.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00001678 _____ () C:\Users\Public\Desktop\Papers, Please.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\3909
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers, Please [GOG.com]
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\GOG Games
2014-06-01 13:52 - 2014-03-21 18:48 - 00000000 ____D () C:\ProgramData\Stardock
2014-05-30 19:06 - 2014-05-30 19:06 - 00000939 _____ () C:\Users\Owner\Desktop\Open Broadcaster Software.lnk
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-30 19:04 - 2014-05-30 19:04 - 08541018 _____ () C:\Users\Owner\Downloads\OBS_0_624b_Installer.exe
2014-05-30 13:01 - 2014-05-30 13:01 - 00814735 _____ () C:\Users\Owner\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-30 01:18 - 2014-05-29 23:29 - 00000000 ____D () C:\Users\Owner\Desktop\D&D
2014-05-30 00:22 - 2014-03-21 16:34 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 00:22 - 2014-03-21 16:34 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-30 00:19 - 2014-05-30 00:19 - 29014160 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup 29.0.1.exe
2014-05-29 14:50 - 2014-04-19 03:28 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-29 14:49 - 2014-04-19 03:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-28 03:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-22 20:43 - 2014-05-22 20:43 - 00000218 _____ () C:\Users\Owner\.recently-used.xbel
2014-05-22 13:26 - 2014-04-18 04:06 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 05:24 - 2014-03-21 16:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-05-19 20:40 - 2014-05-19 19:55 - 00000000 ____D () C:\Users\Owner\Desktop\SCREENIES
2014-05-18 14:42 - 2014-05-18 14:42 - 00000000 ____D () C:\Users\Owner\Desktop\FunPics
2014-05-18 10:24 - 2014-04-08 23:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\gtk-2.0
2014-05-18 00:47 - 2012-07-26 02:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 12:59 - 2014-05-05 20:52 - 00000422 _____ () C:\Users\Owner\Desktop\ROGUE STATS.txt
2014-05-16 17:20 - 2012-07-26 02:21 - 00026633 _____ () C:\Windows\setupact.log
2014-05-11 06:10 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403042572.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403039452.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038672.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038266.txt
2014-05-10 04:54 - 2014-05-10 04:54 - 00000000 ____D () C:\Users\Owner\dwhelper
2014-05-08 02:18 - 2014-04-04 17:12 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA
2014-05-08 02:18 - 2014-04-04 17:12 - 00003490 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core
2014-05-07 23:11 - 2014-04-18 04:06 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 23:11 - 2014-04-18 04:06 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\_isA1AF.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-28 08:51

==================== End Of Log ============================

OCD
2014-06-06, 07:20
Hi EmpressPhoenix,

Please advise me as to your plans for uTorrent.

Since you did not react to the email from your Mother, you probably didn't get any malware from it. But we will continue to check to be certain.

=========================

Go here (http://www.bleepingcomputer.com/tutorials/uninstall-a-program-in-windows/#win_7_8) for a brief tutorial on how to Uninstall a program if you are unfamiliar with how to do it.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Uninstall a Program in Windows 8

Click on the Control Panel app in the Windows 8 Start Screen. Then scroll to the bottom and click on the More Settings option.

When the Control Panel window opens click on the Uninstall a program option option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Locate the following, and select Uninstall

Search Protection

Close Programs and Features when you are done.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner

It should be on your desktop

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

Are you still encountering high CPU usage? Any other symptoms?

=========================

In your next post please provide the following:

AdwCleaner[S0].txt
JRT.txt
How is the computer running?

EmpressPhoenix
2014-06-08, 05:06
I apologize. I do not have everything you asked for. I just wanted to answer your question real quick about uTorrent. At the moment, I'd rather keep it. If that's ok and it will not stop me from getting help.
And this all happened BEFORE I got my moms email.

I will have everything else asked for hopefully by tomorrow night or so. Been busy working. Thanks for the help so far!

OCD
2014-06-08, 05:27
Hi EmpressPhoenix,


I just wanted to answer your question real quick about uTorrent. At the moment, I'd rather keep it. If that's ok and it will not stop me from getting help.
OK, that's fine. And no it will not stop you from getting help.


And this all happened BEFORE I got my moms email.
I don't think any of your issues were caused by that email.

Post the logs requested when you can.

EmpressPhoenix
2014-06-09, 16:16
Computer -seems- to be running ok. Also, I am a bit weird having all these programs and log files on my desktop now. Kind of an OCD thing (funny considering your name HA). What, if any, can I remove now or atleast delete the shortcuts of?

# AdwCleaner v3.212 - Report created 09/06/2014 at 07:58:50
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Owner - 7360BE7
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"474122\",\"name\":\"ELECTRIC BLUE NEON --A N I M A T E D--\",\"headerURL\":\"hxxp://getpersonas-cdn.mozilla.net/static/2/2/474122/ELECTRICBLUENEON[...]
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\h8vzlbxq.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1995 octets] - [05/06/2014 12:54:54]
AdwCleaner[R1].txt - [343 octets] - [07/06/2014 21:03:14]
AdwCleaner[R2].txt - [1896 octets] - [09/06/2014 07:49:07]
AdwCleaner[R3].txt - [1956 octets] - [09/06/2014 07:56:28]
AdwCleaner[S0].txt - [1895 octets] - [09/06/2014 07:58:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1955 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Owner on Mon 06/09/2014 at 8:06:07.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\1w5oxnrp.default\prefs.js

user_pref("socialfixer.1501226731/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":523549481013522,\"type\":\"group\",\"path\":\"\\/groups\\/chillcraft
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\1w5oxnrp.default\minidumps [177 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/09/2014 at 8:13:15.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OCD
2014-06-09, 18:54
Hi EmpressPhoenix,


Also, I am a bit weird having all these programs and log files on my desktop now. Kind of an OCD thing (funny considering your name HA). What, if any, can I remove now or atleast delete the shortcuts of?
We will clean up all the tools and logs when we have completed removing the malware from your machine. If you remove any of the tools and we need them again you will just have to re-download them again. So for now please don't remove anything.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:


MBAM log
ESET's log.txt

EmpressPhoenix
2014-06-12, 02:40
I will hopefully have this done by tomorrow night. Sorry it's taking so long. Usually, I'm right on top of this but, been busy.

OCD
2014-06-12, 05:02
Hi EmpressPhoenix,

That's fine, thanks for keeping me posted. :bigthumb:

EmpressPhoenix
2014-06-13, 20:22
Ok..having some issues with Malewarebyes.

First of all, there was no -tab- that said "Updates"
Secondly, nothing says "Perform Quick Scan"

I have a tab that says "Scan" and when I click it, the only options are "Threat Scan", "Custom Scan" and "Hyber Scan"

What do I do? :( Perhaps I have a different version?

OCD
2014-06-14, 05:54
Hi EmpressPhoenix,

I apologize for the confusion. MBAM has changed the GUI of the program and I failed to update my instructions to reflect the change.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


Select the Scan tab.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)


Select type of scan to perform:

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)


Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan


Next click the Scan Now button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

In your next reply post the MBAM & ESET logs

EmpressPhoenix
2014-06-17, 03:32
Sorry, I am just wanting to make sure things are done correctly. Thus, asking questions when I am unsure.

There is nothing that says "remove selected"

There is Quarantine/Quarantine All, Add Exclusoin and, Ignore Once

I figure I am to quarantine all, however, asking to be sure.

OCD
2014-06-17, 04:35
Hi EmpressPhoenix,

Yes, choose Quarantine/Quarantine All. I'm still tweaking my instructions.

OCD
2014-06-20, 05:21
Hi EmpressPhoenix,

Just checking in to see if you still need help?

EmpressPhoenix
2014-06-20, 11:24
Yes, I am sorry. Inventory coming up at the store where I work so it's been hectic. I honestly loose track of days and forget things x.x I'll hopefully have this by tomorrow, I apologize.

OCD
2014-06-20, 19:08
:bigthumb:

EmpressPhoenix
2014-06-22, 23:51
I did the MWB scan, and ran ESET..had a storm though and lost power SO..having to start all over with ESET

EmpressPhoenix
2014-06-24, 02:52
Hopefully I have done everything right..sorry for the delay..

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/21/2014
Scan Time: 6:50:56 PM
Logfile: MWBLog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.21.10
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272795
Time Elapsed: 17 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.SafeInstall.A, C:\Users\Owner\Downloads\7zip_14395_stf.exe, Quarantined, [b46a007b0a719c9adb862b097d834db3],
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\DTLite4491-0356.exe, Quarantined, [42dca3d84239979f6da5d9cd9b6931cf],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, Quarantined, [21fd44372853c076f3cf406705fd19e7],

Physical Sectors: 0
(No malicious items detected)


(end)

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe Win32/Somoto.M potentially unwanted application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll Win32/Somoto.C potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js Win32/Adware.MultiPlug.H application

OCD
2014-06-24, 23:37
Hi EmpressPhoenix,

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt
How is the computer running?

EmpressPhoenix
2014-06-26, 04:20
I think it's running ok. I'm wondering if one problem I had is something normal for windows 8. There are times, if I have to restart, it takes forever to shut down, and then just as long to start up...and sends me to the temporary user profile for windows. I have to log out of that and log back into my actual windows profile. I have only ever encountered this on windows 8, and this is my first time using it or experiencing it since it's been out.

The other day it rebooted at random, however, I cannot recall what error message I got, I apologize.

Also.....I have 12 different Microsoft C++ listings in my program and features, any idea as to why?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2014
Ran by Owner at 2014-06-25 20:16:18 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js
*****************

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe => Moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll => Moved successfully.
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll => Moved successfully.
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe => Moved successfully.
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js => Moved successfully.

==== End of Fixlog ====

OCD
2014-06-26, 08:01
Hi EmpressPhoenix,


I'm wondering if one problem I had is something normal for windows 8. There are times, if I have to restart, it takes forever to shut down, and then just as long to start up...and sends me to the temporary user profile for windows. I have to log out of that and log back into my actual windows profile. I have only ever encountered this on windows 8, and this is my first time using it or experiencing it since it's been out.
I don't have a Windows 8 machine so I am not very familiar with it, but I will do some research and see if I can come up with a solution.

=========================


Also.....I have 12 different Microsoft C++ listings in my program and features, any idea as to why?
Many applications require redistributable Visual C++ packages to function correctly. These packages are often installed independently of applications, allowing multiple applications to make use of the package while only having to install it once. These Visual C++ redistributable and runtime packages are mostly installed for standard libraries that many applications use.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:

FRST.txt
Any remaining issues not addressed?

EmpressPhoenix
2014-06-26, 08:08
Sorry for not including what you ask, but I just ran here to make a post saying that my computer, again.."ran into a problem" and restarted itself. I was not sitting here when it happened, I had walked away from the keyboard..so I didn't see what error it was and not sure where..if anywhere, to look on my computer in the event it keeps track of that.

EmpressPhoenix
2014-06-26, 08:17
Ok, it just happened AGAIN..and I still cannot figure out how to get all of the damn info :/

I know it was something like this

Driver_IRQL_Not_Less_Or_Equal

And I could send a report to microsoft through w/e, but I do not know how to get a copy of the details to post it here for you x.x

EmpressPhoenix
2014-06-26, 08:38
And, I apologize for the spams...but yeah. 3 restarts all within like..10-15 minutes :/ NO idea what is going on.

Also. Malware Bytes keeps "blocking websites" I didn't get all of the errors, because, I wasn't thinking about it..but, this is one that keeps popping up.

http://oi59.tinypic.com/10qw747.jpg (I don't know if html or css is allowed or if links or such is allowed so, just posting the link).

I get a bit annoyed with MWB popping things up in the corner, so I shut it down..and the last 2 times I did that, is when my computer seemed to restart. It keeps popping up the above thing..and it's really irritating.....

OCD
2014-06-26, 18:33
Hi EmpressPhoenix,


Ok, it just happened AGAIN..and I still cannot figure out how to get all of the damn info :/

I know it was something like this

Driver_IRQL_Not_Less_Or_Equal

Have you updated any drivers recently?


Also. Malware Bytes keeps "blocking websites" I didn't get all of the errors, because, I wasn't thinking about it..but, this is one that keeps popping up.
The image you posted shows MBAM blocking an inbound attempt to access your computer. The IP address is out of the Netherlands. I don't know where you are located so I cannot verify if this is malicious or not but MBAM believes it is so that is why it was blocked. These pop-ups may be annoying, but they are blocking malware so the brief interruption might be tolerable. You may also be able to adjust a setting in MBAM to not display these pop-ups. The sites would still be prevented from accessing your computer, you would just not see the pop-ups.

Please post the FRST log when it is available.

EmpressPhoenix
2014-06-27, 03:34
No, I have not updated any drivers. I probably should, however, I have a rent to own computer..and on that I don't know exactly what I am doing so...I do not touch that stuff.

Also, I am in the US, nowhere near the Netherlands.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Owner (administrator) on 7360BE7 on 26-06-2014 19:31:24
Running from C:\Users\Owner\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\furc_on.exe
(Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-07-16] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-04] (Google Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-06] (Facebook Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {b4418b01-b416-11e3-be74-082e5f79e668} - "F:\autorun.exe"
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=599486&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BC8BD8D4D45CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default
FF Homepage: hxxp://www.aywas.com/news/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\yahoo_ff.xml
FF Extension: ActiveGS - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\activegs@freetoolsassociation.com [2014-06-04]
FF Extension: LavaFox V2-Blue - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\djziggy@gmail.com [2014-06-19]
FF Extension: Blue Fox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-03-21]
FF Extension: Vendetta Online Theme - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9} [2014-03-21]
FF Extension: HP Detect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2014-03-21]
FF Extension: DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Strike - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{021bfe80-a015-11de-8a39-0800200c9a66}.xpi [2014-03-21]
FF Extension: NoScript - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-21]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=599486&ilc=12&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-18]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-18]
CHR Extension: (Universe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkhmhnhknbjjggjfagcaaoimilkogcn [2014-04-18]
CHR Extension: (Website Logon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-07-09] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-07-18] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-28] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-26 03:29 - 2014-06-26 09:51 - 00000040 _____ () C:\Users\Owner\Desktop\TALLCRAFTCOORDS.txt
2014-06-26 00:12 - 2014-06-26 00:12 - 00280592 _____ () C:\Windows\Minidump\062614-29374-01.dmp
2014-06-26 00:03 - 2014-06-26 00:03 - 00280592 _____ () C:\Windows\Minidump\062614-34788-01.dmp
2014-06-25 21:26 - 2014-06-25 21:26 - 00011452 _____ () C:\Users\Owner\Desktop\Unsupportive.txt
2014-06-25 20:16 - 2014-06-25 20:16 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5158375.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5158297.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5155240.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5142838.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5142588.txt
2014-06-25 01:14 - 2014-06-25 01:14 - 00000117 _____ () C:\Windows\system32\netcfg-346821.txt
2014-06-25 01:13 - 2014-06-25 01:13 - 00000117 _____ () C:\Windows\system32\netcfg-332874.txt
2014-06-25 01:13 - 2014-06-25 01:13 - 00000117 _____ () C:\Windows\system32\netcfg-282517.txt
2014-06-25 01:10 - 2014-06-25 01:10 - 00000117 _____ () C:\Windows\system32\netcfg-106845.txt
2014-06-25 00:34 - 2014-06-25 00:34 - 00000117 _____ () C:\Windows\system32\netcfg-107213184.txt
2014-06-25 00:34 - 2014-06-25 00:34 - 00000117 _____ () C:\Windows\system32\netcfg-107211141.txt
2014-06-25 00:34 - 2014-06-25 00:34 - 00000117 _____ () C:\Windows\system32\netcfg-107205993.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107162063.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107158662.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107150877.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107150409.txt
2014-06-23 18:42 - 2014-06-26 00:12 - 441794445 _____ () C:\Windows\MEMORY.DMP
2014-06-23 18:42 - 2014-06-23 18:42 - 00280648 _____ () C:\Windows\Minidump\062314-34413-01.dmp
2014-06-23 18:42 - 2014-06-23 18:42 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-480233.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-480061.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-476988.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-457831.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-457098.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-425196.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-425133.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-425071.txt
2014-06-22 23:18 - 2014-06-22 23:18 - 00000117 _____ () C:\Windows\system32\netcfg-267385.txt
2014-06-22 23:18 - 2014-06-22 23:18 - 00000117 _____ () C:\Windows\system32\netcfg-267167.txt
2014-06-22 18:30 - 2014-06-22 18:30 - 00000980 _____ () C:\Users\Owner\Desktop\ESETscan.txt
2014-06-22 16:07 - 2014-06-22 16:07 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-06-21 19:11 - 2014-06-22 15:49 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2014-06-21 19:11 - 2014-06-21 19:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-20 23:00 - 2014-06-20 23:00 - 00005694 _____ () C:\Users\Owner\Desktop\STORM.txt
2014-06-20 16:49 - 2014-06-20 16:49 - 00000222 _____ () C:\Users\Owner\Desktop\One Way Heroics.url
2014-06-20 16:49 - 2014-06-20 16:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-20 16:05 - 2014-06-20 16:23 - 00000000 ____D () C:\Users\Owner\Documents\Euro Truck Simulator 2
2014-06-14 00:57 - 2014-06-14 00:57 - 00000000 ____D () C:\Users\Owner\Documents\PCSX2
2014-06-14 00:49 - 2014-06-14 00:55 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-06-14 00:49 - 2014-06-14 00:49 - 00001989 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2014-06-14 00:46 - 2014-06-14 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-06-13 23:33 - 2014-06-13 23:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-13 23:31 - 2014-06-13 23:31 - 15127264 _____ () C:\Users\Owner\Downloads\pcsx2-1.2.1-r5875-setup.exe
2014-06-13 23:27 - 2014-06-13 23:27 - 03702217 _____ () C:\Users\Owner\Downloads\pcsx2-1.2.1-r5875-binaries.7z
2014-06-13 23:27 - 2014-06-13 23:27 - 00000000 ____D () C:\Users\Owner\Downloads\pcsx2-1.2.1-r5875-binaries
2014-06-13 12:18 - 2014-06-26 00:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 12:17 - 2014-06-13 12:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 12:17 - 2014-06-13 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-13 12:17 - 2014-06-13 12:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 12:17 - 2014-06-13 12:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 12:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-13 12:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-13 12:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 12:16 - 2014-06-13 12:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 08:31 - 2014-06-09 08:31 - 00000630 ____H () C:\Windows\qmgmnt.for
2014-06-09 08:31 - 2014-06-09 08:31 - 00000012 ____H () C:\reachd.cz
2014-06-09 08:23 - 2014-06-09 08:23 - 07491048 _____ () C:\Users\Owner\Downloads\Start8_setup_sd.exe
2014-06-09 08:13 - 2014-06-09 08:13 - 00001125 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-06-09 08:06 - 2014-06-09 08:06 - 00000000 ____D () C:\Windows\ERUNT
2014-06-09 08:03 - 2014-06-09 08:03 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-06-06 21:17 - 2014-06-26 18:22 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA.job
2014-06-06 21:17 - 2014-06-25 21:22 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core.job
2014-06-06 21:17 - 2014-06-06 21:17 - 00003792 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA
2014-06-06 21:17 - 2014-06-06 21:17 - 00003442 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core
2014-06-06 21:17 - 2014-06-06 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2014-06-06 21:16 - 2014-06-06 21:16 - 00501248 _____ (Facebook Inc.) C:\Users\Owner\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-06-05 16:36 - 2014-06-05 16:36 - 00000983 _____ () C:\Users\Public\Desktop\Winamp.lnk
2014-06-05 16:36 - 2014-06-05 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-06-05 16:35 - 2014-06-05 16:36 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-06-05 16:34 - 2014-06-05 16:34 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Owner\Downloads\winamp5666_full_all.exe
2014-06-05 13:45 - 2014-06-05 13:46 - 00039068 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-06-05 13:44 - 2014-06-26 19:31 - 00017284 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 13:44 - 2014-06-26 19:31 - 00000000 ____D () C:\FRST
2014-06-05 12:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 12:54 - 2014-06-09 07:59 - 00000000 ____D () C:\AdwCleaner
2014-06-05 12:53 - 2014-06-05 12:53 - 01333465 _____ () C:\Users\Owner\Desktop\adwcleaner_3.212.exe
2014-06-05 12:49 - 2014-06-05 12:49 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-06-05 12:49 - 2014-06-05 12:49 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-06-05 01:16 - 2014-06-05 01:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DarkSoulsII
2014-06-05 01:14 - 2014-06-05 01:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Game Updater
2014-06-05 01:03 - 2014-06-05 01:03 - 00001737 _____ () C:\Users\Public\Desktop\Dark Souls 2.lnk
2014-06-05 01:03 - 2014-06-05 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2
2014-06-05 00:16 - 2014-06-05 00:16 - 00000000 ____D () C:\Games
2014-06-05 00:13 - 2014-06-05 00:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Setup Integrity Check
2014-06-04 23:29 - 2014-06-25 20:16 - 02082816 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-04 23:28 - 2014-06-04 23:28 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 23:24 - 2014-06-04 23:24 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-06-04 01:47 - 2014-06-04 01:47 - 00000000 ____D () C:\Users\Owner\Documents\ActiveGSLocalData
2014-06-03 15:43 - 2014-06-03 15:43 - 00001903 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-03 15:43 - 2014-06-03 15:43 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-03 15:36 - 2014-06-03 15:37 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-03 15:32 - 2014-06-03 15:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2014-06-03 15:32 - 2014-06-03 15:32 - 00000000 ____D () C:\Windows\ERDNT
2014-06-03 15:30 - 2014-06-03 15:31 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-03 15:30 - 2014-06-03 15:30 - 00000909 _____ () C:\Users\Owner\Desktop\ERUNT.lnk
2014-06-03 15:30 - 2014-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-03 15:29 - 2014-06-03 15:29 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2014-06-03 00:27 - 2014-06-03 00:27 - 00000117 _____ () C:\Windows\system32\netcfg--925314703.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318884.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318400.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925317964.txt
2014-06-02 03:13 - 2014-06-02 03:13 - 00001289 _____ () C:\Users\Owner\Desktop\Battle.net.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00001678 _____ () C:\Users\Public\Desktop\Papers, Please.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\3909
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers, Please [GOG.com]
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\GOG Games
2014-05-30 19:06 - 2014-06-20 03:22 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000939 _____ () C:\Users\Owner\Desktop\Open Broadcaster Software.lnk
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files\OBS
2014-05-30 19:04 - 2014-05-30 19:04 - 08541018 _____ () C:\Users\Owner\Downloads\OBS_0_624b_Installer.exe
2014-05-30 13:01 - 2014-05-30 13:01 - 00814735 _____ () C:\Users\Owner\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-30 00:19 - 2014-05-30 00:19 - 29014160 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup 29.0.1.exe
2014-05-29 23:29 - 2014-05-30 01:18 - 00000000 ____D () C:\Users\Owner\Desktop\D&D

==================== One Month Modified Files and Folders =======

2014-06-26 19:31 - 2014-06-05 13:44 - 00017284 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-26 19:31 - 2014-06-05 13:44 - 00000000 ____D () C:\FRST
2014-06-26 19:29 - 2014-04-04 17:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA.job
2014-06-26 19:22 - 2014-04-18 04:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 19:20 - 2014-03-21 16:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-06-26 19:15 - 2014-04-08 23:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.purple
2014-06-26 19:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-26 18:22 - 2014-06-06 21:17 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA.job
2014-06-26 17:29 - 2014-02-09 04:51 - 01820391 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 09:51 - 2014-06-26 03:29 - 00000040 _____ () C:\Users\Owner\Desktop\TALLCRAFTCOORDS.txt
2014-06-26 09:16 - 2014-03-21 22:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-06-26 06:48 - 2014-03-22 18:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2014-06-26 04:47 - 2012-07-26 02:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 03:26 - 2014-03-21 21:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-06-26 02:51 - 2014-03-21 19:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\mIRC
2014-06-26 02:47 - 2014-03-21 22:38 - 00000000 ___RD () C:\Users\Owner\Desktop\VIDEO
2014-06-26 02:29 - 2014-04-04 17:12 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core.job
2014-06-26 00:54 - 2014-03-21 22:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-06-26 00:17 - 2014-02-09 04:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4167589968-2693423342-2315446607-1002
2014-06-26 00:13 - 2014-06-13 12:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 00:12 - 2014-06-26 00:12 - 00280592 _____ () C:\Windows\Minidump\062614-29374-01.dmp
2014-06-26 00:12 - 2014-06-23 18:42 - 441794445 _____ () C:\Windows\MEMORY.DMP
2014-06-26 00:12 - 2014-06-23 18:42 - 00000000 ____D () C:\Windows\Minidump
2014-06-26 00:12 - 2014-04-18 04:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 00:12 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 00:03 - 2014-06-26 00:03 - 00280592 _____ () C:\Windows\Minidump\062614-34788-01.dmp
2014-06-25 21:26 - 2014-06-25 21:26 - 00011452 _____ () C:\Users\Owner\Desktop\Unsupportive.txt
2014-06-25 21:22 - 2014-06-06 21:17 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core.job
2014-06-25 20:16 - 2014-06-25 20:16 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-06-25 20:16 - 2014-06-04 23:29 - 02082816 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-25 20:15 - 2014-04-19 03:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-25 20:13 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-25 06:22 - 2014-03-21 22:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TS3Client
2014-06-25 02:36 - 2014-04-07 17:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5158375.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5158297.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5155240.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5142838.txt
2014-06-25 02:34 - 2014-06-25 02:34 - 00000117 _____ () C:\Windows\system32\netcfg-5142588.txt
2014-06-25 01:14 - 2014-06-25 01:14 - 00000117 _____ () C:\Windows\system32\netcfg-346821.txt
2014-06-25 01:13 - 2014-06-25 01:13 - 00000117 _____ () C:\Windows\system32\netcfg-332874.txt
2014-06-25 01:13 - 2014-06-25 01:13 - 00000117 _____ () C:\Windows\system32\netcfg-282517.txt
2014-06-25 01:10 - 2014-06-25 01:10 - 00000117 _____ () C:\Windows\system32\netcfg-106845.txt
2014-06-25 01:08 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-25 00:34 - 2014-06-25 00:34 - 00000117 _____ () C:\Windows\system32\netcfg-107213184.txt
2014-06-25 00:34 - 2014-06-25 00:34 - 00000117 _____ () C:\Windows\system32\netcfg-107211141.txt
2014-06-25 00:34 - 2014-06-25 00:34 - 00000117 _____ () C:\Windows\system32\netcfg-107205993.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107162063.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107158662.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107150877.txt
2014-06-25 00:33 - 2014-06-25 00:33 - 00000117 _____ () C:\Windows\system32\netcfg-107150409.txt
2014-06-24 19:45 - 2014-03-21 22:26 - 00000000 ____D () C:\Program Files\Team Speak 3
2014-06-24 17:29 - 2014-03-21 22:26 - 00000925 _____ () C:\Users\Owner\Desktop\TeamSpeak 3 Client.lnk
2014-06-24 17:26 - 2014-03-21 22:24 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\Owner\Downloads\TeamSpeak3-Client-win64-3.0.14.exe
2014-06-23 20:46 - 2014-03-22 16:29 - 00000000 ____D () C:\ProgramData\Origin
2014-06-23 20:45 - 2014-03-22 16:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-23 18:42 - 2014-06-23 18:42 - 00280648 _____ () C:\Windows\Minidump\062314-34413-01.dmp
2014-06-23 18:41 - 2012-08-03 17:23 - 00007596 _____ () C:\Windows\PFRO.log
2014-06-23 18:13 - 2014-04-27 18:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-480233.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-480061.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-476988.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-457831.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-457098.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-425196.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-425133.txt
2014-06-22 23:21 - 2014-06-22 23:21 - 00000117 _____ () C:\Windows\system32\netcfg-425071.txt
2014-06-22 23:18 - 2014-06-22 23:18 - 00000117 _____ () C:\Windows\system32\netcfg-267385.txt
2014-06-22 23:18 - 2014-06-22 23:18 - 00000117 _____ () C:\Windows\system32\netcfg-267167.txt
2014-06-22 18:30 - 2014-06-22 18:30 - 00000980 _____ () C:\Users\Owner\Desktop\ESETscan.txt
2014-06-22 16:07 - 2014-06-22 16:07 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-06-22 15:49 - 2014-06-21 19:11 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2014-06-22 02:24 - 2014-04-04 17:12 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA
2014-06-22 02:24 - 2014-04-04 17:12 - 00003490 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core
2014-06-21 19:11 - 2014-06-21 19:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-21 09:38 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-20 23:00 - 2014-06-20 23:00 - 00005694 _____ () C:\Users\Owner\Desktop\STORM.txt
2014-06-20 19:18 - 2014-03-21 22:39 - 00000000 ___RD () C:\Users\Owner\Desktop\MY GAMES
2014-06-20 17:11 - 2014-03-21 19:05 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-06-20 17:00 - 2014-03-22 05:43 - 00446325 _____ () C:\Windows\DirectX.log
2014-06-20 16:49 - 2014-06-20 16:49 - 00000222 _____ () C:\Users\Owner\Desktop\One Way Heroics.url
2014-06-20 16:49 - 2014-06-20 16:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-20 16:23 - 2014-06-20 16:05 - 00000000 ____D () C:\Users\Owner\Documents\Euro Truck Simulator 2
2014-06-20 03:22 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-06-18 20:17 - 2014-04-18 04:06 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 20:17 - 2014-04-18 04:06 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-14 00:57 - 2014-06-14 00:57 - 00000000 ____D () C:\Users\Owner\Documents\PCSX2
2014-06-14 00:55 - 2014-06-14 00:49 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-06-14 00:49 - 2014-06-14 00:49 - 00001989 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2014-06-14 00:49 - 2014-03-22 05:50 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-14 00:46 - 2014-06-14 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-06-13 23:33 - 2014-06-13 23:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-13 23:31 - 2014-06-13 23:31 - 15127264 _____ () C:\Users\Owner\Downloads\pcsx2-1.2.1-r5875-setup.exe
2014-06-13 23:27 - 2014-06-13 23:27 - 03702217 _____ () C:\Users\Owner\Downloads\pcsx2-1.2.1-r5875-binaries.7z
2014-06-13 23:27 - 2014-06-13 23:27 - 00000000 ____D () C:\Users\Owner\Downloads\pcsx2-1.2.1-r5875-binaries
2014-06-13 20:41 - 2014-03-22 05:50 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-13 12:17 - 2014-06-13 12:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 12:17 - 2014-06-13 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-13 12:17 - 2014-06-13 12:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 12:17 - 2014-06-13 12:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 12:16 - 2014-06-13 12:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-11 13:20 - 2014-04-18 04:06 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-09 08:31 - 2014-06-09 08:31 - 00000630 ____H () C:\Windows\qmgmnt.for
2014-06-09 08:31 - 2014-06-09 08:31 - 00000012 ____H () C:\reachd.cz
2014-06-09 08:24 - 2014-03-21 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-06-09 08:23 - 2014-06-09 08:23 - 07491048 _____ () C:\Users\Owner\Downloads\Start8_setup_sd.exe
2014-06-09 08:22 - 2014-03-21 19:12 - 00000000 ___RD () C:\Users\Owner\Desktop\PHOENIX
2014-06-09 08:21 - 2014-04-29 18:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-06-09 08:20 - 2014-04-29 17:44 - 00000000 ____D () C:\AeriaGames
2014-06-09 08:13 - 2014-06-09 08:13 - 00001125 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-06-09 08:06 - 2014-06-09 08:06 - 00000000 ____D () C:\Windows\ERUNT
2014-06-09 08:03 - 2014-06-09 08:03 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-06-09 07:59 - 2014-06-05 12:54 - 00000000 ____D () C:\AdwCleaner
2014-06-08 13:25 - 2014-03-21 16:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-06-07 12:49 - 2014-04-08 23:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\gtk-2.0
2014-06-06 21:17 - 2014-06-06 21:17 - 00003792 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA
2014-06-06 21:17 - 2014-06-06 21:17 - 00003442 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core
2014-06-06 21:17 - 2014-06-06 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2014-06-06 21:16 - 2014-06-06 21:16 - 00501248 _____ (Facebook Inc.) C:\Users\Owner\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-06-05 16:36 - 2014-06-05 16:36 - 00000983 _____ () C:\Users\Public\Desktop\Winamp.lnk
2014-06-05 16:36 - 2014-06-05 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-06-05 16:36 - 2014-06-05 16:35 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-06-05 16:35 - 2014-03-21 22:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Winamp
2014-06-05 16:34 - 2014-06-05 16:34 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Owner\Downloads\winamp5666_full_all.exe
2014-06-05 13:46 - 2014-06-05 13:45 - 00039068 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-06-05 12:53 - 2014-06-05 12:53 - 01333465 _____ () C:\Users\Owner\Desktop\adwcleaner_3.212.exe
2014-06-05 12:49 - 2014-06-05 12:49 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-06-05 12:49 - 2014-06-05 12:49 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-06-05 12:49 - 2014-02-09 04:52 - 00000000 ____D () C:\Users\Owner
2014-06-05 01:16 - 2014-06-05 01:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DarkSoulsII
2014-06-05 01:14 - 2014-06-05 01:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Game Updater
2014-06-05 01:03 - 2014-06-05 01:03 - 00001737 _____ () C:\Users\Public\Desktop\Dark Souls 2.lnk
2014-06-05 01:03 - 2014-06-05 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2
2014-06-05 00:16 - 2014-06-05 00:16 - 00000000 ____D () C:\Games
2014-06-05 00:13 - 2014-06-05 00:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Setup Integrity Check
2014-06-05 00:08 - 2014-03-22 18:32 - 00000000 ___RD () C:\Users\Owner\Desktop\MINECRAFT STUFF
2014-06-04 23:28 - 2014-06-04 23:28 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 23:24 - 2014-06-04 23:24 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-06-04 01:47 - 2014-06-04 01:47 - 00000000 ____D () C:\Users\Owner\Documents\ActiveGSLocalData
2014-06-03 17:25 - 2014-03-21 22:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-03 15:43 - 2014-06-03 15:43 - 00001903 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-03 15:43 - 2014-06-03 15:43 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-03 15:40 - 2014-03-21 22:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-03 15:37 - 2014-06-03 15:36 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-03 15:32 - 2014-06-03 15:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2014-06-03 15:32 - 2014-06-03 15:32 - 00000000 ____D () C:\Windows\ERDNT
2014-06-03 15:31 - 2014-06-03 15:30 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-03 15:30 - 2014-06-03 15:30 - 00000909 _____ () C:\Users\Owner\Desktop\ERUNT.lnk
2014-06-03 15:30 - 2014-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-03 15:29 - 2014-06-03 15:29 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2014-06-03 15:22 - 2014-03-21 17:41 - 00007597 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-06-03 00:35 - 2014-03-21 16:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-03 00:35 - 2014-03-21 16:39 - 00000000 ____D () C:\ProgramData\Skype
2014-06-03 00:30 - 2014-03-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 00:30 - 2012-07-26 02:19 - 00292720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-03 00:29 - 2014-03-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 00:27 - 2014-06-03 00:27 - 00000117 _____ () C:\Windows\system32\netcfg--925314703.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318884.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318400.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925317964.txt
2014-06-02 03:13 - 2014-06-02 03:13 - 00001289 _____ () C:\Users\Owner\Desktop\Battle.net.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00001678 _____ () C:\Users\Public\Desktop\Papers, Please.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\3909
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers, Please [GOG.com]
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\GOG Games
2014-06-01 13:52 - 2014-03-21 18:48 - 00000000 ____D () C:\ProgramData\Stardock
2014-05-30 19:06 - 2014-05-30 19:06 - 00000939 _____ () C:\Users\Owner\Desktop\Open Broadcaster Software.lnk
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files\OBS
2014-05-30 19:04 - 2014-05-30 19:04 - 08541018 _____ () C:\Users\Owner\Downloads\OBS_0_624b_Installer.exe
2014-05-30 13:01 - 2014-05-30 13:01 - 00814735 _____ () C:\Users\Owner\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-30 01:18 - 2014-05-29 23:29 - 00000000 ____D () C:\Users\Owner\Desktop\D&D
2014-05-30 00:22 - 2014-03-21 16:34 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 00:22 - 2014-03-21 16:34 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-30 00:19 - 2014-05-30 00:19 - 29014160 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup 29.0.1.exe
2014-05-29 14:50 - 2014-04-19 03:28 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\_isA1AF.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 06:27

==================== End Of Log ============================

OCD
2014-06-27, 04:10
Hi EmpressPhoenix,

Your last log looks good. But I am still concerned about the random rebooting.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Chkdsk in Windows 8

You must run the command prompt as an administrator or in an "elevated mode".

Launch the Start Screen by pressing the Windows key or clicking the lower left corner of the Taskbar.
From the Start Screen, search for the Windows Command Prompt by typing “cmd”.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/Windows8CommandPrompt_zps3488ee4c.jpeg (http://s1269.photobucket.com/user/OCD-WTT/media/Windows8CommandPrompt_zps3488ee4c.jpeg.html)


Right-click on the Command Prompt and choose “Run as Administrator” from the bar at the bottom of the screen.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/Windows8CommandPrompt2_zpsd90e8a33.jpeg (http://s1269.photobucket.com/user/OCD-WTT/media/Windows8CommandPrompt2_zpsd90e8a33.jpeg.html)


Then type in "chkdsk /f /r /x" (make note of the space between chkdsk and each of the /)

=========================

Report back the results.

EmpressPhoenix
2014-06-29, 02:22
Ok, did what you said...twice..first time I got this

http://oi59.tinypic.com/svm6ib.jpg

So, I restarted my computer. It did a Scanning and Repairing of drive/disc C thing (just woke up so..yea) and I thought that's what it was supposed to do. So, I left it alone. I came back, looked for some kind of log to be saved somewhere....something to open..nothing. Did what you said....again...and the same thing happened. I'm not restarting my computer again -_- took too long the first time...

What to do now?

OCD
2014-06-29, 03:51
Hi EmpressPhoenix,

Restart your computer normally and see how it performs.

How to locate chkdsk log - tutorial (http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html)

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) To view results log:

Open the Start Menu, and type eventvwr.msc in the search box and press enter.
If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
Copy and paste Chkdsk into the line, and click on Find Next.
You will now see the system log for the scan results of Check Disk (chkdsk).
In the right had menu select copy, open notepad and paste the chkdsk results into notepad
Post in your next reply.

=========================

EmpressPhoenix
2014-07-01, 07:11
Hey, I'll try to get to this in the next couple days. Sorry again for the delay.

OCD
2014-07-01, 07:32
:bigthumb:

OCD
2014-07-05, 21:28
Hi EmpressPhoenix,

Just checking in to see if you still need help?

OCD
2014-07-08, 19:21
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

----------------------
Admin Edit
Thank you OCD. :)