Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Cole (administrator) on ETHAN on 07-12-2014 14:20:34
Running from C:\Users\Cole\Desktop
Loaded Profile: Cole (Available profiles: Cole)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Akamai Technologies, Inc.) C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-01-27] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Gameiki] => C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe [358912 2014-02-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-05] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-02] ()
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\インク警告のモニタ - HP Deskjet 1000 J110 series Class Driver.lnk
ShortcutTarget: インク警告のモニタ - HP Deskjet 1000 J110 series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x641AD6BBA1D0CD01
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001 -> {BED63B85-3095-456B-B95C-A2FA0C5BEFBB} URL =
http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001 -> No Name - {5F0DB9C6-EF49-4748-A75D-FAD76538734C} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: @nsroblox.roblox.com/launcher -> C:\Users\Cole\AppData\Local\Roblox\Versions\version-a21a1def88774149\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: MyWordTool - C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\Extensions\
emily@wilford.biz [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-05]
Chrome:
=======
CHR Profile: C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-07]
CHR Extension: (Google Drive) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-07]
CHR Extension: (YouTube) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-07]
CHR Extension: (Google Search) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-07]
CHR Extension: (Avast Online Security) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-07]
CHR Extension: (Google Wallet) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-05-23] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-05] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-05] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2013-04-11] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87136 2013-08-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-05] ()
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-04] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-12-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-05] (Avast Software)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-07 14:20 - 2014-12-07 14:21 - 00016566 _____ () C:\Users\Cole\Desktop\FRST.txt
2014-12-07 14:20 - 2014-12-07 14:20 - 00000000 ____D () C:\FRST
2014-12-07 14:18 - 2014-12-07 14:18 - 02119680 _____ (Farbar) C:\Users\Cole\Downloads\FRST64.exe
2014-12-07 14:18 - 2014-12-07 14:18 - 02119680 _____ (Farbar) C:\Users\Cole\Desktop\FRST64.exe
2014-12-07 14:15 - 2014-12-07 14:15 - 00000911 _____ () C:\Users\Cole\Desktop\JRT.txt
2014-12-07 14:03 - 2014-12-07 14:03 - 00000000 ____D () C:\Windows\ERUNT
2014-12-07 14:01 - 2014-12-07 14:01 - 01707646 _____ (Thisisu) C:\Users\Cole\Downloads\JRT.exe
2014-12-07 14:01 - 2014-12-07 14:01 - 01707646 _____ (Thisisu) C:\Users\Cole\Desktop\JRT.exe
2014-12-07 13:47 - 2014-12-07 13:47 - 00000197 _____ () C:\Windows\system32\2014-12-07-18-47-21.058-AvastVBoxSVC.exe-4952.log
2014-12-07 13:29 - 2014-12-07 13:41 - 00000000 ____D () C:\AdwCleaner
2014-12-07 13:29 - 2014-12-07 13:29 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-07 13:28 - 2014-12-07 13:28 - 02153472 _____ () C:\Users\Cole\Downloads\adwcleaner_4.104.exe
2014-12-07 13:28 - 2014-12-07 13:28 - 02153472 _____ () C:\Users\Cole\Desktop\adwcleaner_4.104.exe
2014-12-07 00:05 - 2014-12-07 00:05 - 00091989 _____ () C:\ComboFix.txt
2014-12-06 23:11 - 2014-12-07 00:05 - 00000000 ____D () C:\Qoobox
2014-12-06 23:11 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-06 23:11 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-06 23:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-06 23:10 - 2014-12-06 23:59 - 00000000 ____D () C:\Windows\erdnt
2014-12-06 23:04 - 2014-12-06 23:04 - 05600479 ____R (Swearware) C:\Users\Cole\Desktop\ComboFix.exe
2014-12-06 23:04 - 2014-12-06 23:04 - 05600479 _____ (Swearware) C:\Users\Cole\Downloads\ComboFix.exe
2014-12-06 22:11 - 2014-12-06 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 22:09 - 2014-12-06 22:38 - 00000000 ____D () C:\Users\Cole\Desktop\mbar
2014-12-06 22:09 - 2014-12-06 22:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Cole\Downloads\mbar-1.08.2.1001.exe
2014-12-06 22:09 - 2014-12-06 22:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Cole\Desktop\mbar-1.08.2.1001.exe
2014-12-06 21:51 - 2014-12-06 21:51 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-06 21:51 - 2014-12-06 21:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-06 21:50 - 2014-12-06 23:10 - 00004248 _____ () C:\Users\Cole\Desktop\New Text Document.txt
2014-12-06 21:46 - 2014-12-06 21:46 - 15196248 _____ () C:\Users\Cole\Downloads\RogueKiller.exe
2014-12-06 21:46 - 2014-12-06 21:46 - 15196248 _____ () C:\Users\Cole\Desktop\RogueKiller.exe
2014-12-06 10:36 - 2014-12-06 10:36 - 00688992 ____R (Swearware) C:\Users\Cole\Desktop\dds.com
2014-12-06 10:36 - 2014-12-06 10:36 - 00688992 _____ (Swearware) C:\Users\Cole\Downloads\dds.com
2014-12-06 10:31 - 2014-12-06 10:47 - 00000000 ____D () C:\Users\Cole\Desktop\Logsfromscanning
2014-12-06 09:14 - 2014-12-06 09:16 - 00000197 _____ () C:\Windows\system32\2014-12-06-14-14-50.072-AvastVBoxSVC.exe-2788.log
2014-12-05 20:08 - 2014-12-05 20:08 - 00000247 _____ () C:\Windows\system32\2014-12-06-01-08-09.028-aswFe.exe-5272.log
2014-12-05 19:56 - 2014-12-05 20:07 - 00000247 _____ () C:\Windows\system32\2014-12-06-00-56-39.065-aswFe.exe-4880.log
2014-12-05 19:56 - 2014-12-05 19:56 - 00000197 _____ () C:\Windows\system32\2014-12-06-00-56-31.084-AvastVBoxSVC.exe-1028.log
2014-12-05 19:13 - 2014-12-05 19:13 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\Dropbox
2014-12-05 19:10 - 2014-12-05 19:11 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-05 19:10 - 2014-12-05 19:11 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-05 19:09 - 2014-12-05 19:09 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-05 19:09 - 2014-12-05 19:09 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\AVAST Software
2014-12-05 19:09 - 2014-12-05 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-05 19:08 - 2014-12-07 13:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-05 19:07 - 2014-12-05 19:08 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-05 19:07 - 2014-12-05 19:07 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-05 19:07 - 2014-12-05 19:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-05 19:05 - 2014-12-05 19:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-05 19:02 - 2014-12-05 19:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-05 19:01 - 2014-12-05 19:01 - 05006864 _____ (AVAST Software) C:\Users\Cole\Downloads\avast_free_antivirus_setup_online.exe
2014-12-05 15:28 - 2014-05-19 21:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-05 15:28 - 2014-05-19 18:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-12-05 15:28 - 2014-05-19 18:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-05 15:28 - 2014-05-14 17:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-05 15:28 - 2014-05-14 17:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-05 15:28 - 2014-05-14 17:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-05 15:28 - 2014-05-14 17:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-04 19:12 - 2014-12-04 19:12 - 02365840 _____ () C:\Users\Cole\Downloads\SecurityTaskManager_Setup.exe
2014-12-04 19:12 - 2014-12-04 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-12-04 19:12 - 2014-12-04 19:12 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-12-04 18:25 - 2014-12-04 18:25 - 00001479 _____ () C:\Users\Cole\AppData\Local\recently-used.xbel
2014-12-01 19:47 - 2014-12-01 19:57 - 00040590 _____ () C:\zoek-results.log
2014-12-01 19:26 - 2014-12-01 19:22 - 01295360 _____ () C:\Users\Cole\Desktop\zoek.exe
2014-12-01 19:25 - 2014-12-01 19:25 - 00000000 ____D () C:\zoek_backup
2014-12-01 19:22 - 2014-12-01 19:22 - 01295360 _____ () C:\Users\Cole\Downloads\zoek.exe
2014-12-01 15:37 - 2014-12-07 13:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 15:36 - 2014-12-06 22:10 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 15:36 - 2014-12-04 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-01 15:36 - 2014-12-04 19:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-01 15:36 - 2014-12-01 17:46 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-01 15:36 - 2014-12-01 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 15:36 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-01 15:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-01 15:28 - 2014-12-01 15:28 - 08423856 _____ (McAfee, Inc.) C:\Users\Cole\Downloads\SecurityScan_Release.exe
2014-11-30 12:35 - 2014-11-30 12:35 - 00000219 _____ () C:\Users\Cole\Desktop\Team Fortress 2.url
2014-11-28 15:00 - 2014-11-28 15:00 - 00000222 _____ () C:\Users\Cole\Desktop\Dust An Elysian Tail.url
2014-11-28 10:05 - 2014-11-28 10:05 - 00000000 ____D () C:\Users\Cole\AppData\Local\Risk_of_Rain
2014-11-26 17:57 - 2014-11-28 21:28 - 00000000 ____D () C:\Users\Cole\AppData\Local\Game Dev Tycoon - Steam
2014-11-26 17:42 - 2014-11-26 17:42 - 00000222 _____ () C:\Users\Cole\Desktop\Game Dev Tycoon.url
2014-11-26 15:43 - 2014-11-26 15:43 - 00000000 ____D () C:\Users\Cole\Documents\SEGA
2014-11-26 14:34 - 2014-11-26 14:34 - 00000222 _____ () C:\Users\Cole\Desktop\The Binding of Isaac Rebirth.url
2014-11-17 16:19 - 2014-11-17 16:19 - 00174984 _____ () C:\Users\Cole\Downloads\f81b2d4e-cc65-4c47-9575-1b5926f70107.vtf
2014-11-17 16:19 - 2014-11-17 16:19 - 00000183 _____ () C:\Users\Cole\Downloads\f81b2d4e-cc65-4c47-9575-1b5926f70107.vmt
2014-11-09 00:03 - 2014-11-09 00:03 - 00394446 _____ () C:\Users\Cole\Downloads\pyrovision_fix.rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-07 14:14 - 2012-12-02 10:42 - 00000000 ____D () C:\Users\Cole\AppData\Local\PMB Files
2014-12-07 14:13 - 2012-12-02 10:33 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1563641593-1657672194-2611614249-1001
2014-12-07 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-07 13:58 - 2014-06-27 07:57 - 01222276 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 13:50 - 2012-12-02 04:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-07 13:47 - 2014-07-13 21:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 13:43 - 2014-06-28 16:07 - 00148806 _____ () C:\Windows\PFRO.log
2014-12-07 13:43 - 2012-12-02 10:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 13:43 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 13:25 - 2012-12-02 10:36 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 00:05 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
2014-12-06 23:57 - 2012-07-26 00:26 - 00000215 _____ () C:\Windows\system.ini
2014-12-06 12:11 - 2012-12-02 06:15 - 00000000 ____D () C:\Users\Cole\AppData\Local\Razer
2014-12-06 12:11 - 2012-12-02 06:15 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-05 15:32 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-05 07:24 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-04 18:25 - 2014-06-16 12:08 - 00000000 ____D () C:\Users\Cole\AppData\Local\gtk-2.0
2014-12-04 18:25 - 2014-06-16 12:04 - 00000000 ____D () C:\Users\Cole\.gimp-2.8
2014-12-04 15:19 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-01 18:24 - 2014-03-30 12:46 - 00000000 ____D () C:\ProgramData\GreenApp
2014-12-01 16:11 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-01 16:10 - 2012-12-02 10:23 - 00000000 ____D () C:\Users\Cole
2014-12-01 16:10 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-30 16:08 - 2014-07-31 12:32 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-11-30 15:56 - 2013-07-24 18:57 - 00496852 _____ () C:\Windows\system32\perfh011.dat
2014-11-30 15:56 - 2013-07-24 18:57 - 00136170 _____ () C:\Windows\system32\perfc011.dat
2014-11-30 15:56 - 2012-07-26 02:28 - 01486242 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-28 22:07 - 2014-09-26 17:16 - 00000000 ____D () C:\Users\Cole\Documents\Telltale Games
2014-11-28 14:59 - 2013-07-02 01:30 - 00000000 ____D () C:\Users\Cole\Documents\SavedGames
2014-11-28 09:42 - 2013-05-30 20:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-27 01:13 - 2012-12-02 05:11 - 00000000 ____D () C:\Users\Cole\Documents\My Games
2014-11-25 15:47 - 2014-07-13 21:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-16 11:11 - 2013-05-12 10:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-13 18:26 - 2013-03-02 18:58 - 00000000 ____D () C:\Users\Cole\AppData\Local\Akamai
2014-11-11 23:31 - 2014-06-27 06:18 - 00000794 _____ () C:\Windows\setupact.log
2014-11-11 10:56 - 2013-05-03 23:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
Files to move or delete:
====================
C:\ProgramData\hash.dat
Some content of TEMP:
====================
C:\Users\Cole\AppData\Local\temp\Quarantine.exe
C:\Users\Cole\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-04 00:00
==================== End Of Log ============================