Jump to content

Hityman

Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I cant remove ComboFix for some reason, i did everything. Note that the file is on my desktop if that helps. I am removing the other files. When i did the OtClean, it left Rkill , mbar, and RemoveJava. Is that normal? Also how do you create another R key? Thank you for all your help.
  2. Looking good. Im now installing Java. Thanks for all your help. I will either post on this page or pm you if any problems occur.
  3. Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java version out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. OK so i downloaded JavaRa and i did remove older versions however it says JavaRa log file. I did what you asked me to do.
  5. Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 25 Java version out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` So my computer seems normal except that when i run a app called Minecraft, it says that the registry refers to a nonexistent Java Runtime Enviornment installation or the runtime is corrupted. The system cannot find path. Also my mouse cursor is a swerving but i think its because the mouse is poop. Thank you for helping.
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013 Ran by Justin at 2013-11-18 23:06:09 Run:1 Running from C:\Users\Justin\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [winlogin] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" <===== ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=UP76&dt=061313 SearchScopes: HKLM - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = SearchScopes: HKCU - {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) C:\Program Files (x86)\Java C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar C:\Users\Justin\jagex_cl_loginapplet_LIVE.dat C:\Users\Justin\jagex_cl_oldschool_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE1.dat C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat C:\Users\Justin\random.dat C:\Users\Marcus\jagex_cl_runescape_LIVE.dat C:\Users\Marcus\random.dat C:\Users\Justin\AppData\Local\Temp\Quarantine.exe Task: {0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {398DCA99-E6A0-4EAB-B7CC-E8B916924867} - System32\Tasks\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Chrome.exe http://ui.skype.com/...all?page=tsBing TTask: {B0544255-306A-470F-BEA0-5F8E2DC92A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {CB044637-56B5-4957-B688-6F84F7804C66} - System32\Tasks\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Chrome.exe http://ui.skype.com/...l?page=tsPlugin Task: {DD8314FE-96FA-4EF2-9460-E59D827E35B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EF767369-4FF8-4D67-904D-B02740E544A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\winlogin => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C76AAF4E-8001-4E68-A9A9-4E0EC5508571} => Key deleted successfully. HKCR\CLSID\{C76AAF4E-8001-4E68-A9A9-4E0EC5508571} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. C:\Program Files (x86)\Java => Moved successfully. "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" => File/Directory not found. C:\Users\Justin\jagex_cl_loginapplet_LIVE.dat => Moved successfully. C:\Users\Justin\jagex_cl_oldschool_LIVE.dat => Moved successfully. C:\Users\Justin\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\Justin\jagex_cl_runescape_LIVE1.dat => Moved successfully. C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully. C:\Users\Justin\random.dat => Moved successfully. C:\Users\Marcus\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\Marcus\random.dat => Moved successfully. "C:\Users\Justin\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{398DCA99-E6A0-4EAB-B7CC-E8B916924867} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{398DCA99-E6A0-4EAB-B7CC-E8B916924867} => Key deleted successfully. C:\Windows\System32\Tasks\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\T{B0544255-306A-470F-BEA0-5F8E2DC92A7C} => Key not found. C:\Windows\TSystem32\Tasks\GoogleUpdateTaskMachineUA not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeT\GoogleUpdateTaskMachineUA => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB044637-56B5-4957-B688-6F84F7804C66} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB044637-56B5-4957-B688-6F84F7804C66} => Key deleted successfully. C:\Windows\System32\Tasks\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD8314FE-96FA-4EF2-9460-E59D827E35B9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD8314FE-96FA-4EF2-9460-E59D827E35B9} => Key deleted successfully. C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF767369-4FF8-4D67-904D-B02740E544A3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF767369-4FF8-4D67-904D-B02740E544A3} => Key deleted successfully. C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. ==== End of Fixlog ====
  7. MiniToolBox by Farbar Version: 13-07-2013 Ran by Justin (administrator) on 18-11-2013 at 21:21:34 Running from "C:\Users\Justin\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Dell Wireless 1703 802.11b/g/n (2.4GHz) = Wireless Network Connection (Connected) Hamachi Network Interface = Hamachi (Connected) Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Justin-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : E0-06-E6-A4-9C-80 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : phub.net.cable.rogers.com Description . . . . . . . . . . . : Dell Wireless 1703 802.11b/g/n (2.4GHz) Physical Address. . . . . . . . . : E0-06-E6-A4-9C-7F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::68a9:1ca1:82e8:104a%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : November-18-13 9:15:29 PM Lease Expires . . . . . . . . . . : November-25-13 9:15:29 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 383780582 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-88-0D-0F-18-03-73-33-7A-AF DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 18-03-73-33-7A-AF DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Hamachi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Hamachi Network Interface Physical Address. . . . . . . . . : 7A-79-19-B5-76-03 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2620:9b::19b5:7603(Preferred) Link-local IPv6 Address . . . . . : fe80::701b:1af1:b01a:435f%17(Preferred) IPv4 Address. . . . . . . . . . . : 25.181.118.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.0.0.0 Lease Obtained. . . . . . . . . . : November-18-13 9:15:24 PM Lease Expires . . . . . . . . . . : November-18-14 9:17:31 PM Default Gateway . . . . . . . . . : 2620:9b::1900:1 25.0.0.1 DHCP Server . . . . . . . . . . . : 25.0.0.1 DHCPv6 IAID . . . . . . . . . . . : 511342850 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-88-0D-0F-18-03-73-33-7A-AF DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1c7b:2c9f:3f57:ff9b(Preferred) Link-local IPv6 Address . . . . . : fe80::1c7b:2c9f:3f57:ff9b%18(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.phub.net.cable.rogers.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : phub.net.cable.rogers.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{902C2059-6A4B-4FB9-81A7-DC049BCBDBE3}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 2607:f8b0:400b:80a::1006 74.125.226.101 74.125.226.110 74.125.226.97 74.125.226.104 74.125.226.105 74.125.226.99 74.125.226.100 74.125.226.98 74.125.226.103 74.125.226.96 74.125.226.102 Pinging google.com [173.194.43.101] with 32 bytes of data: Reply from 173.194.43.101: bytes=32 time=32ms TTL=56 Reply from 173.194.43.101: bytes=32 time=30ms TTL=56 Ping statistics for 173.194.43.101: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 30ms, Maximum = 32ms, Average = 31ms Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 98.138.253.109 206.190.36.45 98.139.183.24 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=56ms TTL=51 Reply from 98.138.253.109: bytes=32 time=86ms TTL=51 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 56ms, Maximum = 86ms, Average = 71ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 15...e0 06 e6 a4 9c 80 ......Bluetooth Device (Personal Area Network) 13...e0 06 e6 a4 9c 7f ......Dell Wireless 1703 802.11b/g/n (2.4GHz) 11...18 03 73 33 7a af ......Realtek PCIe GBE Family Controller 17...7a 79 19 b5 76 03 ......Hamachi Network Interface 1...........................Software Loopback Interface 1 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 25.0.0.1 25.181.118.3 9256 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 30 25.0.0.0 255.0.0.0 On-link 25.181.118.3 9256 25.181.118.3 255.255.255.255 On-link 25.181.118.3 9256 25.255.255.255 255.255.255.255 On-link 25.181.118.3 9256 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.100 286 192.168.0.100 255.255.255.255 On-link 192.168.0.100 286 192.168.0.255 255.255.255.255 On-link 192.168.0.100 286 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 25.181.118.3 9256 224.0.0.0 240.0.0.0 On-link 192.168.0.100 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 25.181.118.3 9256 255.255.255.255 255.255.255.255 On-link 192.168.0.100 286 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 25.0.0.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 17 9020 ::/0 2620:9b::1900:1 1 306 ::1/128 On-link 18 58 2001::/32 On-link 18 306 2001:0:9d38:6ab8:1c7b:2c9f:3f57:ff9b/128 On-link 17 276 2620:9b::/96 On-link 17 276 2620:9b::19b5:7603/128 On-link 17 276 fe80::/64 On-link 13 286 fe80::/64 On-link 18 306 fe80::/64 On-link 18 306 fe80::1c7b:2c9f:3f57:ff9b/128 On-link 13 286 fe80::68a9:1ca1:82e8:104a/128 On-link 17 276 fe80::701b:1af1:b01a:435f/128 On-link 1 306 ff00::/8 On-link 18 306 ff00::/8 On-link 17 276 ff00::/8 On-link 13 286 ff00::/8 On-link =========================================================================== Persistent Routes: If Metric Network Destination Gateway 0 4294967295 2620:9b::/96 On-link 0 9000 ::/0 2620:9b::1900:1 =========================================================================== ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/18/2013 09:16:46 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 09:00:37 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 07:41:05 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:40:54 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:17 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:13 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/18/2013 09:06:59 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (11/18/2013 09:16:46 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 09:00:37 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 07:41:05 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:40:54 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:17 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:13 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-11-17 22:11:41.837 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-17 22:11:41.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-24 16:48:56.058 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.817 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.707 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228) Adobe Reader X MUI (Version: 10.0.0) Adobe Shockwave Player 12.0 (Version: 12.0.0.112) Akamai NetSession Interface AMD APP SDK Runtime (Version: 2.5.793.1) AMD AVIVO64 Codecs (Version: 11.7.0.11025) AMD Catalyst Install Manager (Version: 3.0.851.0) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Atheros Bluetooth Suite (64) (Version: 7.4.0.115) Blacklight: Retribution Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2011.1025.2231.38573) Catalyst Control Center InstallProxy (Version: 2011.1025.2231.38573) Catalyst Control Center Localization All (Version: 2011.1025.2231.38573) CCC Help Chinese Standard (Version: 2011.1025.2230.38573) CCC Help Chinese Traditional (Version: 2011.1025.2230.38573) CCC Help Czech (Version: 2011.1025.2230.38573) CCC Help Danish (Version: 2011.1025.2230.38573) CCC Help Dutch (Version: 2011.1025.2230.38573) CCC Help English (Version: 2011.1025.2230.38573) CCC Help Finnish (Version: 2011.1025.2230.38573) CCC Help French (Version: 2011.1025.2230.38573) CCC Help German (Version: 2011.1025.2230.38573) CCC Help Greek (Version: 2011.1025.2230.38573) CCC Help Hungarian (Version: 2011.1025.2230.38573) CCC Help Italian (Version: 2011.1025.2230.38573) CCC Help Japanese (Version: 2011.1025.2230.38573) CCC Help Korean (Version: 2011.1025.2230.38573) CCC Help Norwegian (Version: 2011.1025.2230.38573) CCC Help Polish (Version: 2011.1025.2230.38573) CCC Help Portuguese (Version: 2011.1025.2230.38573) CCC Help Russian (Version: 2011.1025.2230.38573) CCC Help Spanish (Version: 2011.1025.2230.38573) CCC Help Swedish (Version: 2011.1025.2230.38573) CCC Help Thai (Version: 2011.1025.2230.38573) CCC Help Turkish (Version: 2011.1025.2230.38573) ccc-utility64 (Version: 2011.1025.2231.38573) Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) CyberLink PowerDVD 9.5 (Version: 9.5.1.4822) D3DX10 (Version: 15.4.2368.0902) Dell DataSafe Local Backup - Support Software (Version: 9.4.67) Dell DataSafe Local Backup (Version: 9.4.67) Dell Digital Delivery (Version: 2.8.1000.0) Dell Edoc Viewer (Version: 1.0.0) Dell Support Center (Version: 3.1.5907.16) Dell System Detect (Version: 4.0.5.6) Dell WLAN and Bluetooth Client Installation (Version: 9.0) eBay (Version: 1.4.0) ERUNT 1.1j Flyff (Version: Flyff) Google Chrome (Version: 31.0.1650.57) Google Update Helper (Version: 1.3.21.165) Intel® Control Center (Version: 1.2.1.1007) Intel® Management Engine Components (Version: 8.0.1.1399) Intel® Rapid Storage Technology (Version: 11.1.0.1006) Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.219.2) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JavaFX 2.1.1 (Version: 2.1.1) Junk Mail filter update (Version: 15.4.3502.0922) LogMeIn Hamachi (Version: 2.2.0.105) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) Multimedia Card Reader (Version: 1.7.915.93) NVIDIA PhysX (Version: 9.10.0513) PunkBuster Services (Version: 0.992) Python 3.2.5 (Version: 3.2.5150) Realtek High Definition Audio Driver (Version: 6.0.1.6537) Shared C Run-time for x64 (Version: 10.0.0) Skype™ 6.10 (Version: 6.10.104) Steam (Version: 1.0.0.0) swMSM (Version: 12.0.0.1) Team Fortress 2 Unity Web Player (Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Wing IDE 101 4.1.14-1 ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 16% Total physical RAM: 16347.27 MB Available physical RAM: 13611.54 MB Total Pagefile: 32692.72 MB Available Pagefile: 29455.59 MB Total Virtual: 4095.88 MB Available Virtual: 3952.73 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:1850.73 GB) (Free:1575.76 GB) NTFS 2 Drive d: (JasonMraz) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS ========================= Users: ======================================== User accounts for \\JUSTIN-PC Administrator Guest Justin Marcus ========================= Minidump Files ================================== No minidump file found **** End of log **** Thanks again for helping.
  8. When i restarted my computer, a message popped up and it said something about not being able to load java. Is this ok?
  9. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013 Ran by Justin (administrator) on JUSTIN-PC on 18-11-2013 20:50:35 Running from C:\Users\Justin\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [winlogin] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" <===== ATTENTION HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe -update activex [630432 2012-07-05] (Adobe Systems Incorporated) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation) HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-11-29] (cyberlink) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.) HKU\Marcus\...\Policies\system: [LogonHoursAction] 2 HKU\Marcus\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP76DHP&pc=UP76&dt=061313 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = SearchScopes: HKCU - {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1 CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1 CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 CHR Extension: (Daum Equation Editor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe\2.0.1_0 CHR Extension: (AdBlock) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0 CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Psykopaint) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0 CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 ==================== Services (Whitelisted) ================= S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-11-29] (CyberLink) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4703728 2012-11-15] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-15] () R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-18 20:50 - 2013-11-18 20:51 - 00014232 _____ C:\Users\Justin\Downloads\FRST.txt 2013-11-18 20:50 - 2013-11-18 20:50 - 00000000 ____D C:\FRST 2013-11-18 20:49 - 2013-11-18 20:49 - 01957964 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe 2013-11-18 20:47 - 2013-11-18 20:47 - 00000517 _____ C:\Users\Justin\Documents\ESET.txt 2013-11-18 19:36 - 2013-11-18 19:36 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe 2013-11-18 19:36 - 2013-11-18 19:36 - 00000000 ____D C:\Program Files (x86)\ESET 2013-11-18 19:16 - 2013-11-18 19:16 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-11-18 19:09 - 2013-11-18 19:14 - 00000000 ____D C:\AdwCleaner 2013-11-18 19:09 - 2013-11-18 19:09 - 01085542 _____ C:\Users\Justin\Downloads\AdwCleaner.exe 2013-11-18 19:08 - 2013-11-18 19:08 - 00004178 _____ C:\Users\Justin\Desktop\JRT.txt 2013-11-18 19:05 - 2013-11-18 19:05 - 00000000 ____D C:\Windows\ERUNT 2013-11-18 19:04 - 2013-11-18 19:04 - 01034531 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe 2013-11-17 22:13 - 2013-11-17 22:13 - 00024226 _____ C:\ComboFix.txt 2013-11-17 22:06 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-11-17 22:06 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-11-17 22:06 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-11-17 22:05 - 2013-11-17 22:03 - 05146587 ____R (Swearware) C:\Users\Justin\Desktop\ComboFix.exe 2013-11-17 22:04 - 2013-11-17 22:13 - 00000000 ____D C:\Qoobox 2013-11-16 08:05 - 2013-11-16 08:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery 2013-11-14 21:45 - 2013-11-14 21:45 - 00000000 ____D C:\Users\Justin\Desktop\Anti malwarebytes folder in general 2013-11-14 21:44 - 2013-11-17 19:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-14 21:43 - 2013-11-17 19:20 - 00000000 ____D C:\Users\Justin\Desktop\mbar 2013-11-14 21:43 - 2013-11-17 19:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-14 21:43 - 2013-11-14 21:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.07.0.1007.exe 2013-11-14 21:37 - 2013-11-14 21:41 - 00000000 ____D C:\Users\Justin\Desktop\RK_Quarantine 2013-11-14 21:37 - 2013-11-14 21:37 - 04161024 _____ C:\Users\Justin\Downloads\RogueKillerX64.exe 2013-11-14 21:33 - 2013-11-17 22:12 - 00000000 ____D C:\Windows\ERDNT 2013-11-14 21:31 - 2013-11-14 21:32 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Marcus\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Justin\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Marcus\Desktop\ERUNT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Justin\Desktop\ERUNT.lnk 2013-11-14 21:30 - 2013-11-14 21:30 - 00791393 _____ (Lars Hederer ) C:\Users\Justin\Downloads\erunt-setup.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Justin\Downloads\rkill.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 00000000 ____D C:\Users\Justin\Desktop\rkill 2013-11-14 07:57 - 2013-11-14 07:57 - 00024673 _____ C:\Users\Justin\Documents\DDS 1.txt 2013-11-14 07:57 - 2013-11-14 07:57 - 00013997 _____ C:\Users\Justin\Documents\DDS Attached 1.txt 2013-11-14 07:54 - 2013-11-14 07:54 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr 2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-13 09:35 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 09:35 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 09:35 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 09:35 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 09:35 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 09:35 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 09:35 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 09:34 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 09:34 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 09:34 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 09:34 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 09:34 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 09:34 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 09:34 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 09:34 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 09:34 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 08:55 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 08:55 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 08:55 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 08:55 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 08:55 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 08:55 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 08:55 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 08:55 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 08:55 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 08:55 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 08:55 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 08:55 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 08:55 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 08:55 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 08:55 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 08:55 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 08:55 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 08:55 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 08:55 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 08:55 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 08:55 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 08:55 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 08:55 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-13 08:54 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 08:54 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 08:54 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 08:54 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 08:54 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 08:54 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 08:54 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-10 22:18 - 2013-11-10 22:19 - 00000000 ____D C:\Users\Justin\.idlerc 2013-11-09 07:30 - 2013-11-09 07:30 - 00000000 ____D C:\found.001 2013-11-05 17:36 - 2013-11-10 15:14 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Wing 101 4 2013-11-05 17:36 - 2013-11-10 15:14 - 00000000 ____D C:\Users\Justin\AppData\Local\Wing 101 4 2013-11-05 17:36 - 2013-11-05 17:36 - 00000000 ____D C:\Program Files (x86)\Wing IDE 101 4.1 2013-11-05 17:35 - 2013-11-05 17:35 - 25698993 _____ ( ) C:\Users\Justin\Downloads\wingide-101-4.1.14-1.exe 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Python32 2013-11-05 17:31 - 2013-11-05 17:32 - 18329600 _____ C:\Users\Justin\Downloads\python-3.2.5.msi 2013-11-04 20:44 - 2013-11-04 22:50 - 00000000 ____D C:\Users\Justin\Documents\Grade 7 Work-Trevor 2013-10-30 20:07 - 2013-10-30 20:24 - 00000000 ____D C:\Users\Justin\Documents\MARCUS 2013-10-25 19:23 - 2013-10-25 19:23 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (6).exe 2013-10-25 19:21 - 2013-10-25 19:21 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (5).exe 2013-10-25 18:31 - 2013-10-25 18:31 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (4).exe 2013-10-25 18:30 - 2013-10-25 18:30 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (3).exe 2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\found.000 ==================== One Month Modified Files and Folders ======= 2013-11-18 20:51 - 2013-11-18 20:50 - 00014232 _____ C:\Users\Justin\Downloads\FRST.txt 2013-11-18 20:50 - 2013-11-18 20:50 - 00000000 ____D C:\FRST 2013-11-18 20:49 - 2013-11-18 20:49 - 01957964 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe 2013-11-18 20:49 - 2012-09-19 06:29 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Skype 2013-11-18 20:48 - 2012-11-24 08:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-18 20:47 - 2013-11-18 20:47 - 00000517 _____ C:\Users\Justin\Documents\ESET.txt 2013-11-18 20:23 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-18 20:20 - 2012-07-05 20:03 - 01971451 _____ C:\Windows\WindowsUpdate.log 2013-11-18 19:55 - 2012-07-05 20:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-11-18 19:55 - 2012-07-05 20:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-18 19:49 - 2013-04-14 12:46 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0912F67-3A64-4CAD-9B55-2C128C4A4342} 2013-11-18 19:47 - 2012-07-24 07:33 - 00000000 ____D C:\Users\Justin\AppData\Roaming\.minecraft 2013-11-18 19:36 - 2013-11-18 19:36 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe 2013-11-18 19:36 - 2013-11-18 19:36 - 00000000 ____D C:\Program Files (x86)\ESET 2013-11-18 19:22 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-18 19:22 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-18 19:16 - 2013-11-18 19:16 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-11-18 19:16 - 2013-04-27 14:33 - 00000000 ____D C:\Users\Justin\AppData\Local\LogMeIn Hamachi 2013-11-18 19:16 - 2012-11-24 08:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-18 19:16 - 2012-09-26 06:08 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-18 19:16 - 2012-07-05 20:23 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-11-18 19:15 - 2012-07-05 20:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-11-18 19:15 - 2012-07-05 20:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-11-18 19:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-18 19:15 - 2009-07-13 23:51 - 00118031 _____ C:\Windows\setupact.log 2013-11-18 19:14 - 2013-11-18 19:09 - 00000000 ____D C:\AdwCleaner 2013-11-18 19:09 - 2013-11-18 19:09 - 01085542 _____ C:\Users\Justin\Downloads\AdwCleaner.exe 2013-11-18 19:08 - 2013-11-18 19:08 - 00004178 _____ C:\Users\Justin\Desktop\JRT.txt 2013-11-18 19:05 - 2013-11-18 19:05 - 00000000 ____D C:\Windows\ERUNT 2013-11-18 19:04 - 2013-11-18 19:04 - 01034531 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe 2013-11-18 16:49 - 2012-11-24 08:17 - 00000000 ____D C:\Users\Justin\AppData\Local\Apps\2.0 2013-11-18 15:43 - 2010-11-20 22:47 - 00041320 _____ C:\Windows\PFRO.log 2013-11-17 22:13 - 2013-11-17 22:13 - 00024226 _____ C:\ComboFix.txt 2013-11-17 22:13 - 2013-11-17 22:04 - 00000000 ____D C:\Qoobox 2013-11-17 22:13 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default 2013-11-17 22:12 - 2013-11-14 21:33 - 00000000 ____D C:\Windows\ERDNT 2013-11-17 22:12 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini 2013-11-17 22:03 - 2013-11-17 22:05 - 05146587 ____R (Swearware) C:\Users\Justin\Desktop\ComboFix.exe 2013-11-17 20:47 - 2012-08-10 21:35 - 00000000 ____D C:\Users\Justin\AppData\Roaming\SoftGrid Client 2013-11-17 19:20 - 2013-11-14 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-17 19:20 - 2013-11-14 21:43 - 00000000 ____D C:\Users\Justin\Desktop\mbar 2013-11-17 19:10 - 2013-11-14 21:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-16 12:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-11-16 10:25 - 2013-02-15 13:02 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2013-11-16 10:25 - 2013-02-15 12:38 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-11-16 09:26 - 2013-02-16 08:03 - 00007597 _____ C:\Users\Justin\AppData\Local\Resmon.ResmonCfg 2013-11-16 09:26 - 2013-02-15 12:38 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-11-16 08:05 - 2013-11-16 08:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery 2013-11-15 23:39 - 2013-06-12 20:20 - 00001945 _____ C:\Windows\epplauncher.mif 2013-11-15 23:38 - 2013-06-12 20:19 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-15 23:38 - 2013-06-12 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-15 12:33 - 2013-10-17 16:20 - 00000125 _____ C:\Users\Justin\Desktop\MC CORDS MUT.txt 2013-11-14 21:45 - 2013-11-14 21:45 - 00000000 ____D C:\Users\Justin\Desktop\Anti malwarebytes folder in general 2013-11-14 21:43 - 2013-11-14 21:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.07.0.1007.exe 2013-11-14 21:41 - 2013-11-14 21:37 - 00000000 ____D C:\Users\Justin\Desktop\RK_Quarantine 2013-11-14 21:37 - 2013-11-14 21:37 - 04161024 _____ C:\Users\Justin\Downloads\RogueKillerX64.exe 2013-11-14 21:32 - 2013-11-14 21:31 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Marcus\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Justin\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Marcus\Desktop\ERUNT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Justin\Desktop\ERUNT.lnk 2013-11-14 21:30 - 2013-11-14 21:30 - 00791393 _____ (Lars Hederer ) C:\Users\Justin\Downloads\erunt-setup.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Justin\Downloads\rkill.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 00000000 ____D C:\Users\Justin\Desktop\rkill 2013-11-14 18:43 - 2012-12-10 20:41 - 00000000 ____D C:\Users\Justin\AppData\Roaming\.techniclauncher 2013-11-14 07:57 - 2013-11-14 07:57 - 00024673 _____ C:\Users\Justin\Documents\DDS 1.txt 2013-11-14 07:57 - 2013-11-14 07:57 - 00013997 _____ C:\Users\Justin\Documents\DDS Attached 1.txt 2013-11-14 07:54 - 2013-11-14 07:54 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr 2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-13 09:34 - 2013-07-19 22:15 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 09:33 - 2012-11-29 08:11 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-11 08:32 - 2013-09-13 21:26 - 00000000 ____D C:\Users\Justin\Documents\grade 10 work 2013-11-10 22:19 - 2013-11-10 22:18 - 00000000 ____D C:\Users\Justin\.idlerc 2013-11-10 22:18 - 2012-07-23 20:47 - 00000000 ____D C:\Users\Justin 2013-11-10 15:14 - 2013-11-05 17:36 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Wing 101 4 2013-11-10 15:14 - 2013-11-05 17:36 - 00000000 ____D C:\Users\Justin\AppData\Local\Wing 101 4 2013-11-09 07:30 - 2013-11-09 07:30 - 00000000 ____D C:\found.001 2013-11-05 20:04 - 2012-07-05 20:25 - 00000000 ____D C:\ProgramData\Skype 2013-11-05 17:36 - 2013-11-05 17:36 - 00000000 ____D C:\Program Files (x86)\Wing IDE 101 4.1 2013-11-05 17:35 - 2013-11-05 17:35 - 25698993 _____ ( ) C:\Users\Justin\Downloads\wingide-101-4.1.14-1.exe 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Python32 2013-11-05 17:32 - 2013-11-05 17:31 - 18329600 _____ C:\Users\Justin\Downloads\python-3.2.5.msi 2013-11-04 22:50 - 2013-11-04 20:44 - 00000000 ____D C:\Users\Justin\Documents\Grade 7 Work-Trevor 2013-10-31 13:10 - 2013-10-09 19:55 - 00014911 ____H C:\Users\Justin\Documents\~WRL0004.tmp 2013-10-30 20:24 - 2013-10-30 20:07 - 00000000 ____D C:\Users\Justin\Documents\MARCUS 2013-10-25 19:23 - 2013-10-25 19:23 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (6).exe 2013-10-25 19:21 - 2013-10-25 19:21 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (5).exe 2013-10-25 18:31 - 2013-10-25 18:31 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (4).exe 2013-10-25 18:30 - 2013-10-25 18:30 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (3).exe 2013-10-25 07:09 - 2009-07-14 00:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-24 19:17 - 2012-07-05 20:34 - 00000000 ____D C:\ProgramData\McAfee 2013-10-19 19:35 - 2012-11-11 08:19 - 00000000 ____D C:\Users\Justin\AppData\Local\CrashDumps 2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\found.000 Files to move or delete: ==================== C:\Users\Justin\jagex_cl_loginapplet_LIVE.dat C:\Users\Justin\jagex_cl_oldschool_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE1.dat C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat C:\Users\Justin\random.dat C:\Users\Marcus\jagex_cl_runescape_LIVE.dat C:\Users\Marcus\random.dat Some content of TEMP: ==================== C:\Users\Justin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 19:37 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013 Ran by Justin at 2013-11-18 20:51:12 Running from C:\Users\Justin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228) Adobe Reader X MUI (x32 Version: 10.0.0) Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112) Akamai NetSession Interface (HKCU) AMD APP SDK Runtime (Version: 2.5.793.1) AMD AVIVO64 Codecs (Version: 11.7.0.11025) AMD Catalyst Install Manager (Version: 3.0.851.0) Apple Application Support (x32 Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Atheros Bluetooth Suite (64) (Version: 7.4.0.115) Blacklight: Retribution (x32) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2011.1025.2231.38573) Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573) Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573) CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573) CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573) CCC Help Czech (x32 Version: 2011.1025.2230.38573) CCC Help Danish (x32 Version: 2011.1025.2230.38573) CCC Help Dutch (x32 Version: 2011.1025.2230.38573) CCC Help English (x32 Version: 2011.1025.2230.38573) CCC Help Finnish (x32 Version: 2011.1025.2230.38573) CCC Help French (x32 Version: 2011.1025.2230.38573) CCC Help German (x32 Version: 2011.1025.2230.38573) CCC Help Greek (x32 Version: 2011.1025.2230.38573) CCC Help Hungarian (x32 Version: 2011.1025.2230.38573) CCC Help Italian (x32 Version: 2011.1025.2230.38573) CCC Help Japanese (x32 Version: 2011.1025.2230.38573) CCC Help Korean (x32 Version: 2011.1025.2230.38573) CCC Help Norwegian (x32 Version: 2011.1025.2230.38573) CCC Help Polish (x32 Version: 2011.1025.2230.38573) CCC Help Portuguese (x32 Version: 2011.1025.2230.38573) CCC Help Russian (x32 Version: 2011.1025.2230.38573) CCC Help Spanish (x32 Version: 2011.1025.2230.38573) CCC Help Swedish (x32 Version: 2011.1025.2230.38573) CCC Help Thai (x32 Version: 2011.1025.2230.38573) CCC Help Turkish (x32 Version: 2011.1025.2230.38573) ccc-utility64 (Version: 2011.1025.2231.38573) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4822) D3DX10 (x32 Version: 15.4.2368.0902) Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.67) Dell DataSafe Local Backup (x32 Version: 9.4.67) Dell Digital Delivery (x32 Version: 2.8.1000.0) Dell Edoc Viewer (Version: 1.0.0) Dell Support Center (Version: 3.1.5907.16) Dell System Detect (HKCU Version: 4.0.5.6) Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0) eBay (x32 Version: 1.4.0) ERUNT 1.1j (x32) Flyff (x32 Version: Flyff) Google Chrome (x32 Version: 31.0.1650.57) Google Update Helper (x32 Version: 1.3.21.165) Intel® Control Center (x32 Version: 1.2.1.1007) Intel® Management Engine Components (x32 Version: 8.0.1.1399) Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.219.2) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) JavaFX 2.1.1 (x32 Version: 2.1.1) Junk Mail filter update (x32 Version: 15.4.3502.0922) LogMeIn Hamachi (x32 Version: 2.2.0.105) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) Multimedia Card Reader (x32 Version: 1.7.915.93) NVIDIA PhysX (x32 Version: 9.10.0513) PunkBuster Services (x32 Version: 0.992) Python 3.2.5 (x32 Version: 3.2.5150) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6537) Shared C Run-time for x64 (Version: 10.0.0) Skype™ 6.10 (x32 Version: 6.10.104) Steam (x32 Version: 1.0.0.0) swMSM (x32 Version: 12.0.0.1) Team Fortress 2 (x32) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Wing IDE 101 4.1.14-1 (x32) ==================== Restore Points ========================= 01-11-2013 19:45:01 Windows Update 05-11-2013 00:00:41 Windows Update 05-11-2013 22:33:52 Installed Python 3.2.5 08-11-2013 13:28:39 Windows Update 11-11-2013 21:34:20 Windows Update 13-11-2013 14:32:51 Windows Update 16-11-2013 04:38:33 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-11-17 22:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {398DCA99-E6A0-4EAB-B7CC-E8B916924867} - System32\Tasks\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing Task: {7597B4C2-D4E1-46DD-83BE-3DEE99FCE02D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {B0544255-306A-470F-BEA0-5F8E2DC92A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {CB044637-56B5-4957-B688-6F84F7804C66} - System32\Tasks\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsPlugin Task: {DD8314FE-96FA-4EF2-9460-E59D827E35B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EF767369-4FF8-4D67-904D-B02740E544A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-25 21:29 - 2011-10-25 21:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-03-12 16:10 - 2013-10-24 12:45 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2012-09-26 06:09 - 2013-10-30 14:25 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-09-26 06:09 - 2013-10-23 15:07 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-09-26 06:09 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-09-26 06:09 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-09-26 06:09 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2013-11-15 18:51 - 2013-11-14 06:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll 2013-11-15 18:51 - 2013-11-14 06:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll 2013-11-15 18:51 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll 2013-11-15 18:51 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll 2013-11-15 18:51 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll 2013-11-12 10:04 - 2013-11-12 10:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2013-08-15 12:40 - 2013-08-15 12:40 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll 2012-07-05 20:15 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-07-05 20:17 - 2012-01-21 02:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-11-15 18:51 - 2013-11-14 06:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/18/2013 07:41:05 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:40:54 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:17 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:13 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Microsoft Office Sessions: ========================= Error: (11/18/2013 07:41:05 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:40:54 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:17 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:13 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-11-17 22:11:41.837 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-17 22:11:41.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-24 16:48:56.058 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.817 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.707 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 16347.27 MB Available physical RAM: 12493.2 MB Total Pagefile: 32692.72 MB Available Pagefile: 28184.96 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1850.73 GB) (Free:1574.19 GB) NTFS Drive d: (JasonMraz) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 52097581) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=-211820740608) - (Type=07 NTFS) ==================== End Of Log ============================
  10. ESET report C:\AdwCleaner\Quarantine\C\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New\ldrtbWhit.dll.vir a variant of Win32/Toolbar.Conduit.P applicationC:\AdwCleaner\Quarantine\C\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New\tbWhit.dll.vir a variant of Win32/Toolbar.Conduit.B applicationC:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
  11. # AdwCleaner v3.012 - Report created 18/11/2013 at 19:13:51 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Justin - JUSTIN-PC # Running from : C:\Users\Justin\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Justin\AppData\Local\Zoom_Downloader Folder Deleted : C:\Users\Marcus\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Marcus\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F096C143-1B1A-4AA5-8A76-C8328D0C990C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D9AE4B5-D7B8-4921-840F-A56853795496} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}] Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New Key Deleted : HKLM\Software\WhiteSmoke_US_New Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [2492 octets] - [18/11/2013 19:10:03] AdwCleaner[s0].txt - [2423 octets] - [18/11/2013 19:13:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2483 octets] ########## Ok this was the quick scan and nothing appeared. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.18.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Justin :: JUSTIN-PC [administrator] 18/11/2013 7:24:50 PM mbam-log-2013-11-18 (19-24-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232692 Time elapsed: 1 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected)
  12. ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{462be121-2b54-4218-bf00-b9bf8135b23f} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3244149 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17B4D302-7C07-4A08-A046-A9652065DA7E} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462BE121-2B54-4218-BF00-B9BF8135B23F} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{462be121-2b54-4218-bf00-b9bf8135b23f} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\Users\Justin\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\whitesmoke_us_new" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\whitesmoke_us_new" Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{4555C4D4-FC54-4085-8C19-266CF438F493} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{60B8E0D4-2DC5-4813-9388-7586F27B7EC0} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{6FC26D8E-AAEC-45DF-89F9-ED019E62AD73} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{AC5607AE-E101-4575-823C-0D2958DD9DC1} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{FE31A663-2797-431B-9D3F-AB60320B35FD} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18/11/2013 at 19:08:32.60 End of JRT log # AdwCleaner v3.012 - Report created 18/11/2013 at 19:10:03 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Justin - JUSTIN-PC # Running from : C:\Users\Justin\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal Folder Found C:\Users\Justin\AppData\Local\Zoom_Downloader Folder Found C:\Users\Marcus\AppData\LocalLow\Conduit Folder Found C:\Users\Marcus\AppData\LocalLow\PriceGong Folder Found C:\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D9AE4B5-D7B8-4921-840F-A56853795496} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F096C143-1B1A-4AA5-8A76-C8328D0C990C} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar Key Found : HKLM\Software\WhiteSmoke_US_New Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. ComboFix 13-11-16.01 - Justin 17/11/2013 22:07:44.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16347.13440 [GMT -5:00] Running from: c:\users\Justin\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\Team Fortress 2.url c:\users\Justin\AppData\Roaming\technic-launcher.jar c:\users\Justin\Documents\~WRL1015.tmp c:\users\Justin\Documents\~WRL3678.tmp c:\windows\RPSETUP.EXE.LOG c:\windows\security\Database\tmp.edb c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 ))))))))))))))))))))))))))))))) . . 2013-11-18 03:11 . 2013-11-18 03:11 -------- d-----w- c:\users\Marcus\AppData\Local\temp 2013-11-18 03:11 . 2013-11-18 03:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-18 03:01 . 2013-11-18 03:01 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CDE71A-5B8B-4905-800B-D0715169544B}\offreg.dll 2013-11-17 23:44 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CDE71A-5B8B-4905-800B-D0715169544B}\mpengine.dll 2013-11-16 13:13 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-16 13:05 . 2013-11-16 13:05 -------- d-----w- c:\program files (x86)\Dell Digital Delivery 2013-11-15 02:44 . 2013-11-18 00:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-15 02:43 . 2013-11-18 00:10 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-15 02:31 . 2013-11-15 02:32 -------- d-----w- c:\program files (x86)\ERUNT 2013-11-13 21:26 . 2013-11-13 21:26 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-11-13 14:34 . 2013-10-12 08:45 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-11-13 14:34 . 2013-10-12 08:45 1364992 ----a-w- c:\windows\system32\urlmon.dll 2013-11-13 14:34 . 2013-10-12 08:43 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-11-13 14:34 . 2013-10-12 07:03 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-11-13 14:34 . 2013-10-12 07:02 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-11-13 14:34 . 2013-10-12 08:45 2241536 ----a-w- c:\windows\system32\wininet.dll 2013-11-13 14:34 . 2013-10-12 07:03 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-11-13 14:34 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll 2013-11-13 14:34 . 2013-10-12 08:43 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-11-13 13:54 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll 2013-11-13 13:54 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-11-13 13:54 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-11-13 13:54 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-11-13 13:54 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-11-13 13:54 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-11-13 13:54 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-11-11 03:18 . 2013-11-11 03:19 -------- d-----w- c:\users\Justin\.idlerc 2013-11-09 12:30 . 2013-11-09 12:30 -------- d-----w- C:\found.001 2013-11-06 23:06 . 2013-10-20 15:37 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96A5486B-B589-4D57-B7F6-DB211F210477}\gapaengine.dll 2013-11-05 22:36 . 2013-11-10 20:14 -------- d-----w- c:\users\Justin\AppData\Roaming\Wing 101 4 2013-11-05 22:36 . 2013-11-10 20:14 -------- d-----w- c:\users\Justin\AppData\Local\Wing 101 4 2013-11-05 22:36 . 2013-11-05 22:36 -------- d-----w- c:\program files (x86)\Wing IDE 101 4.1 2013-11-05 22:34 . 2013-11-05 22:34 98304 ----a-r- c:\users\Justin\AppData\Roaming\Microsoft\Installer\{AE3AAD33-1790-415F-A3D0-63FC889FD49E}\python_icon.exe 2013-11-05 22:34 . 2013-11-05 22:34 -------- d-----w- C:\Python32 2013-10-19 19:58 . 2013-10-19 19:58 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-16 15:25 . 2013-02-15 18:02 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-11-16 15:25 . 2013-02-15 17:38 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-11-16 14:26 . 2013-02-15 17:38 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-11-13 14:33 . 2012-11-29 13:11 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-10-20 15:37 . 2013-06-14 11:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 14:53 . 2013-01-20 19:59 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-09-08 02:30 . 2013-10-10 12:09 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-10 12:09 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-10 12:09 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 01:37 . 2013-10-13 22:20 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 01:37 . 2013-10-13 22:20 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 01:37 . 2013-10-13 22:20 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 01:37 . 2013-10-13 22:20 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 01:37 . 2013-10-13 22:20 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 01:37 . 2013-10-13 22:20 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 01:37 . 2013-10-13 22:20 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-29 02:17 . 2013-10-10 12:09 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-10 12:09 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-10 12:09 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-10 12:09 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-10 12:09 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-10 12:09 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-10 12:09 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-10 12:09 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-10 12:09 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-10 12:09 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-10 12:09 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-10 12:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-10 12:09 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-10 12:09 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-10 12:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-10 12:09 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-10 12:09 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-10 12:09 461312 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WhiteSmoke_US_New\prxtbWhit.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{462be121-2b54-4218-bf00-b9bf8135b23f}"= "c:\program files (x86)\WhiteSmoke_US_New\prxtbWhit.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{462be121-2b54-4218-bf00-b9bf8135b23f}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280] "Akamai NetSession Interface"="c:\users\Justin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] "winlogin"="c:\program files (x86)\Java\jre7\bin\javaw.exe" [2013-06-26 175016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-11-29 75048] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/05 20:29;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-15 23:48 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 01:06] . 2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 13:17] . 2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 13:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712] "AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432] "AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local Trusted Zone: dell.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-DownloadManager - c:\program files (x86)\Zoom Downloader\DownloadManager.exe Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe Toolbar-Locked - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-17 22:13:35 ComboFix-quarantined-files.txt 2013-11-18 03:13 . Pre-Run: 1,689,537,916,928 bytes free Post-Run: 1,690,586,857,472 bytes free . - - End Of File - - BBB919F6D9A5706558979B64F31C9296 Thank you again for your help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.