Jump to content

I'm at Risk! What's the better way to do!?


Recommended Posts

Hi,

I have a little issue on my laptop,

"My Anti-Virus Keeps On Popping Up! Saying My Computer Is At Risk." It started last week of April this year.

It happen every time so I regularly scan my laptop and I always try to turn on my windows firewall but an error always popped up on my screen and on my 3rd full scan it detected ZeroAccess-FBRB!E2841A80651A

Untitled8.jpg

Untitled.jpg Untitled2.jpg Untitled3.jpg Untitled4.jpg

I tried to locate the file location of the malicious software and I found two of the folder.

Untitled6.jpg Untitled9.jpg Untitled14.jpg Untitled10.jpg

I thought the malware came from the adobe flash player 11 that I installed last april 6 so I immediately uninstall it.

I even tried to delete the containing folders but an error says I need to provide an administrators permission to delete the files.

Untitled13.jpg https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-285963-42201/450-224/Untitled16.jpg

I also do this windows icon+Tab+R and type "services.msc" but unfortunately "back filter" and "windows service" if I'm not mistaken it wasn"t there

https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-285963-42202/450-398/Untitled11.jpg https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-285963-42203/450-397/Untitled12.jpg

I also experience lag on my laptop, sometimes it suddenly stop you wont be able to even move the cursor.

After an hour of checking the cause I scan it again before I sleep and it says that there's "No Issues Detected" but all of the issues are still there.

https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-285963-42206/450-325/Untitled15.jpg

please help me I don't know what to do about this problem. I don't have any single idea to fix this. I looking forward to talk to anyone. Help me dealing this problem please Thank You!!

Link to post
Share on other sites

  • Replies 131
  • Created
  • Last Reply

Top Posters In This Topic

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Your computer is infected by the ZeroAccess trojan which inserts itself into elemantary system processes and terminates security programs. Let´s get some more information.

Step 1: Gmer

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
  2. Click Upload.

Step 2: DDS

Download DDS and save it to your desktop from here

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will save 2 logs to your desktop
    1. DDS.txt
    2. Attach.txt

Link to post
Share on other sites

Then let´s try something else instead:

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

HERE'S THE "FRST"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-06-2013 02

Ran by Mariano (administrator) on 04-06-2013 23:31:14

Running from C:\Users\New One\Desktop\Malwarebytes.org

Windows 8 Single Language (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

() C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

() C:\windows\SysWOW64\PnkBstrA.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

(Microsoft) C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe

(Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe

(AMD) C:\windows\system32\atieclxx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe

() C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe

(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe

(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Yontoo LLC) C:\Users\New One\AppData\Roaming\Yontoo\YontooDesktop.exe

(TypingMaster, Inc) C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe

(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe

(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6842000 2012-09-25] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 [1230992 2012-09-28] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-20] (Dell Inc.)

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4123 2012-05-31] ()

HKLM\...\Run: [btTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [763520 2012-08-09] (Qualcomm Atheros)

HKLM\...\Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [127616 2012-08-09] (Qualcomm Atheros Commnucations)

HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [511672 2012-11-21] (Acronis)

HKCU\...\Run: [Yontoo Desktop] "C:\Users\New One\AppData\Roaming\Yontoo\YontooDesktop.exe" [42784 2013-03-23] (Yontoo LLC)

HKCU\...\Run: [QuickPhrase] "C:\Program Files (x86)\TypingMaster\QuickPhrase\quickphrase.exe" [638992 2007-08-03] (TypingMaster, Inc)

HKCU\...\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1516632 2012-06-26] (Nokia)

HKCU\...\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3573624 2013-04-06] (Tonec Inc.)

MountPoints2: {23069c51-99c2-11e2-be79-9c2a70494ffc} - "E:\AutoRun.exe"

MountPoints2: {23069c99-99c2-11e2-be79-9c2a70494ffc} - "E:\AutoRun.exe"

MountPoints2: {3a09f1c0-cc0b-11e2-bf78-9c2a70494ffb} - "E:\AutoRun.exe"

MountPoints2: {87309e64-9e94-11e2-be9a-9c2a70494ffc} - "E:\AutoRun.exe"

MountPoints2: {8a9a331b-cc3d-11e2-bf83-9c2a70494ffb} - "E:\AutoRun.exe"

MountPoints2: {8dc86687-a4a0-11e2-bebd-9c2a70494ffc} - "E:\AutoRun.exe"

MountPoints2: {8dc866b8-a4a0-11e2-bebd-9c2a70494ffc} - "E:\AutoRun.exe"

MountPoints2: {baa1027a-95fb-11e2-be75-9c2a70494ffc} - "E:\AutoRun.exe"

MountPoints2: {e274559a-cc1c-11e2-bf7d-9c2a70494ffb} - "E:\AutoRun.exe"

MountPoints2: {e38029c9-97db-11e2-be77-9c2a70494ffc} - "E:\AutoRun.exe"

MountPoints2: {e3802a71-97db-11e2-be77-9c2a70494ffc} - "E:\AutoRun.exe"

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-10] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-04] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [143888 2012-06-02] (CyberLink Corp.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [6010784 2012-11-26] (Acronis)

HKLM-x32\...\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-05] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/

URLSearchHook: (No Name) - {96f454ea-9d38-474f-b504-56193e00c1a5} - No File

HKCU SearchScopes: DefaultScope {A8C4A05F-A0C6-4EF6-8057-8BA987410DEB} URL = http://searchou.com/?q={searchTerms}&id=787330340000000000009c2a70494ffc&r=437

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=78739C2A70494FFC

SearchScopes: HKCU - {90C067CF-1FBC-4CB5-BD99-D5E6BF63A5D8} URL =

SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}

SearchScopes: HKCU - {A8C4A05F-A0C6-4EF6-8057-8BA987410DEB} URL = http://searchou.com/?q={searchTerms}&id=787330340000000000009c2a70494ffc&r=437

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\New One\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130414211533.dll (McAfee, Inc.)

BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\New One\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130414211533.dll (McAfee, Inc.)

BHO-x32: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - No File

BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll (TODO: <Company name>)

BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

Toolbar: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File

Toolbar: HKCU - No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} - No File

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

FireFox:

========

FF ProfilePath: C:\Users\New One\AppData\Roaming\Mozilla\Firefox\Profiles\yww2a2lt.default

FF SelectedSearchEngine: Delta Search

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Privitize.com - C:\Users\New One\AppData\Roaming\Mozilla\Firefox\Profiles\yww2a2lt.default\Extensions\ffxtlbr@privitize.com

FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\New One\AppData\Roaming\Mozilla\Firefox\Profiles\yww2a2lt.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

FF Extension: ftdownloader3 - C:\Users\New One\AppData\Roaming\Mozilla\Firefox\Profiles\yww2a2lt.default\Extensions\ftdownloader3@ftdownloader.com.xpi

FF Extension: gophoto - C:\Users\New One\AppData\Roaming\Mozilla\Firefox\Profiles\yww2a2lt.default\Extensions\gophoto@gophoto.it.xpi

FF Extension: socksharedownloader - C:\Users\New One\AppData\Roaming\Mozilla\Firefox\Profiles\yww2a2lt.default\Extensions\socksharedownloader@socksharedownloader.com.xpi

FF Extension: torntv2 - C:\Users\New One\AppData\Roaming\Mozilla\Firefox\Profiles\yww2a2lt.default\Extensions\torntv2@torntv.com.xpi

Chrome:

=======

CHR HomePage: hxxp://www2.delta-search.com/?affID=119293&babsrc=HP_ss&mntrId=78739C2A70494FFC

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (MPCBrowser Update) - C:\Users\New One\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll No File

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0

CHR Extension: (Google Docs) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Kate Spade) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0

CHR Extension: (uTorrentControl_v6) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.16.2.509_0

CHR Extension: (Google Search) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Complitly plugin for chrome) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0

CHR Extension: (Box - 5 GB Free Storage) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0

CHR Extension: (express-files) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\10.16.1.521_0

CHR Extension: (IDM Integration) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0

CHR Extension: (Autodesk Homestyler) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0

CHR Extension: (Webcam Toy) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.4_0

CHR Extension: (Skype Click to Call) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0

CHR Extension: (ButtonBass Player Piano) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi\2.1_0

CHR Extension: (Planner 5D) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0

CHR Extension: (Yontoo) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0

CHR Extension: (Autodesk 123D Make) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcbnagfoedaclggcfcoodicggmnlhajl\0.0.0.1_1

CHR Extension: (Gmail) - C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-09] (Qualcomm Atheros Commnucations)

R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-27] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-04-10] ()

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-01] (Realtek Semiconductor)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)

R2 StrartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [71488 2013-01-23] (IObit)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-17] (TuneUp Software)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

R2 Yontoo Desktop Updater; C:\Users\New One\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-09] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink)

S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)

R3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)

R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-21] (Synaptics Incorporated)

R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-03-26] (Acronis)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software)

R0 fltsrv; system32\DRIVERS\fltsrv.sys [x]

U3 mfeavfk01; No ImagePath

R0 snapman; system32\DRIVERS\snapman.sys [x]

R0 tdrpman; system32\DRIVERS\tdrpman.sys [x]

S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [x]

S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [x]

S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [x]

U3 uxtoypod; \??\C:\Users\NEWONE~1\AppData\Local\Temp\uxtoypod.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-04 23:31 - 2013-06-04 23:31 - 00000000 ____D C:\FRST

2013-06-04 23:27 - 2013-06-04 23:27 - 00000000 ___RD C:\Users\New One\Documents\Notes

2013-06-04 23:07 - 2013-06-04 23:24 - 00000000 ____D C:\Users\New One\Desktop\Malwarebytes.org

2013-06-03 19:06 - 2013-06-03 19:06 - 00281216 ____A C:\Windows\Minidump\060313-19359-01.dmp

2013-06-03 15:16 - 2013-06-03 15:16 - 00281280 ____A C:\Windows\Minidump\060313-21843-01.dmp

2013-06-03 14:39 - 2013-06-03 14:39 - 00281280 ____A C:\Windows\Minidump\060313-26703-01.dmp

2013-06-03 14:30 - 2013-06-03 14:30 - 00000000 ____D C:\Users\New One\AppData\Roaming\Malwarebytes

2013-06-03 14:30 - 2013-06-03 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-06-03 14:18 - 2013-06-03 13:57 - 51472752 ____A C:\Users\New One\Desktop\How to reset -- recover -- refresh Slow Windows 8.mp4

2013-06-03 14:18 - 2013-06-03 13:20 - 10601290 ____A C:\Users\New One\Desktop\Windows 8 Blue Screen Of Death - How To Uninstall A Windows8 Update.mp4

2013-06-03 14:18 - 2013-06-03 13:05 - 02211527 ____A C:\Users\New One\Desktop\How to Easily Fix the Blue Screen of Death.mp4

2013-06-03 13:06 - 2013-06-03 13:06 - 00281216 ____A C:\Windows\Minidump\060313-32859-01.dmp

2013-06-03 10:49 - 2013-06-03 11:30 - 48444673 ____A C:\Users\New One\Desktop\Make Windows 8 Run Faster and Fix Errors Slow Blue Screen of Death BSOD How To Tutorial.mp4

2013-06-03 10:09 - 2013-06-03 10:09 - 00279728 ____A C:\Windows\Minidump\060313-49203-01.dmp

2013-06-03 10:08 - 2013-06-03 10:09 - 00432256 ____A C:\Windows\System32\FNTCACHE.DAT

2013-06-02 15:59 - 2013-06-03 19:06 - 00000000 ____D C:\Windows\Minidump

2013-06-02 15:59 - 2013-06-02 16:00 - 00279728 ____A C:\Windows\Minidump\060213-51781-01.dmp

2013-05-25 09:24 - 2013-06-03 19:06 - 330893564 ____A C:\Windows\MEMORY.DMP

2013-05-24 23:00 - 2013-04-09 13:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll

2013-05-24 23:00 - 2013-04-09 13:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll

2013-05-24 23:00 - 2013-04-09 13:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe

2013-05-24 23:00 - 2013-04-09 13:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys

2013-05-24 23:00 - 2013-04-09 13:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll

2013-05-24 23:00 - 2013-04-09 13:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll

2013-05-24 23:00 - 2013-04-09 13:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll

2013-05-24 23:00 - 2013-04-09 13:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-05-24 23:00 - 2013-04-09 12:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe

2013-05-24 23:00 - 2013-04-09 12:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe

2013-05-24 23:00 - 2013-04-09 12:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe

2013-05-24 23:00 - 2013-04-09 12:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe

2013-05-24 23:00 - 2013-04-09 12:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe

2013-05-24 23:00 - 2013-04-09 12:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll

2013-05-24 23:00 - 2013-04-09 12:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-05-24 23:00 - 2013-04-09 12:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll

2013-05-24 23:00 - 2013-04-09 12:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll

2013-05-24 23:00 - 2013-04-09 12:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll

2013-05-24 23:00 - 2013-04-09 12:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-24 23:00 - 2013-04-09 12:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll

2013-05-24 23:00 - 2013-04-09 12:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl

2013-05-24 23:00 - 2013-04-09 12:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll

2013-05-24 23:00 - 2013-04-09 10:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-24 23:00 - 2013-04-09 10:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys

2013-05-24 23:00 - 2013-04-09 10:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys

2013-05-24 23:00 - 2013-04-09 10:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys

2013-05-24 23:00 - 2013-04-09 10:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys

2013-05-24 23:00 - 2013-04-09 10:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys

2013-05-24 23:00 - 2013-04-09 10:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys

2013-05-24 23:00 - 2013-04-09 10:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys

2013-05-24 23:00 - 2013-04-09 10:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys

2013-05-24 23:00 - 2013-04-09 07:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll

2013-05-24 23:00 - 2013-04-09 07:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-05-24 23:00 - 2013-04-09 07:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2013-05-24 23:00 - 2013-04-09 07:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2013-05-24 23:00 - 2013-04-09 05:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-05-24 23:00 - 2013-04-09 05:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2013-05-24 23:00 - 2013-04-09 05:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-24 23:00 - 2013-04-09 05:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2013-05-24 23:00 - 2013-04-09 05:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe

2013-05-24 23:00 - 2013-04-09 05:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe

2013-05-24 23:00 - 2013-04-09 05:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl

2013-05-24 23:00 - 2013-04-09 05:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll

2013-05-24 23:00 - 2013-04-09 05:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll

2013-05-24 23:00 - 2013-04-05 07:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll

2013-05-24 23:00 - 2013-04-03 06:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml

2013-05-24 23:00 - 2013-03-31 02:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi

2013-05-24 23:00 - 2013-03-31 02:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe

2013-05-24 23:00 - 2013-03-29 06:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi

2013-05-24 23:00 - 2013-03-29 06:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe

2013-05-24 23:00 - 2013-03-16 06:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll

2013-05-24 23:00 - 2013-03-16 06:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll

2013-05-24 23:00 - 2012-12-13 12:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2013-05-24 23:00 - 2012-12-13 11:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-05-18 00:47 - 2013-04-10 07:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-18 00:47 - 2013-04-10 07:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-18 00:47 - 2013-04-10 07:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-18 00:47 - 2013-04-10 07:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll

2013-05-18 00:47 - 2013-04-10 07:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-18 00:47 - 2013-04-10 07:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-18 00:47 - 2013-04-10 07:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-18 00:47 - 2013-04-10 07:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-18 00:47 - 2013-04-10 07:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-18 00:47 - 2013-04-10 07:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-18 00:47 - 2013-04-10 06:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-18 00:47 - 2013-04-10 06:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-18 00:47 - 2013-04-10 06:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-18 00:47 - 2013-04-10 06:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-18 00:47 - 2013-04-10 06:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-18 00:47 - 2013-04-10 06:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-18 00:47 - 2013-04-10 06:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-18 00:47 - 2013-04-10 06:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-18 00:20 - 2013-03-06 15:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-18 00:20 - 2013-03-06 14:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-18 00:20 - 2013-03-06 14:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-18 00:20 - 2013-03-06 14:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-18 00:20 - 2013-03-06 13:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-18 00:20 - 2013-03-06 13:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-18 00:12 - 2013-03-22 11:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll

2013-05-18 00:12 - 2013-03-22 06:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll

2013-05-17 23:26 - 2013-04-11 14:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-05-17 21:52 - 2013-04-16 10:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-17 20:18 - 2013-03-15 08:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys

2013-05-16 21:57 - 2013-05-23 02:38 - 00000000 ____D C:\Users\New One\Downloads\Pop-up Card

2013-05-16 14:57 - 2013-05-16 14:57 - 00000000 __SHD C:\System Recovery

2013-05-16 14:03 - 2013-05-16 14:03 - 00000000 ___AH C:\Users\New One\Documents\Default.rdp

2013-05-08 20:48 - 2013-05-08 20:48 - 00000304 ____A C:\Users\New One\Downloads\CD Drive - Shortcut.lnk

2013-05-05 23:08 - 2013-05-05 23:32 - 00000000 ____D C:\Memory Card 2GB

2013-05-05 07:51 - 2013-05-05 09:12 - 00000000 ____D C:\Users\New One\Downloads\BigFish - MCF Return To Ravenhearst - Updated Precracked Installer [h33t][Wendy99]

==================== One Month Modified Files and Folders =======

2013-06-04 23:31 - 2013-06-04 23:31 - 00000000 ____D C:\FRST

2013-06-04 23:28 - 2013-04-28 16:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-04 23:27 - 2013-06-04 23:27 - 00000000 ___RD C:\Users\New One\Documents\Notes

2013-06-04 23:24 - 2013-06-04 23:07 - 00000000 ____D C:\Users\New One\Desktop\Malwarebytes.org

2013-06-04 23:09 - 2012-07-26 15:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-04 23:07 - 2013-03-26 12:05 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-04 23:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\sru

2013-06-04 18:28 - 2012-07-26 15:21 - 00033609 ____A C:\Windows\setupact.log

2013-06-04 17:06 - 2013-03-26 11:05 - 01166001 ____A C:\Windows\WindowsUpdate.log

2013-06-04 16:30 - 2013-01-02 21:49 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery

2013-06-04 16:25 - 2013-03-26 12:05 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-03 19:14 - 2011-09-15 13:51 - 00000000 ____D C:\Users\New One\Documents\guitar help

2013-06-03 19:06 - 2013-06-03 19:06 - 00281216 ____A C:\Windows\Minidump\060313-19359-01.dmp

2013-06-03 19:06 - 2013-06-02 15:59 - 00000000 ____D C:\Windows\Minidump

2013-06-03 19:06 - 2013-05-25 09:24 - 330893564 ____A C:\Windows\MEMORY.DMP

2013-06-03 19:06 - 2012-07-26 15:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-03 17:07 - 2013-04-06 10:23 - 00000000 ____D C:\Users\New One\Downloads\Compressed

2013-06-03 15:16 - 2013-06-03 15:16 - 00281280 ____A C:\Windows\Minidump\060313-21843-01.dmp

2013-06-03 15:13 - 2013-04-06 10:23 - 00000000 ____D C:\Users\New One\AppData\Roaming\DMCache

2013-06-03 14:39 - 2013-06-03 14:39 - 00281280 ____A C:\Windows\Minidump\060313-26703-01.dmp

2013-06-03 14:30 - 2013-06-03 14:30 - 00000000 ____D C:\Users\New One\AppData\Roaming\Malwarebytes

2013-06-03 14:30 - 2013-06-03 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-06-03 13:57 - 2013-06-03 14:18 - 51472752 ____A C:\Users\New One\Desktop\How to reset -- recover -- refresh Slow Windows 8.mp4

2013-06-03 13:20 - 2013-06-03 14:18 - 10601290 ____A C:\Users\New One\Desktop\Windows 8 Blue Screen Of Death - How To Uninstall A Windows8 Update.mp4

2013-06-03 13:06 - 2013-06-03 13:06 - 00281216 ____A C:\Windows\Minidump\060313-32859-01.dmp

2013-06-03 13:06 - 2013-04-02 00:11 - 00000000 ____D C:\Users\New One\AppData\Local\CrashDumps

2013-06-03 13:05 - 2013-06-03 14:18 - 02211527 ____A C:\Users\New One\Desktop\How to Easily Fix the Blue Screen of Death.mp4

2013-06-03 13:04 - 2013-01-02 23:17 - 00051182 ____A C:\Windows\PFRO.log

2013-06-03 12:59 - 2012-07-26 13:26 - 00524288 __ASH C:\Windows\System32\config\BBI

2013-06-03 11:30 - 2013-06-03 10:49 - 48444673 ____A C:\Users\New One\Desktop\Make Windows 8 Run Faster and Fix Errors Slow Blue Screen of Death BSOD How To Tutorial.mp4

2013-06-03 10:17 - 2013-04-06 18:32 - 00000000 ____D C:\Users\New One\Downloads\Sketchup

2013-06-03 10:16 - 2013-03-26 11:04 - 00000000 ____D C:\Users\New One\Documents\Bluetooth Folder

2013-06-03 10:09 - 2013-06-03 10:09 - 00279728 ____A C:\Windows\Minidump\060313-49203-01.dmp

2013-06-03 10:09 - 2013-06-03 10:08 - 00432256 ____A C:\Windows\System32\FNTCACHE.DAT

2013-06-02 22:24 - 2013-03-26 11:02 - 00000000 ____D C:\users\New One

2013-06-02 22:08 - 2013-04-06 18:28 - 00000000 ____D C:\Users\New One\Downloads\Games

2013-06-02 22:06 - 2013-04-06 00:08 - 00000000 ____D C:\Users\New One\Desktop\Games

2013-06-02 17:09 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\rescache

2013-06-02 16:55 - 2013-03-26 11:45 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-06-02 16:05 - 2012-07-26 13:26 - 00262144 __ASH C:\Windows\System32\config\ELAM

2013-06-02 16:00 - 2013-06-02 15:59 - 00279728 ____A C:\Windows\Minidump\060213-51781-01.dmp

2013-05-25 09:21 - 2012-07-26 16:12 - 00000000 ___RD C:\Windows\ToastData

2013-05-25 09:21 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\WinStore

2013-05-25 05:41 - 2013-04-01 22:14 - 00000000 ____D C:\Users\New One\AppData\Roaming\Yontoo

2013-05-24 23:07 - 2013-04-13 00:59 - 00000000 ____D C:\Users\New One\AppData\Roaming\ConverterLite

2013-05-24 19:57 - 2013-04-02 01:19 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-23 14:00 - 2013-04-03 02:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-23 11:31 - 2013-04-13 23:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-23 10:08 - 2013-04-28 16:25 - 00000000 ____D C:\Users\New One\AppData\Roaming\IDM

2013-05-23 02:38 - 2013-05-16 21:57 - 00000000 ____D C:\Users\New One\Downloads\Pop-up Card

2013-05-21 12:01 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-05-18 07:47 - 2013-03-26 12:58 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-17 05:14 - 2013-01-02 21:46 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-05-16 15:08 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\Recovery

2013-05-16 14:57 - 2013-05-16 14:57 - 00000000 __SHD C:\System Recovery

2013-05-16 14:03 - 2013-05-16 14:03 - 00000000 ___AH C:\Users\New One\Documents\Default.rdp

2013-05-13 14:26 - 2013-04-04 02:05 - 00000000 ____D C:\Program Files (x86)\GameTop.com

2013-05-11 18:19 - 2013-03-26 11:04 - 00000000 ____D C:\Users\New One\AppData\Roaming\Atheros

2013-05-11 18:14 - 2013-03-26 12:04 - 00000000 ____D C:\Users\New One\AppData\Roaming\uTorrent

2013-05-11 11:38 - 2013-04-06 00:20 - 00000000 ____D C:\Users\New One\AppData\Roaming\TypingMaster7

2013-05-10 14:15 - 2013-04-13 18:35 - 00000000 ____D C:\Users\New One\Documents\Archi' Files

2013-05-08 20:48 - 2013-05-08 20:48 - 00000304 ____A C:\Users\New One\Downloads\CD Drive - Shortcut.lnk

2013-05-08 04:07 - 2012-07-26 16:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-08 04:07 - 2012-07-26 16:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-05 23:32 - 2013-05-05 23:08 - 00000000 ____D C:\Memory Card 2GB

2013-05-05 09:12 - 2013-05-05 07:51 - 00000000 ____D C:\Users\New One\Downloads\BigFish - MCF Return To Ravenhearst - Updated Precracked Installer [h33t][Wendy99]

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-06-03 13:24

==================== End Of Log ============================

Link to post
Share on other sites

AND LASTLY THE "ADDITION"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-06-2013 02

Ran by Mariano at 2013-06-04 23:32:28 Run:

Running from C:\Users\New One\Desktop\Malwarebytes.org

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

µTorrent (Version: 3.2.3.28705)

7-Zip 9.20

Adobe AIR (Version: 3.7.0.1530)

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)

Adobe Reader XI (11.0.03) (Version: 11.0.03)

Amazon Browser App (Version: 1.0.0.0)

AMD Accelerated Video Transcoding (Version: 12.5.100.20910)

AMD APP SDK Runtime (Version: 10.0.1016.4)

AMD Catalyst Install Manager (Version: 8.0.891.0)

Angry Birds Space 1.3.0 (Version: 1.3.0)

Bing Bar (Version: 7.1.362.0)

BrowserProtect

Bundled software uninstaller

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center (Version: 2012.0910.2204.37810)

Catalyst Control Center InstallProxy (Version: 2012.0910.2204.37810)

Catalyst Control Center Localization All (Version: 2012.0910.2204.37810)

Catalyst Control Center Profiles Mobile (Version: 2012.0910.2204.37810)

CCC Help Chinese Standard (Version: 2012.0910.2203.37810)

CCC Help Chinese Traditional (Version: 2012.0910.2203.37810)

CCC Help Danish (Version: 2012.0910.2203.37810)

CCC Help Dutch (Version: 2012.0910.2203.37810)

CCC Help English (Version: 2012.0910.2203.37810)

CCC Help Finnish (Version: 2012.0910.2203.37810)

CCC Help French (Version: 2012.0910.2203.37810)

CCC Help German (Version: 2012.0910.2203.37810)

CCC Help Italian (Version: 2012.0910.2203.37810)

CCC Help Japanese (Version: 2012.0910.2203.37810)

CCC Help Korean (Version: 2012.0910.2203.37810)

CCC Help Norwegian (Version: 2012.0910.2203.37810)

CCC Help Portuguese (Version: 2012.0910.2203.37810)

CCC Help Russian (Version: 2012.0910.2203.37810)

CCC Help Spanish (Version: 2012.0910.2203.37810)

CCC Help Swedish (Version: 2012.0910.2203.37810)

ccc-utility64 (Version: 2012.0910.2204.37810)

Complitly

ConverterLite 1.6.3 (Version: 1.6.3)

CrazyBirds (Version: 1.0)

CyberLink LabelPrint 2.5 (Version: 2.5.5415a)

CyberLink Media Suite 10 (Version: 10.0.1.1913)

CyberLink Media Suite Essentials (Version: 10.0)

CyberLink Power2Go 8 (Version: 8.0.0.1904)

CyberLink PowerDirector 10 (Version: 10.0.1.1904)

CyberLink PowerDVD 10 (Version: 10.0.4318.52)

D3DX10 (Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dell Backup and Recovery - Support Software (Version: 1.0.0.5)

Dell Backup and Recovery (Version: 1.0.0.5)

Dell Digital Delivery (Version: 2.5.1400.0)

Dell Support Center (Version: 3.2.6032.125)

Dell Touchpad (Version: 16.2.12.17)

Dell WLAN and Bluetooth Client Installation (Version: 10.0)

DSC/AA Factory Installer (Version: 3.2.6032.39)

ExpressFiles (Version: 1.7.0)

Ferrari Virtual Race (remove only)

Globe Broadband (Version: 11.300.05.20.158)

Google Chrome (Version: 26.0.1410.64)

Google SketchUp 8 (Version: 3.0.11752)

Google Update Helper (Version: 1.3.21.145)

Intel® Control Center (Version: 1.2.1.1008)

Intel® Management Engine Components (Version: 8.1.0.1252)

Intel® Processor Graphics (Version: 9.17.10.2849)

Intel® Rapid Storage Technology (Version: 11.5.0.1207)

Intel® Turbo Boost Technology Monitor 2.6 (Version: 2.6.2.0)

Intel® Trusted Connect Service Client (Version: 1.24.388.1)

Internet Download Manager

IRender_nXt (Version: 5.00.0000)

Java 7 Update 17 (Version: 7.0.170)

Java Auto Updater (Version: 2.1.9.0)

LightUp v2.7b DEMO (Version: 2.7.2)

Maxwell for SketchUp 8 (Standalone) (Version: 2.7.22)

McAfee AntiVirus (Version: 11.6.511)

Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)

Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)

Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)

Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)

Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)

Movie Maker (Version: 16.4.3503.0728)

Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)

Mozilla Maintenance Service (Version: 21.0)

MSVC90_x64 (Version: 1.0.1.2)

MSVC90_x86 (Version: 1.0.1.2)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT110 (Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1108.0727)

Mystery Case Files - Huntsville 1.00

Mystery Case Files - Madame Fate 1.00

Mystery Case Files - Prime Suspects 1.00

Mystery Case Files - Ravenhearst 1.00

Nitro Pro 8 (Version: 8.0.10.7)

Nokia Connectivity Cable Driver (Version: 7.1.78.0)

Nokia PC Suite (Version: 7.1.180.94)

Opera 12.15 (Version: 12.15.1748)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)

Pandora Service

PC Connectivity Solution (Version: 12.0.27.0)

Photo Common (Version: 16.4.3503.0728)

Photo Gallery (Version: 16.4.3503.0728)

PowerXpressHybrid (Version: 1.00.0000)

PunkBuster Services (Version: 0.986)

PX Profile Update (Version: 1.00.1.)

Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206)

Quickset64 (Version: 10.15.012)

Raylectron version 2.66 / 64bit (Version: 2.66 / 64bit)

Realtek High Definition Audio Driver (Version: 6.0.1.6741)

Realtek USB 2.0 Card Reader (Version: 6.1.8400.39030)

RpTreeMaker (Version: 2.00.0000)

Shared C Run-time for x64 (Version: 10.0.0)

SketchUp Viewer (Version: 8.0.15158)

Skype Click to Call (Version: 6.9.12585)

Skype™ 6.3 (Version: 6.3.105)

Star Drone (Version: 1.0)

Star Sword (Version: 1.0)

Start Menu 8 (Version: 1.0.0.0)

The KMPlayer (remove only) (Version: 3.5.0.77)

True Image 2013 (Version: 16.0.5587)

TuneUp Utilities 2013 (Version: 13.0.2013.194)

TuneUp Utilities Language Pack (en-US) (Version: 13.0.2013.194)

TypingMaster Pro (Version: 7.00)

UltraISO Premium V9.53

Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition

Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760343) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768333) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768349) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768355) 64-Bit Edition

Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition

Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition

Update for Microsoft Word 2013 (KB2768337) 64-Bit Edition

uTorrentControl_v6 Toolbar (Version: 6.11.2.6)

Windows Driver Package - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)

Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)

Windows Live Communications Platform (Version: 16.4.3503.0728)

Windows Live Essentials (Version: 16.4.3503.0728)

Windows Live Installer (Version: 16.4.3503.0728)

Windows Live Photo Common (Version: 16.4.3503.0728)

Windows Live PIMT Platform (Version: 16.4.3503.0728)

Windows Live SOXE (Version: 16.4.3503.0728)

Windows Live SOXE Definitions (Version: 16.4.3503.0728)

Windows Live UX Platform (Version: 16.4.3503.0728)

Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

Yontoo 2.051 (Version: 2.051)

==================== Restore Points =========================

21-05-2013 04:43:37 Windows Update

24-05-2013 15:44:21 Windows Update

02-06-2013 08:26:37 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/04/2013 06:34:46 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (06/04/2013 05:22:04 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 05:22:00 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 05:22:00 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 05:21:07 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 05:20:59 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 05:20:59 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 05:08:29 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 05:08:29 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 04:57:50 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

System errors:

=============

Error: (06/04/2013 04:26:02 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/03/2013 07:06:20 PM) (Source: Service Control Manager) (User: )

Description: The IPsec Policy Agent service depends on the following service: BFE. This service might not be installed.

Error: (06/03/2013 07:06:15 PM) (Source: Service Control Manager) (User: )

Description: The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.

Error: (06/03/2013 07:06:13 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service terminated with the following error:

%%1060

Error: (06/03/2013 07:06:08 PM) (Source: BugCheck) (User: )

Description: 0xc000021a (0xfffff8a001877580, 0x0000000000000000, 0xffffffffc0000428, 0x0000000656c708e0)C:\windows\MEMORY.DMP060313-19359-01

Error: (06/03/2013 03:16:54 PM) (Source: Service Control Manager) (User: )

Description: The IPsec Policy Agent service depends on the following service: BFE. This service might not be installed.

Error: (06/03/2013 03:16:49 PM) (Source: Service Control Manager) (User: )

Description: The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.

Error: (06/03/2013 03:16:49 PM) (Source: BugCheck) (User: )

Description: 0xc000021a (0xfffff8a00b3c7710, 0x0000000000000000, 0xffffffffc0000428, 0x0000008f979608e0)C:\windows\MEMORY.DMP060313-21843-01

Error: (06/03/2013 03:16:45 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service terminated with the following error:

%%1060

Error: (06/03/2013 03:13:49 PM) (Source: DCOM) (User: MARIANO)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Microsoft Office Sessions:

=========================

Error: (06/04/2013 06:34:46 PM) (Source: SideBySide)(User: )

Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\New One\Downloads\Sketchup\SoftonicDownloader_for_google-sketchup.exe

Error: (06/04/2013 05:22:04 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (06/04/2013 05:22:00 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Render Plus Systems\RpTreeMaker\IrenderBatch_debug.exe

Error: (06/04/2013 05:22:00 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Render Plus Systems\RpTreeMaker\IRenderTest_debug.exe

Error: (06/04/2013 05:21:07 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (06/04/2013 05:20:59 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Render Plus Systems\RpTreeMaker\IrenderBatch_debug.exe

Error: (06/04/2013 05:20:59 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Render Plus Systems\RpTreeMaker\IRenderTest_debug.exe

Error: (06/04/2013 05:08:29 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Render Plus Systems\RpTreeMaker\IrenderBatch_debug.exe

Error: (06/04/2013 05:08:29 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files (x86)\Render Plus Systems\RpTreeMaker\IRenderTest_debug.exe

Error: (06/04/2013 04:57:50 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

==================== Memory info ===========================

Percentage of memory in use: 47%

Total physical RAM: 3965.27 MB

Available physical RAM: 2079.46 MB

Total Pagefile: 7933.27 MB

Available Pagefile: 5255.5 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.55 GB) (Free:802.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A4D692EA)

Partition: GPT Partition Type

==================== End Of Log ============================

THANKS SIR.

Link to post
Share on other sites

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Sir Marius

I already RUN "Farbar Service Scanner"

I also MARK the "Windows Defender" and "Other Services" is that alright?

If not just tell me and I'll re-scan it immediately

Here's the log sir

Farbar Service Scanner Version: 31-05-2013 01

Ran by Mariano (administrator) on 05-06-2013 at 08:56:35

Running from "C:\Users\New One\Desktop\Malwarebytes.org"

Windows 8 Single Language (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.

Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.

Unable to retrieve ServiceDll of wscsvc. The value does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Demand. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-04-28 17:38] - [2013-03-02 17:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll

[2013-05-24 23:00] - [2013-04-09 12:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2013-04-28 17:38] - [2013-03-02 10:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll

[2013-03-26 13:42] - [2013-01-29 07:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe

[2013-03-26 13:42] - [2013-01-29 09:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

C:\$RECYCLE.BIN\S-1-5-21-1019786785-2225076087-2819265934-1001\$RWFI2ZZ\Steam_api.dll_worms_reloaded_downloader_ph_99259.exe a variant of Win32/YourFileDownloader.B application

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\ExpressFiles\EFUpdater.exe a variant of Win32/YourFileDownloader.B application

C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe a variant of Win32/ExpressFiles.A application

C:\Program Files (x86)\ExpressFiles\uninstall.exe a variant of Win32/ExpressFiles.B application

C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application

C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application

C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll a variant of Win32/bProtector.A application

C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe a variant of Win32/bProtector.A application

C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application

C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application

C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll a variant of Win32/bProtector.A application

C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe a variant of Win32/bProtector.A application

C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application

C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application

C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll a variant of Win32/bProtector.A application

C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe a variant of Win32/bProtector.A application

C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application

C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application

C:\Users\All Users\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll a variant of Win32/bProtector.A application

C:\Users\All Users\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe a variant of Win32/bProtector.A application

C:\Users\All Users\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application

C:\Users\All Users\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application

C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

C:\Users\New One\AppData\Local\Bundled software uninstaller\biclient.exe a variant of Win32/Somoto.A application

C:\Users\New One\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A application

C:\Users\New One\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Win32/DealPly.B application

C:\Users\New One\Downloads\Babylon10_setup.exe a variant of Win32/Toolbar.Babylon.E application

C:\Users\New One\Downloads\megaman_x7_pc_exe.exe a variant of Win32/Adware.MediaFinder.G application

C:\Users\New One\Downloads\Applications\converterlite_d3867139.exe probably a variant of Win32/InstallIQ application

C:\Users\New One\Downloads\Games\ferrarivirtualracezip_downloader_by_OneOnlineGames.exe a variant of Win32/Somoto.A application

C:\Users\New One\Downloads\Programs\7ZipSetup-aiyLeKc.exe a variant of Win32/Somoto.A application

C:\Users\New One\Downloads\Sketchup\free_download_for_vray_for_sketchup_8_downloader_ph_133.exe a variant of Win32/ExpressFiles.B application

C:\Users\New One\Downloads\Sketchup\google sketchup setup.exe a variant of Win32/Soft32Downloader.D application

C:\Users\New One\Downloads\Sketchup\SoftonicDownloader_for_google-sketchup.exe a variant of Win32/SoftonicDownloader.E application

Operating memory a variant of Win32/bProtector.A application

Link to post
Share on other sites

Uninstall the following programs:

BrowserProtect

uTorrentControl_v6 Toolbar

Yontoo 2.051

ExpressFiles

Bundled software uninstaller

Scan with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.