Am I Infected?

[Psychotic]

yes, go on with the early instuctions

[Roth2755]

Frst just frose at getting restore points, is that like a normal thing? The mbar folder was open and i closed it then frst frose. should i restart it?

[Roth2755]

Its fine now, i just panicked a little

[Psychotic]

ok

[Roth2755]

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 01

Ran by Family (administrator) on 25-06-2013 13:04:13

Running from C:\Users\Family\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(AMD) C:\Windows\system32\atieclxx.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

(Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

() C:\Windows\system32\PnkBstrA.exe

() C:\Program Files\i-Funbox DevTeam\ifb_conn.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: []  [x]

HKLM\...\Run: [hpqSRMon]  [x]

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" [x]

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\realplayer\update\realsched.exe"  -osboot [296056 2012-06-01] (RealNetworks, Inc.)

HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)

HKCU\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED [969104 2012-12-12] (BitTorrent, Inc.)

HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [iFunBoxConnector] "C:\Program Files\i-Funbox DevTeam\ifb_conn.exe" [812544 2012-11-20] ()

HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-02-21] (Google Inc.)

HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

HKCU\...\Policies\system: [DisableTaskMgr] 0

HKCU\...\Policies\system: [DisableRegistryTools] 0

MountPoints2: K - K:\LaunchU3.exe -a

MountPoints2: {01bf6cd7-9b34-11de-80ba-001bfc24444c} - L:\LaunchU3.exe -a

MountPoints2: {501a291a-5080-11de-ac37-001bfc24444c} - K:\LaunchU3.exe -a

HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2009-08-05] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2009-08-05] (Hewlett-Packard)

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk

ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=16bde0c2&toolbarid=blekkotb_soc&u=6E3139E8D6F3CAC89EA3604FD676E9C5&tbp=homepage&v=2_0

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File

SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100524172544468&tb_oid=22-11-2008&tb_mrud=24-05-2010

SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=TB50TRie7

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786898

SearchScopes: HKLM - {DF91D5C9-14FB-4CA1-A76B-836D2BDB5D66} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {EF98C22A-264A-42DE-8F2A-0C9FBCEF70BF} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

SearchScopes: HKLM - {F4CA8A8F-DD18-4A9C-8BB2-324EBA400394} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100524172544468&tb_oid=22-11-2008&tb_mrud=24-05-2010

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekkosearch.mystart.com/blekkotb_soc/?source=16bde0c2&tbp=rbox&toolbarid=blekkotb_soc&u=6E3139E8D6F3CAC89EA3604FD676E9C5&q={searchTerms}

SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = 

SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786898

SearchScopes: HKCU - {DF91D5C9-14FB-4CA1-A76B-836D2BDB5D66} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKCU - {EF98C22A-264A-42DE-8F2A-0C9FBCEF70BF} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

SearchScopes: HKCU - {F4CA8A8F-DD18-4A9C-8BB2-324EBA400394} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -profilesong Toolbar - {981E53BA-6DF4-4D99-8C33-6C398F5C139E} - C:\Program Files\profilesong\tbpro0.dll (Conduit Ltd.)

Toolbar: HKCU -Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU -No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File

Toolbar: HKCU -Norton Safe Web Lite - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} C:\Users\Family\AppData\Local\Temp\f5tmp\cachecleaner.cab

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Family\AppData\Local\Temp\f5tmp\InstallerControl.cab

DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\Family\AppData\Local\Temp\f5tmp\f5InspectionHost.cab

DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://hyvee.lifepics.com/net/Uploader/LPUploader57.cab

DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msdaipp - No CLSID Value - 

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\t5funmpu.default

FF user.js: detected! => C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\t5funmpu.default\user.js

FF SearchEngine: Blekko

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\t5funmpu.default\Extensions\plugin@videofiledownload.com

FF Extension: uTorrentControl2 Community Toolbar - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\t5funmpu.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()

CHR Plugin: (Norton Identity Safe) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (Unity Player) - C:\Users\Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

CHR Plugin: (Facebook Plugin) - C:\Users\Family\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

CHR Plugin: (Move Streaming Media Player) - C:\Users\Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Adblock Plus) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0

CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

 

========================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)

S4 Dyyno Launcher; C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-08-31] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll [176504 2010-05-27] (Symantec Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-10-27] ()

S4 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)

S2 DefWatch; 

S2 Norton AntiVirus Server; 

 

==================== Drivers (Whitelisted) ====================

 

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [97296 2010-11-17] (Advanced Micro Devices)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-10-07] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-21] (Symantec Corporation)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)

R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [391168 2009-03-19] (Hauppauge Computer Works, Inc)

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130622.001\IDSvix86.sys [386720 2013-06-19] (Symantec Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130625.002\NAVENG.SYS [93272 2013-06-21] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130625.002\NAVEX15.SYS [1611992 2013-06-21] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)

S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2010-02-08] (Texas Instruments Incorporated)

R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2007-04-16] (Jungo)

S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-19] (Microsoft Corporation)

S3 amdiox86; system32\DRIVERS\amdiox86.sys [x]

S4 blbdrive; No ImagePath

S3 IpInIp; No ImagePath

S3 NAVAP; No ImagePath

S2 NAVAPEL; No ImagePath

S3 NwlnkFlt; No ImagePath

S3 NwlnkFwd; No ImagePath

S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]

S3 XDva396; \??\C:\Windows\system32\XDva396.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-06-25 13:03 - 2013-06-25 13:03 - 00000000 ____D C:\FRST

2013-06-25 12:54 - 2013-06-25 13:01 - 00000000 ____D C:\Users\Family\Desktop\mbar

2013-06-25 12:54 - 2013-06-25 12:53 - 13399154 ____A C:\Users\Family\Desktop\mbar-1.06.0.1004.zip

2013-06-25 12:53 - 2013-06-25 12:53 - 13399154 ____A C:\Users\Family\Downloads\mbar-1.06.0.1004.zip

2013-06-25 12:42 - 2013-06-25 12:42 - 01370263 ____A (Farbar) C:\Users\Family\Downloads\FRST.exe

2013-06-25 12:42 - 2013-06-25 12:42 - 01370263 ____A (Farbar) C:\Users\Family\Desktop\FRST.exe

2013-06-24 13:19 - 2013-06-24 13:19 - 00144808 ____A C:\Windows\Minidump\Mini062413-02.dmp

2013-06-24 06:33 - 2013-06-24 06:33 - 00144808 ____A C:\Windows\Minidump\Mini062413-01.dmp

2013-06-23 21:38 - 2013-06-23 21:38 - 00000940 ____A C:\Users\Family\.recently-used.xbel

2013-06-23 19:25 - 2013-06-23 19:25 - 01036848 ____A (Solid State Networks) C:\Users\Family\Downloads\install_reader10_en_mssa_awc_aih.exe

2013-06-23 19:07 - 2013-06-23 19:07 - 00144808 ____A C:\Windows\Minidump\Mini062313-02.dmp

2013-06-23 18:22 - 2013-06-24 13:19 - 00001766 ____A C:\Windows\PFRO.log

2013-06-23 14:17 - 2013-06-23 15:55 - 00001873 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-06-23 14:17 - 2013-06-23 15:55 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-06-23 14:17 - 2013-06-23 14:17 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-06-23 09:02 - 2013-06-24 13:19 - 296699236 ____A C:\Windows\MEMORY.DMP

2013-06-23 09:02 - 2013-06-23 09:02 - 00144808 ____A C:\Windows\Minidump\Mini062313-01.dmp

2013-06-23 01:08 - 2013-06-23 01:08 - 04378864 ____A (Piriform Ltd) C:\Users\Family\Downloads\ccsetup402.exe

2013-06-22 15:01 - 2013-06-22 15:01 - 00347424 ____A (Microsoft Corporation) C:\Users\Family\Downloads\MicrosoftFixit.Aero.RNP.132295362091497206.1.1.Run.exe

2013-06-20 19:04 - 2013-06-25 13:00 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Family.job

2013-06-20 19:04 - 2013-06-25 02:41 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Family.job

2013-06-20 19:04 - 2013-06-24 17:07 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Family.job

2013-06-20 15:55 - 2013-06-20 15:55 - 00364763 ____A (http://magiclauncher.com) C:\Users\Family\Downloads\magiclauncher_1.1.4.exe

2013-06-20 14:07 - 2013-06-20 14:07 - 00101470 ____A C:\Users\Family\Downloads\43F8.tmp

2013-06-20 14:07 - 2013-06-20 14:07 - 00101470 ____A C:\Users\Family\Downloads\410.tmp

2013-06-20 14:06 - 2013-06-20 14:06 - 00053244 ____A C:\Users\Family\Downloads\3722.tmp

2013-06-20 14:05 - 2013-06-20 14:05 - 00007901 ____A C:\Users\Family\Downloads\47F9.tmp

2013-06-20 14:03 - 2013-06-20 14:03 - 00041139 ____A C:\Users\Family\Downloads\9831.tmp

2013-06-18 13:08 - 2008-07-08 08:45 - 00004984 ____A C:\Windows\System32\Drivers\nvphy.bin

2013-06-17 23:21 - 2013-06-17 23:21 - 00342510 ____A C:\Users\Family\Downloads\OptiFine_1.4.6_HD_D5.zip

2013-06-17 23:19 - 2013-06-17 23:21 - 25028177 ____A C:\Users\Family\Downloads\Feed The Beast 32x Sphax Addon 111.zip

2013-06-17 23:19 - 2013-06-17 23:19 - 04346689 ____A C:\Users\Family\Downloads\Sphax PureBDCraft  32x MC14.zip

2013-06-17 23:13 - 2013-06-17 23:25 - 00000000 ____D C:\Users\Family\AppData\Roaming\ftblauncher

2013-06-17 22:23 - 2013-06-17 22:23 - 08002755 ____A C:\Users\Family\Downloads\Glitch2_Demo_Windows.zip

2013-06-15 14:58 - 2013-06-15 14:58 - 00002778 ____A C:\Users\Family\Downloads\Varien Gritty.nmsv

2013-06-13 03:22 - 2013-05-16 18:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-13 03:22 - 2013-05-16 17:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-13 03:22 - 2013-05-16 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-13 03:22 - 2013-05-16 17:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-13 03:22 - 2013-05-16 17:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-13 03:22 - 2013-05-16 17:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-13 03:22 - 2013-05-16 17:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-13 03:22 - 2013-05-16 17:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-13 03:22 - 2013-05-16 17:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-13 03:22 - 2013-05-16 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-13 03:22 - 2013-05-16 17:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-13 03:22 - 2013-05-16 17:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-13 03:22 - 2013-05-16 17:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-13 03:22 - 2013-05-16 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-13 03:22 - 2013-05-16 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-13 03:22 - 2013-05-16 17:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 05:52 - 2013-05-07 23:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-12 05:52 - 2013-05-01 23:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 05:52 - 2013-05-01 23:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll

2013-06-12 05:52 - 2013-04-23 23:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 05:52 - 2013-04-23 23:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 05:52 - 2013-04-23 23:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 05:52 - 2013-04-23 23:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 05:52 - 2013-04-23 20:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 05:51 - 2013-05-02 17:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-06-12 05:51 - 2013-05-02 17:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-06-12 05:51 - 2013-04-17 07:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-10 09:07 - 2013-06-10 09:07 - 00000185 ____A C:\Users\Family\Downloads\image001.wmz

2013-06-09 10:46 - 2013-06-09 10:46 - 00000000 ____D C:\Users\Family\AppData\Local\Proxure

2013-06-09 10:45 - 2013-06-09 10:45 - 00000000 ____D C:\ProgramData\ClubSanDisk

2013-06-06 21:36 - 2013-06-06 21:36 - 00000000 ____D C:\Program Files\SplitMediaLabs

2013-06-05 15:02 - 2013-06-05 15:08 - 106805594 ____A C:\Users\Family\Downloads\On_The_House-(DatPiff.com) (1).zip

2013-06-01 13:27 - 2013-06-01 13:28 - 82191742 ____A C:\Users\Family\Downloads\The_Otherside_Redux-(DatPiff.com) (2).zip

2013-06-01 13:26 - 2013-06-01 13:26 - 96575313 ____A C:\Users\Family\Downloads\Blue_Chips-(DatPiff.com) (1).zip

2013-06-01 13:24 - 2013-06-01 13:25 - 53861821 ____A C:\Users\Family\Downloads\Setbacks-(DatPiff.com) (3).zip

2013-06-01 13:23 - 2013-06-01 13:23 - 59537104 ____A C:\Users\Family\Downloads\Rare_Chandeliers-(DatPiff.com).zip

2013-06-01 13:22 - 2013-06-01 13:24 - 96575313 ____A C:\Users\Family\Downloads\Blue_Chips-(DatPiff.com).zip

2013-06-01 12:34 - 2013-06-01 12:37 - 146036740 ____A C:\Users\Family\Downloads\Blue_Dream_Lean-(DatPiff.com) (2).zip

2013-06-01 12:34 - 2013-06-01 12:37 - 119662241 ____A C:\Users\Family\Downloads\Rubba_Band_Business_2-(DatPiff.com).zip

2013-06-01 12:34 - 2013-06-01 12:36 - 63317196 ____A C:\Users\Family\Downloads\Blue_Dream_Lean_Bonus_Tracks-(DatPiff.com) (1).zip

2013-06-01 01:11 - 2013-06-19 19:34 - 00000022 ____A C:\Users\Family\Downloads\true_Skull_pens_go.zip

2013-05-29 21:28 - 2013-05-29 21:28 - 00057913 ____A C:\Users\Family\Downloads\[1.5.2]bspkrsCorev2.06.zip

2013-05-29 21:28 - 2013-05-29 21:28 - 00005656 ____A C:\Users\Family\Downloads\[1.5.2]StatusEffectHUDv1.10.zip

2013-05-29 21:27 - 2013-05-29 21:27 - 00199825 ____A C:\Users\Family\Downloads\ModLoader (5).zip

2013-05-29 21:27 - 2013-05-29 21:27 - 00006872 ____A C:\Users\Family\Downloads\[1.5.2]ArmorStatusHUDv1.7.zip

2013-05-27 16:27 - 2013-05-27 16:31 - 133846784 ____A C:\Users\Family\Downloads\ASAP-Mob_Lords-Never-Worry.zip

 

==================== One Month Modified Files and Folders ========

 

2013-06-25 13:03 - 2013-06-25 13:03 - 00000000 ____D C:\FRST

2013-06-25 13:01 - 2013-06-25 12:54 - 00000000 ____D C:\Users\Family\Desktop\mbar

2013-06-25 13:01 - 2012-05-01 16:03 - 00000000 ____D C:\Users\Family\AppData\Roaming\uTorrent

2013-06-25 13:00 - 2013-06-20 19:04 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Family.job

2013-06-25 13:00 - 2010-01-30 12:45 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-25 13:00 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-25 13:00 - 2006-11-02 07:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-25 13:00 - 2006-11-02 07:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-25 12:58 - 2012-10-15 15:51 - 01685205 ____A C:\Windows\WindowsUpdate.log

2013-06-25 12:58 - 2006-11-02 08:01 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-06-25 12:53 - 2013-06-25 12:54 - 13399154 ____A C:\Users\Family\Desktop\mbar-1.06.0.1004.zip

2013-06-25 12:53 - 2013-06-25 12:53 - 13399154 ____A C:\Users\Family\Downloads\mbar-1.06.0.1004.zip

2013-06-25 12:42 - 2013-06-25 12:42 - 01370263 ____A (Farbar) C:\Users\Family\Downloads\FRST.exe

2013-06-25 12:42 - 2013-06-25 12:42 - 01370263 ____A (Farbar) C:\Users\Family\Desktop\FRST.exe

2013-06-25 12:16 - 2010-01-30 12:45 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-25 12:07 - 2013-03-14 06:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-25 02:41 - 2013-06-20 19:04 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Family.job

2013-06-24 22:55 - 2013-05-03 22:10 - 00000000 ____D C:\Users\Family\AppData\Roaming\.minecraft

2013-06-24 17:07 - 2013-06-20 19:04 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Family.job

2013-06-24 13:19 - 2013-06-24 13:19 - 00144808 ____A C:\Windows\Minidump\Mini062413-02.dmp

2013-06-24 13:19 - 2013-06-23 18:22 - 00001766 ____A C:\Windows\PFRO.log

2013-06-24 13:19 - 2013-06-23 09:02 - 296699236 ____A C:\Windows\MEMORY.DMP

2013-06-24 13:19 - 2007-06-01 01:06 - 00000000 ____D C:\Windows\Minidump

2013-06-24 06:33 - 2013-06-24 06:33 - 00144808 ____A C:\Windows\Minidump\Mini062413-01.dmp

2013-06-23 21:50 - 2008-02-24 13:37 - 00002555 ____A C:\Users\Family\Desktop\Microsoft Word.lnk

2013-06-23 21:38 - 2013-06-23 21:38 - 00000940 ____A C:\Users\Family\.recently-used.xbel

2013-06-23 21:38 - 2012-01-16 01:12 - 00000000 ____D C:\Users\Family\.gimp-2.6

2013-06-23 21:38 - 2007-06-21 17:16 - 00000000 ____D C:\users\Family

2013-06-23 21:33 - 2008-09-29 19:18 - 00000000 ____D C:\Users\Family\Documents\Jacob

2013-06-23 19:25 - 2013-06-23 19:25 - 01036848 ____A (Solid State Networks) C:\Users\Family\Downloads\install_reader10_en_mssa_awc_aih.exe

2013-06-23 19:07 - 2013-06-23 19:07 - 00144808 ____A C:\Windows\Minidump\Mini062313-02.dmp

2013-06-23 15:55 - 2013-06-23 14:17 - 00001873 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-06-23 15:55 - 2013-06-23 14:17 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-06-23 14:17 - 2013-06-23 14:17 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-06-23 14:17 - 2007-06-28 20:25 - 00000000 ____D C:\Users\Family\AppData\Local\Adobe

2013-06-23 09:02 - 2013-06-23 09:02 - 00144808 ____A C:\Windows\Minidump\Mini062313-01.dmp

2013-06-23 01:15 - 2010-11-16 19:50 - 00000000 ____D C:\Users\Family\AppData\Local\CrashDumps

2013-06-23 01:09 - 2012-10-15 15:34 - 00000766 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-06-23 01:09 - 2012-10-15 15:34 - 00000000 ____D C:\Program Files\CCleaner

2013-06-23 01:08 - 2013-06-23 01:08 - 04378864 ____A (Piriform Ltd) C:\Users\Family\Downloads\ccsetup402.exe

2013-06-23 00:47 - 2012-11-30 15:58 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-23 00:47 - 2012-10-15 15:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-06-23 00:03 - 2011-08-03 12:42 - 00000000 ____D C:\Users\Family\Desktop\Jacob and Sam

2013-06-22 15:01 - 2013-06-22 15:01 - 00347424 ____A (Microsoft Corporation) C:\Users\Family\Downloads\MicrosoftFixit.Aero.RNP.132295362091497206.1.1.Run.exe

2013-06-20 15:55 - 2013-06-20 15:55 - 00364763 ____A (http://magiclauncher.com) C:\Users\Family\Downloads\magiclauncher_1.1.4.exe

2013-06-20 14:07 - 2013-06-20 14:07 - 00101470 ____A C:\Users\Family\Downloads\43F8.tmp

2013-06-20 14:07 - 2013-06-20 14:07 - 00101470 ____A C:\Users\Family\Downloads\410.tmp

2013-06-20 14:06 - 2013-06-20 14:06 - 00053244 ____A C:\Users\Family\Downloads\3722.tmp

2013-06-20 14:05 - 2013-06-20 14:05 - 00007901 ____A C:\Users\Family\Downloads\47F9.tmp

2013-06-20 14:03 - 2013-06-20 14:03 - 00041139 ____A C:\Users\Family\Downloads\9831.tmp

2013-06-20 01:14 - 2007-01-02 20:34 - 00000000 ____D C:\Program Files\ATI Technologies

2013-06-20 01:04 - 2007-01-02 20:31 - 00000000 ____D C:\AMD

2013-06-19 19:34 - 2013-06-01 01:11 - 00000022 ____A C:\Users\Family\Downloads\true_Skull_pens_go.zip

2013-06-19 17:21 - 2011-01-14 16:53 - 00001933 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-19 15:52 - 2012-10-16 17:34 - 00000000 ____D C:\Windows\System32\Drivers\N360

2013-06-19 15:38 - 2012-10-16 17:35 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS

2013-06-19 15:38 - 2012-10-16 17:35 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT

2013-06-18 13:56 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-06-18 13:07 - 2006-11-02 05:33 - 00772198 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-17 23:25 - 2013-06-17 23:13 - 00000000 ____D C:\Users\Family\AppData\Roaming\ftblauncher

2013-06-17 23:21 - 2013-06-17 23:21 - 00342510 ____A C:\Users\Family\Downloads\OptiFine_1.4.6_HD_D5.zip

2013-06-17 23:21 - 2013-06-17 23:19 - 25028177 ____A C:\Users\Family\Downloads\Feed The Beast 32x Sphax Addon 111.zip

2013-06-17 23:19 - 2013-06-17 23:19 - 04346689 ____A C:\Users\Family\Downloads\Sphax PureBDCraft  32x MC14.zip

2013-06-17 22:23 - 2013-06-17 22:23 - 08002755 ____A C:\Users\Family\Downloads\Glitch2_Demo_Windows.zip

2013-06-15 14:58 - 2013-06-15 14:58 - 00002778 ____A C:\Users\Family\Downloads\Varien Gritty.nmsv

2013-06-13 04:00 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache

2013-06-13 03:02 - 2006-11-02 05:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2013-06-12 11:07 - 2012-06-11 13:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-12 11:07 - 2011-08-01 17:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-10 09:07 - 2013-06-10 09:07 - 00000185 ____A C:\Users\Family\Downloads\image001.wmz

2013-06-09 10:46 - 2013-06-09 10:46 - 00000000 ____D C:\Users\Family\AppData\Local\Proxure

2013-06-09 10:45 - 2013-06-09 10:45 - 00000000 ____D C:\ProgramData\ClubSanDisk

2013-06-06 21:36 - 2013-06-06 21:36 - 00000000 ____D C:\Program Files\SplitMediaLabs

2013-06-05 15:08 - 2013-06-05 15:02 - 106805594 ____A C:\Users\Family\Downloads\On_The_House-(DatPiff.com) (1).zip

2013-06-01 21:29 - 2007-07-04 14:20 - 00000000 ____D C:\Users\Family\AppData\Roaming\Real

2013-06-01 13:28 - 2013-06-01 13:27 - 82191742 ____A C:\Users\Family\Downloads\The_Otherside_Redux-(DatPiff.com) (2).zip

2013-06-01 13:26 - 2013-06-01 13:26 - 96575313 ____A C:\Users\Family\Downloads\Blue_Chips-(DatPiff.com) (1).zip

2013-06-01 13:25 - 2013-06-01 13:24 - 53861821 ____A C:\Users\Family\Downloads\Setbacks-(DatPiff.com) (3).zip

2013-06-01 13:24 - 2013-06-01 13:22 - 96575313 ____A C:\Users\Family\Downloads\Blue_Chips-(DatPiff.com).zip

2013-06-01 13:23 - 2013-06-01 13:23 - 59537104 ____A C:\Users\Family\Downloads\Rare_Chandeliers-(DatPiff.com).zip

2013-06-01 12:37 - 2013-06-01 12:34 - 146036740 ____A C:\Users\Family\Downloads\Blue_Dream_Lean-(DatPiff.com) (2).zip

2013-06-01 12:37 - 2013-06-01 12:34 - 119662241 ____A C:\Users\Family\Downloads\Rubba_Band_Business_2-(DatPiff.com).zip

2013-06-01 12:36 - 2013-06-01 12:34 - 63317196 ____A C:\Users\Family\Downloads\Blue_Dream_Lean_Bonus_Tracks-(DatPiff.com) (1).zip

2013-05-29 21:28 - 2013-05-29 21:28 - 00057913 ____A C:\Users\Family\Downloads\[1.5.2]bspkrsCorev2.06.zip

2013-05-29 21:28 - 2013-05-29 21:28 - 00005656 ____A C:\Users\Family\Downloads\[1.5.2]StatusEffectHUDv1.10.zip

2013-05-29 21:27 - 2013-05-29 21:27 - 00199825 ____A C:\Users\Family\Downloads\ModLoader (5).zip

2013-05-29 21:27 - 2013-05-29 21:27 - 00006872 ____A C:\Users\Family\Downloads\[1.5.2]ArmorStatusHUDv1.7.zip

2013-05-27 16:31 - 2013-05-27 16:27 - 133846784 ____A C:\Users\Family\Downloads\ASAP-Mob_Lords-Never-Worry.zip

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-06-25 13:07

 

==================== End Of Log ============================

 

Its weird how it says utorrent is stil there because I deleted the file it uses to run...

 

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 01

Ran by Family at 2013-06-25 13:05:16

Running from C:\Users\Family\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

7-Zip 9.20

Acrobat.com (Version: 2.1.0)

Acrobat.com (Version: 2.1.0.0)

Actiontec Gateway

Activation Assistant for the 2007 Microsoft Office suites

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)

Adobe AIR (Version: 3.3.0.3670)

Adobe Flash Media Live Encoder 3.1 (Version: 3.1.0)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)

Adobe Reader X (10.1.7) (Version: 10.1.7)

Adobe Shockwave Player 11.6 (Version: 11.6.8.638)

AIM 7

Aim Plugin for QQ Games

AIMTunes

Aleks 3.16

Aleks 3.9

AMD APP SDK Runtime (Version: 2.4.595.10)

AMD Catalyst Install Manager (Version: 8.0.911.0)

AMD Fuel (Version: 2013.0328.2218.38225)

AMD VISION Engine Control Center (Version: 2013.0328.2218.38225)

Anti-phishing Domain Advisor (Version: 1.1.0.1)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

ASIO4ALL (Version: 2.10)

ATI AVIVO Codecs (Version: 11.6.0.10405)

AutoUpdate (Version: 1.0)

Avery Wizard 3.1 (Version: 3.1.5)

Battlefield Play4Free

Bing Bar (Version: 7.0.822.0)

Bonjour (Version: 3.0.0.10)

Brawl Busters

Caesar 3

Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)

Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)

Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)

CCC Help Chinese Standard (Version: 2013.0328.2217.38225)

CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)

CCC Help Czech (Version: 2013.0328.2217.38225)

CCC Help Danish (Version: 2013.0328.2217.38225)

CCC Help Dutch (Version: 2013.0328.2217.38225)

CCC Help English (Version: 2013.0328.2217.38225)

CCC Help Finnish (Version: 2013.0328.2217.38225)

CCC Help French (Version: 2013.0328.2217.38225)

CCC Help German (Version: 2013.0328.2217.38225)

CCC Help Greek (Version: 2013.0328.2217.38225)

CCC Help Hungarian (Version: 2013.0328.2217.38225)

CCC Help Italian (Version: 2013.0328.2217.38225)

CCC Help Japanese (Version: 2013.0328.2217.38225)

CCC Help Korean (Version: 2013.0328.2217.38225)

CCC Help Norwegian (Version: 2013.0328.2217.38225)

CCC Help Polish (Version: 2013.0328.2217.38225)

CCC Help Portuguese (Version: 2013.0328.2217.38225)

CCC Help Russian (Version: 2013.0328.2217.38225)

CCC Help Spanish (Version: 2013.0328.2217.38225)

CCC Help Swedish (Version: 2013.0328.2217.38225)

CCC Help Thai (Version: 2013.0328.2217.38225)

CCC Help Turkish (Version: 2013.0328.2217.38225)

ccc-utility (Version: 2013.0328.2218.38225)

CCleaner (Version: 4.02)

Collab

Conduit Engine (Version: )

Coupon Printer for Windows (Version: 4.0)

D3DX10 (Version: 15.4.2368.0902)

Defraggler (Version: 2.10)

DIGOpt (Version: 9.0.0917.2)

DivX (Version: 5.2.1)

Download Updater (AOL LLC)

Dyyno Broadcaster

Facebook Plug-In

FL Studio 10

Flixster Collections (Version: 1.0.76)

Fried Cookie Updater (Version: 1.0.0.0)

Ghost Recon Online (NCSA-Live) (HKCU Version: 1.29.389.2)

GIMP 2.6.11 (Version: 2.6.11)

Google Chrome (Version: 27.0.1453.116)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)

Google Update Helper (Version: 1.3.21.145)

GoZone iSync (Version: 2.0.0)

Hardware Diagnostic Tools (Version: 5.00.4424.15)

HP Advisor (Version: 3.1.9152.3107)

HP Customer Experience Enhancements (Version: 1.00.0000)

HP Customer Feedback (Version: 1.0.0)

HP Driver Diagnostics (Version: 1.02.0008)

HP Easy Setup - Core (Version: 1.00.0000)

HP Easy Setup - Frontend (Version: 5.00.0000)

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart Essential 2.5 (Version: 1.02.0000)

HP Photosmart Essential 2.5 (Version: 2.5)

HP Product Detection (Version: 4.00.0002)

HP Update (Version: 5.002.008.001)

HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)

HydraVision (Version: 4.2.188.0)

iFunbox (v2.1.2228.731), iFunbox DevTeam (Version: v2.1.2228.731)

IL Download Manager

iTunes (Version: 11.0.2.26)

J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

JavaFX 2.1.1 (Version: 2.1.1)

Junk Mail filter update (Version: 15.4.3502.0922)

League of Legends (Version: 1.3)

LightScribe  1.4.142.1 (Version: 1.4.142.1)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

McAfee Security Scan Plus (Version: 3.0.318.3)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office Outlook Connector (Version: 1.8.3501.0)

Microsoft Office XP Professional (Version: 10.0.2627.01)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft VC9 runtime libraries (Version: 1.0.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Works (Version: 08.05.0818)

Move Media Player

Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)

MSN

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

muvee autoProducer 5.0 (Version: 5.00.050)

My HP Games (Version: HPCMPQ1601)

Need For Speed™ World (Version: 1.0.0.1229)

Norton 360 (Version: 20.4.0.40)

Norton Safe Web Lite (Version: 1.0.1.8)

NVIDIA Control Panel 306.97 (Version: 306.97)

NVIDIA Graphics Driver 306.97 (Version: 306.97)

NVIDIA Install Application (Version: 2.1002.85.551)

NVIDIA Update 1.10.8 (Version: 1.10.8)

NVIDIA Update Components (Version: 1.10.8)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

OverDrive Media Console (Version: 3.2.10)

Pando Media Booster (Version: 2.6.0.1)

Pandora (Version: 2.0.6)

Peachtree Complete Accounting

PharaohDemo

plist Editor for Windows 1.0.2 (Version: 1.0.2)

PoiZone

profilesong Toolbar (Version: 6.2.2.4)

PSSWCORE (Version: 2.02.0000)

PunkBuster Services (Version: 0.993)

Python 2.4.3 (Version: 2.4.3150)

QQ Games (Version: 2.0.102.36)

QuickConnect (Version: 1.00.0000)

QuickTime (Version: 7.73.80.64)

Qwest QuickNetworking

Razer Game Booster (Version: 3.5.6.0)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealPlayer (Version: 15.0.4)

Realtek High Definition Audio Driver (Version: 6.0.1.5789)

RealUpgrade 1.1 (Version: 1.1.0)

Rhapsody

Rhapsody Player Engine (Version: 1.0.604)

Ringtone Maker (Version: 1.0)

Roxio Activation Module (Version: 1.0)

Roxio Creator Audio (Version: 3.4.0)

Roxio Creator Copy (Version: 3.4.0)

Roxio Creator Data (Version: 3.4.0)

Roxio Creator EasyArchive (Version: 3.4.0)

Roxio Creator Tools (Version: 3.4.0)

Roxio Creator v9 (Version: 3.4.0)

Roxio Express Labeler 3 (Version: 3.2.1)

Roxio MyDVD Basic v9 (Version: 9.0.559)

RuneScape Launcher 1.0.4 (Version: 1.0.4)

RuneScape Launcher 1.2.2 (Version: 1.2.2)

Segoe UI (Version: 15.4.2271.0615)

Steam (Version: 1.0.0.0)

Supercast (Version: 2.0.6)

swMSM (Version: 12.0.0.1)

TeamViewer 7 (Version: 7.0.13989)

Toxic Biohazard

U.B. Funkeys

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)

VideoFileDownload (Version: 1.0)

VideoToolkit01 (Version: 100.0.128.000)

Viewpoint Media Player

VoiceOver Kit (Version: 1.42.128.0)

War of the Immortals

WildTangent Web Driver

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Family Safety (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3502.0922)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Sync (Version: 14.0.8117.416)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

WinRAR 4.20 (32-bit) (Version: 4.20.0)

XSplit (Version: 1.2.1303.0101)

Yahoo! BrowserPlus 2.9.8

Yahoo! Toolbar for Internet Explorer

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)

 

==================== Restore Points  =========================

 

09-06-2013 06:34:41 Scheduled Checkpoint

11-06-2013 14:42:45 Scheduled Checkpoint

12-06-2013 05:00:06 Scheduled Checkpoint

13-06-2013 05:38:20 Scheduled Checkpoint

13-06-2013 08:00:16 Windows Update

14-06-2013 05:56:32 Scheduled Checkpoint

14-06-2013 21:07:43 Scheduled Checkpoint

16-06-2013 04:00:58 Scheduled Checkpoint

16-06-2013 23:03:56 Scheduled Checkpoint

17-06-2013 14:40:13 Scheduled Checkpoint

18-06-2013 09:01:14 Scheduled Checkpoint

18-06-2013 17:58:57 Windows Update

19-06-2013 15:11:39 Scheduled Checkpoint

20-06-2013 10:31:22 Scheduled Checkpoint

21-06-2013 05:14:20 Scheduled Checkpoint

22-06-2013 00:48:50 Scheduled Checkpoint

22-06-2013 23:43:59 Scheduled Checkpoint

23-06-2013 13:01:02 Scheduled Checkpoint

24-06-2013 05:43:41 Scheduled Checkpoint

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {02624C06-8565-4700-9F7E-95DA43ECEF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)

Task: {0AA7125A-DE29-41A5-B759-DB6B4FFBF24A} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe [2012-11-13] ()

Task: {19A6D246-9322-41C2-AC9B-ACCA7F81D73E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {209F7636-7167-4671-8A69-71F952281FDF} - System32\Tasks\ReclaimerUpdateFiles_Family => C:\Users\Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-20] (RealNetworks, Inc.)

Task: {26D73258-6A8A-43D9-9770-716787A038C7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3270752218-215800142-2147086135-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)

Task: {37A5F095-4C1A-4ABA-9917-EDACD9760DE4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {3DDCECD4-6224-45CC-AC11-04EA0781E776} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {5750323C-9CD4-43E6-AD9B-3F22ABB8647F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {5CC5E611-A576-4C17-A43B-B076ACCFEC67} - System32\Tasks\ReclaimerUpdateXML_Family => C:\Users\Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-20] (RealNetworks, Inc.)

Task: {86BCC4CE-77CC-4B99-9DEF-E0142D0E7022} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {8D862D98-BFEB-4E3C-9F78-3EF8EF71B402} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)

Task: {94289AA7-5872-401C-8C12-DC8E1B52EB46} - System32\Tasks\RNUpgradeHelperResumePrompt_Family => C:\Users\Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-20] (RealNetworks, Inc.)

Task: {9C6DF7E5-E610-48D9-A920-CF54CB650A23} - System32\Tasks\Microsoft\Windows\RestartManager\{47234391-45CB-4e89-AE99-A6953B6AEE09} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

Task: {9E7E7383-C023-4079-B9D2-C072665F0D07} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {A594BCED-0D00-4246-8121-838A3A63F42D} - System32\Tasks\User_Feed_Synchronization-{5D6879AC-19AC-450B-90AE-BBDF0BDE05DB} => C:\Windows\system32\msfeedssync.exe [2012-10-17] (Microsoft Corporation)

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)

Task: {C5CC6403-2058-47C2-9C34-61F105376BFA} - System32\Tasks\RNUpgradeHelperLogonPrompt_Family => C:\Users\Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-20] (RealNetworks, Inc.)

Task: {D0B884BF-2FE2-4911-A991-B5E676B4DB8B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3270752218-215800142-2147086135-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {E93A1F76-5E1B-46EF-BAA6-B69640501F00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)

Task: {EF3FB074-F200-423D-97CE-1DDAC26EF3BF} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Family.job => C:\Users\Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

Task: C:\Windows\Tasks\ReclaimerUpdateXML_Family.job => C:\Users\Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Family.job => C:\Users\Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{5D6879AC-19AC-450B-90AE-BBDF0BDE05DB}.job => C:\Windows\system32\msfeedssync.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/25/2013 00:58:32 PM) (Source: Application Error) (User: )

Description: Faulting application Fuel.Service.exe, version 1.0.0.0, time stamp 0x5154fc81, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d,

process id 0x56c, application start time 0xFuel.Service.exe0.

 

Error: (06/25/2013 00:54:40 PM) (Source: Application Error) (User: )

Description: Faulting application consent.exe, version 6.0.6002.18328, time stamp 0x4cbc4d9e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0020fc9c,

process id 0x4b4, application start time 0xconsent.exe0.

 

Error: (06/25/2013 00:45:34 PM) (Source: Application Error) (User: )

Description: Faulting application consent.exe, version 6.0.6002.18328, time stamp 0x4cbc4d9e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x001afdd8,

process id 0x144c, application start time 0xconsent.exe0.

 

Error: (06/25/2013 00:42:59 PM) (Source: Application Error) (User: )

Description: Faulting application consent.exe, version 6.0.6002.18328, time stamp 0x4cbc4d9e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0007fa24,

process id 0x1420, application start time 0xconsent.exe0.

 

Error: (06/25/2013 04:45:33 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8892

 

Error: (06/25/2013 04:45:33 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8892

 

Error: (06/25/2013 04:45:33 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (06/25/2013 04:45:32 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7894

 

Error: (06/25/2013 04:45:32 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7894

 

Error: (06/25/2013 04:45:32 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (06/25/2013 01:10:11 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNlaSvc%%5

 

Error: (06/25/2013 01:10:11 PM) (Source: Service Control Manager) (User: )

Description: NlaSvc%%5

 

Error: (06/25/2013 01:02:15 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNlaSvc%%5

 

Error: (06/25/2013 01:02:15 PM) (Source: Service Control Manager) (User: )

Description: NlaSvc%%5

 

Error: (06/25/2013 01:02:12 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNlaSvc%%5

 

Error: (06/25/2013 01:02:12 PM) (Source: Service Control Manager) (User: )

Description: NlaSvc%%5

 

Error: (06/25/2013 01:02:09 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNlaSvc%%5

 

Error: (06/25/2013 01:02:09 PM) (Source: Service Control Manager) (User: )

Description: NlaSvc%%5

 

Error: (06/25/2013 01:02:06 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNlaSvc%%5

 

Error: (06/25/2013 01:02:06 PM) (Source: Service Control Manager) (User: )

Description: NlaSvc%%5

 

 

Microsoft Office Sessions:

=========================

Error: (06/25/2013 00:58:32 PM) (Source: Application Error)(User: )

Description: Fuel.Service.exe1.0.0.05154fc81ntdll.dll6.0.6002.185414ec3e3d5c00000050003dd6d56c01ce71076a321a8f

 

Error: (06/25/2013 00:54:40 PM) (Source: Application Error)(User: )

Description: consent.exe6.0.6002.183284cbc4d9eunknown0.0.0.000000000c00000050020fc9c4b401ce71cd0fd579b0

 

Error: (06/25/2013 00:45:34 PM) (Source: Application Error)(User: )

Description: consent.exe6.0.6002.183284cbc4d9eunknown0.0.0.000000000c0000005001afdd8144c01ce71cbcb5433e0

 

Error: (06/25/2013 00:42:59 PM) (Source: Application Error)(User: )

Description: consent.exe6.0.6002.183284cbc4d9eunknown0.0.0.000000000c00000050007fa24142001ce71cb6d945320

 

Error: (06/25/2013 04:45:33 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8892

 

Error: (06/25/2013 04:45:33 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8892

 

Error: (06/25/2013 04:45:33 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (06/25/2013 04:45:32 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7894

 

Error: (06/25/2013 04:45:32 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7894

 

Error: (06/25/2013 04:45:32 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-06-24 17:30:17.635

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:17.119

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:16.603

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:16.082

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:15.595

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:15.116

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:14.568

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:14.090

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:13.608

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-24 17:30:13.131

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 44%

Total physical RAM: 2045.82 MB

Available physical RAM: 1132.25 MB

Total Pagefile: 4332.15 MB

Available Pagefile: 3436.87 MB

Total Virtual: 2047.88 MB

Available Virtual: 1896.27 MB

 

==================== Drives ================================

 

Drive c: (HP) (Fixed) (Total:364.76 GB) (Free:86.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Recovery) (Fixed) (Total:7.84 GB) (Free:0.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 373 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=365 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

Going to run MBAR now

[Roth2755]

Troughout the scan the frst icon next to clock kept flashing a red X, so aI clicked on it and said script stopped so i clicked it and the scan went to the next step. Was i ssuppost to do thst?

[Psychotic]

let´s see what the tool logs

[Roth2755]

WOOOHOOOO!! no virus! Also the aero turning off stopped, I havent faced any blue screens, and it stopped being so laggy.

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.611000 GHz

Memory total: 2145198080, free: 872701952

 

Downloaded database version: v2013.06.25.08

Initializing...

------------ Kernel report ------------

     06/25/2013 13:28:56

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\DRIVERS\nvstor32.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\N360\1404000.028\SYMDS.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\N360\1404000.028\SYMEFA.SYS

\SystemRoot\System32\Drivers\PxHelp20.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\amdk8.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\ohci1394.sys

\SystemRoot\system32\DRIVERS\1394BUS.SYS

\SystemRoot\system32\drivers\hcw18bda.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\BdaSup.SYS

\SystemRoot\system32\DRIVERS\athr.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvmfdx32.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\drivers\windrvr6.sys

\SystemRoot\system32\drivers\USBD.SYS

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\AtihdLH3.sys

\SystemRoot\system32\drivers\N360\1404000.028\ccSetx86.sys

\SystemRoot\system32\drivers\N360\1404000.028\Ironx86.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\System32\Drivers\N360\1404000.028\SYMTDIV.SYS

\??\C:\Windows\system32\Drivers\SYMEVENT.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\N360\1404000.028\SRTSPX.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130622.001\IDSvix86.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\Drivers\dfsc.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130620.001\BHDrvx86.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvstor32.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\drivers\mrxdav.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\Drivers\N360\1404000.028\SRTSP.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130625.002\NAVEX15.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130625.002\NAVENG.SYS

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xffffffff9a880ac8

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000007e\

Lower Device Object: 0xffffffff999fc940

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xffffffff9a901560

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000007d\

Lower Device Object: 0xffffffff9a982568

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xffffffff9a901ac8

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000007c\

Lower Device Object: 0xffffffff999fccb8

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff999fc3d8

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000007b\

Lower Device Object: 0xffffffff9ac8f568

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff864e6ac8

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000060\

Lower Device Object: 0xffffffff84887c90

Lower Device Driver Name: \Driver\nvstor32\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff864e6ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff863e3268, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff864e6ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff8529a968, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff84887c90, DeviceName: \Device\00000060\, DriverName: \Driver\nvstor32\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1549F232

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63  Numsec = 764966097

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 764966160  Numsec = 16450560

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 400088457216 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-781402768-781422768)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff999fc3d8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff9a982250, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff999fc3d8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff9ac8f568, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff9a901ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff9a738530, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff9a901ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff999fccb8, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff9a901560, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff9a901248, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff9a901560, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff9a982568, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff9a880ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff9abe0d18, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff9a880ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff999fc940, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Scan finished

[Psychotic]

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update

  [*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.

 

 

 

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Roth2755]

How long should ESET take, because I will probably just leave it to scan but I dont want to perminately disable norton and leave it like that. I have options to disable for hour incraments.

 

This is the FSS log.

 

 

Farbar Service Scanner Version: 16-06-2013

Ran by Family (administrator) on 26-06-2013 at 11:01:23

Running from "C:\Users\Family\Desktop"

Windows Vista Home Premium Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

 

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

 

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-06-12 05:52] - [2013-05-07 23:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27

 

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2013-06-12 05:52] - [2013-04-23 23:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

 

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[Roth2755]

well I just let it be disabled for 5 hours. The instructions you gave me were different from what I actually had to do. I had to click "Run ESET Online Scanner", then it downloaded a file, I ran that, then followed those instructiosn (just run and next, simple tings like that).

[Psychotic]

Yes, let it disabled.

[Roth2755]

C:\Users\Family\Downloads\DownloadSetup.exe Win32/InstallMate.A application

C:\Users\Family\Downloads\epicbot (1).exe a variant of Win32/InstallIQ.A application

C:\Users\Family\Downloads\epicbot (2).exe a variant of Win32/InstallIQ.A application

C:\Users\Family\Downloads\epicbot.exe a variant of Win32/InstallIQ.A application

C:\Users\Family\Downloads\IEDictionaryToolbarInstaller_DIC2V5_askgog-187_tbr_sa_hpr_1.9.1.0.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\Family\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application

C:\Users\Family\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application

C:\Users\Family\Downloads\movie_player.exe a variant of Win32/InstallIQ.A application

C:\Users\Family\Downloads\PCPerformerSetup.exe a variant of Win32/InstallBrain.H application

C:\Users\Family\Downloads\setup (1).exe a variant of Win32/AirAdInstaller.A application

C:\Users\Family\Downloads\setup.exe a variant of Win32/InstallCore.T application

C:\Users\Family\Downloads\SoftonicDownloader_for_winrar.exe a variant of Win32/SoftonicDownloader.E application

 

 

I think the epicbots are runescape bots and I know what movie_player.exe is, and I never ran it. Im sure the ilividsetups are from adfly links. I dont think I ran any of those files besides the epicbots, so if I just deleted all the files in my downloads folder would they be gone?

[Roth2755]

These files were also downloaded waaaayyyy long ago so I dont think these are actually viruses, but more just unwanted files or applciations

[Psychotic]

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.



Once that is done then go to step 3 and allow it to run SFC by clicking Do it




On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair Windows Firewall
• Repair Windows Updates
  

then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

[Roth2755]

im going to do this another time. I dont think there are any viruses, there are no noticible symptoms anymore. If anything happens i will defidentally PM you and do this. Thank you for all your help

[Psychotic]

Some critical system files are already damaged and we didn´t complete the removal process.

I recommend to finish it.

[Roth2755]

What files were damaged? And i deleted the "threats" that eset found

[Psychotic]

 

MpsSvc Service is not running. Checking service configuration:

Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

 

bfe Service is not running. Checking service configuration:

Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

[Roth2755]

I think I know what those two are. I think thats to a totally unrelated problem after removing a different virus from my computer. It shows a red x where the connection thing would be but its kind of like a false positive, I thought it was a problem with the wireless card but I still get internet either way. It seems more like a cosmetive thing more like an actual problem.

 

[Psychotic]

these are your Windows Firewall and the Base Filtering Engine, both responsible four your computer´s safety...

[Roth2755]

What does the base filtering engine do exactly?

[Psychotic]

See here: http://batcmd.com/windows/7/services/bfe/

[Roth2755]

wow that seems pretty scary not having that! But I use nortons firewall anyways and my internet doesnt act strange unless there is an outage neerby and that would be the ISP's fault. Also with MWB and Norton and MWB's community I feel pretty safe

[Psychotic]

Your choice.

 

 

Uninstall our tools.
Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

Reading Material
How to protect yourself

• System Updates
  Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
  Windows XP | Windows Vista |
  Windows 7 | windows 8
• Protection
  What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
  Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
• Up to date Software
  Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  
  • Secunia Online Software Inspector - Checks if your software has updates available.
  • Filehippo Update Checkere - This tool also scans your computer for outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
    

  [*] Backups
  There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
  It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.