buckshot08 Posted November 12, 2013 ID:752612 Share Posted November 12, 2013 Problem: Whenever I load up any page, as soon as its done loading, it reloads really fast and creates a barrier between what i want to click and my mouse. If i click anything, another screen pops up telling me to download something. I've downloaded lots of software to fix the issue such as this, avg, and used hijack to see what the problem is. I'll post what I have because I don't read pc. an example of the pop-up looks like http://flashupdatenow.co/6/?pub=p.njcnjnmodhmothlo&keyword=youtube so in the description of the url, youtube is there, which is the page i was on when i clicked the barrier. I dont reccomend clicking it, just letting you guys know what it looks like. This is the log from the softwareMalwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.11.12.07 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16384jarec_000 :: DADDYSCOMPUTER [administrator] 11/12/2013 7:13:08 AMMBAM-log-2013-11-12 (07-21-20).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 210041Time elapsed: 8 minute(s), 4 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 13HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> No action taken.HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken.HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> No action taken.HKCU\Software\InstalledBrowserExtensions\Innovative Apps (PUP.Optional.CrossRider.A) -> No action taken.HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> No action taken.HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> No action taken.HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 (PUP.Optional.BonanzaDeals.A) -> No action taken.HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 (PUP.Optional.BonanzaDeals.A) -> No action taken. Registry Values Detected: 3HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> No action taken.HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://domore.pcutilitiespro.revenuewire.net/driverpro/xsell -> No action taken.HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 21C:\Program Files (x86)\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0 (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive\Update\Download (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive\Update\Install (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive\Update\Offline (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDealsLive\Update\Offline\{6F4EC4AF-1F21-445C-AF21-B4CCCBA4E009} (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} (PUP.Optional.Zwangi.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\chrome (PUP.Optional.Zwangi.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults (PUP.Optional.Zwangi.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults\preferences (PUP.Optional.Zwangi.A) -> No action taken. Files Detected: 23C:\Users\jarec_000\Downloads\FPP_Setup (1).exe (PUP.Optional.AirInstaller) -> No action taken.C:\Users\jarec_000\Downloads\FPP_Setup (2).exe (PUP.Optional.AirInstaller) -> No action taken.C:\Users\jarec_000\Downloads\FPP_Setup (3).exe (PUP.Optional.AirInstaller) -> No action taken.C:\Users\jarec_000\Downloads\FPP_Setup (4).exe (PUP.Optional.AirInstaller) -> No action taken.C:\Users\jarec_000\Downloads\FPP_Setup (5).exe (PUP.Optional.AirInstaller) -> No action taken.C:\Users\jarec_000\Downloads\FPP_Setup (6).exe (PUP.Optional.AirInstaller) -> No action taken.C:\Users\jarec_000\Downloads\vioplayer2_d6415923.exe (PUP.Optional.InstallIQ) -> No action taken.c:\users\jarec_000\appdata\roaming\mozilla\firefox\profiles\qooqlle.xml (Redir.Qooqlle) -> No action taken.c:\users\jarec_000\appdata\roaming\mozilla\firefox\profiles\main\mt_32.dll (Trojan.Agent) -> No action taken.c:\users\jarec_000\appdata\roaming\mozilla\firefox\profiles\main\winload.dll (Trojan.Agent) -> No action taken.C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.xpi (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\BonanzaDeals\icon.ico (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\background.js (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\manifest.json (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon128.png (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon16.png (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon48.png (PUP.Optional.BonanzaDeals.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\chrome.manifest (PUP.Optional.Zwangi.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\install.rdf (PUP.Optional.Zwangi.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\chrome\basicserve.jar (PUP.Optional.Zwangi.A) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults\preferences\prefs.js (PUP.Optional.Zwangi.A) -> No action taken. (end) I ran the software Hijackthisand this is the info it gave me if it means anything to you. Logfile of Trend Micro HijackThis v2.0.5Scan saved at 7:07:07 AM, on 11/12/2013Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.16384) FIREFOX: 24.0 (en-US)Boot mode: Normal Running processes:C:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exeC:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exeC:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exeC:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exeC:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exeC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\TuneUp Utilities 2013\OneClickStarter.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\jarec_000\Downloads\HijackThis.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={D940356E-D58B-4238-B808-D25AC5CC1390}&mid=773b8f3c809847d39dd7b9dd654480b3-ec7422bb870309d0cb189e96bf03ec47512f8ba5〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-05 07:14:09&v=17.0.1.12&pid=safeguard&sg=0&sap=hpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: privitize Helper Object - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dllO2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\jarec_000\AppData\Local\DownloadTerms\temp.datO2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dllO3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dllO4 - HKLM\..\Run: [btTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /RO4 - HKLM\..\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exeO4 - HKLM\..\Run: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exeO4 - HKLM\..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exeO4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYO4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dllO18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exeO23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeO23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exeO23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeO23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeO23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeO23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exeO23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exeO23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 13826 bytes It's almost impossible for me to use my computer. I'd be forever gratefull for a subject matter expert to lend me a hand. Thanks Link to post Share on other sites More sharing options...
Psychotic Posted November 12, 2013 ID:752621 Share Posted November 12, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe Hit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything. Hit Clean When the run is finished, it will open up a text file Please post its contents within your next reply You´ll find the log file at C:\AdwCleaner[s1].txt also Delete junk with JRT Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Link to post Share on other sites More sharing options...
buckshot08 Posted November 12, 2013 Author ID:752625 Share Posted November 12, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 8.1 x64Ran by jarec_000 on Tue 11/12/2013 at 8:05:24.49~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1756616650-231391826-1458956430-1001\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90DB667F-75D9-4D32-8A79-F8BA648D4D88} ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\privitize.privitizehlprFailed to delete: [Registry Key] HKEY_CLASSES_ROOT\privitize.privitizehlpr.1Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeFailed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dllFailed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensionsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\privitizevpninstalldatesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearchSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossriderSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1756616650-231391826-1458956430-1001\Software\sweetimFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokiiFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\webcakeupdaterFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylonFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiqFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savingsFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocolFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapiFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocololeFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstallerFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\supreme savingsFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstallerFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\supreme savingsFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\babylonFailed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122992262}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166996662}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220122992262}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660166996662}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166996662}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660166996662}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6644344C-598B-4843-AFBC-E54A45A8D648}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\apn"Failed to delete: [Folder] "C:\ProgramData\babylon"Failed to delete: [Folder] "C:\ProgramData\basicserve"Successfully deleted: [Folder] "C:\Users\jarec_000\AppData\Roaming\industriya"Successfully deleted: [Folder] "C:\Users\jarec_000\AppData\Roaming\optimizer pro"Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\downloadterms"Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\supreme savings"Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\swvupdater"Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\updater19962"Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\locallow\delta"Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\locallow\industriya"Failed to delete: [Folder] "C:\Program Files (x86)\basicserve"Failed to delete: [Folder] "C:\Program Files (x86)\free youtube downloader"Failed to delete: [Folder] "C:\Program Files (x86)\industriya"Failed to delete: [Folder] "C:\Program Files (x86)\movdap"Failed to delete: [Folder] "C:\Program Files (x86)\supreme savings"Failed to delete: [Folder] "C:\Program Files (x86)\tepfel"Failed to delete: [Folder] "C:\Program Files (x86)\whilokii"Successfully deleted: [Folder] "C:\Users\jarec_000\AppData\Roaming\microsoft\windows\start menu\programs\bonanzadeals"Failed to delete: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin" ~~~ Chrome Failed to delete: [Folder] C:\Users\jarec_000\appdata\local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 11/12/2013 at 8:12:07.84End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gotta restart for the other text. Link to post Share on other sites More sharing options...
Psychotic Posted November 12, 2013 ID:752626 Share Posted November 12, 2013 Please reboot into safe mode and run the tools again Link to post Share on other sites More sharing options...
buckshot08 Posted November 12, 2013 Author ID:752629 Share Posted November 12, 2013 Really gona sound like a noob but I have windows 8.1 and I cant find where to reboot in safe mode... do you know? Link to post Share on other sites More sharing options...
buckshot08 Posted November 12, 2013 Author ID:752634 Share Posted November 12, 2013 i do not know how to reboot in safe mode. I have windows 8.1. cant see it Link to post Share on other sites More sharing options...
buckshot08 Posted November 12, 2013 Author ID:752637 Share Posted November 12, 2013 I've restarted 4 times but I cant find where to do it in safemode Link to post Share on other sites More sharing options...
Psychotic Posted November 12, 2013 ID:752639 Share Posted November 12, 2013 OK, skip all thatBoot normally and run the following: Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
buckshot08 Posted November 12, 2013 Author ID:752642 Share Posted November 12, 2013 FRST (AMD) C:\WINDOWS\system32\atieclxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe() C:\Program Files (x86)\Tor\tor.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe(Microsoft Corporation) C:\Windows\System32\skydrive.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\OneClickStarter.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [37888 2012-09-19] (Hewlett-Packard )HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-07] (Hewlett-Packard)HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)HKLM-x32\...\Run: [btTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364544 2012-09-03] (IVT Corporation)HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)HKLM-x32\...\Run: [bATINDICATORHL] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)HKLM-x32\...\Run: [OSDTool] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)IMEO\hpconnectedremotemgmtui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Heroes & Generals live) - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Extension: (American) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0CHR Extension: (Google Docs) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Adblock Plus) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0CHR Extension: (Google Search) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (AdBlock) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0CHR Extension: (IE Tab) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.11.9.1_0CHR Extension: (Google Wallet) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Gmail) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crxCHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crxCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] ()R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1602560 2012-09-03] (IVT Corporation)R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-09-03] (IVT Corporation)S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-25] ()R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG Technologies CZ, s.r.o.)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130514.001\IDSvia64.sys [513184 2013-04-12] (Symantec Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-09-29] (Microsoft Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\ENG64.SYS [126192 2013-04-13] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\EX64.SYS [2087664 2013-04-13] (Symantec Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695904 2012-09-05] (Ralink Technology, Corp.)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56672 2013-08-22] (Microsoft Corporation)R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)U3 kglyikoc; \??\C:\Users\JAREC_~1\AppData\Local\Temp\kglyikoc.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT2013-11-12 08:04 - 2013-11-12 08:11 - 00000000 ____D C:\AdwCleaner2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe2013-11-12 06:00 - 2013-11-12 07:07 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)2013-11-04 18:13 - 2013-10-18 23:38 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2013-11-04 18:13 - 2013-10-18 22:52 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2013-11-04 18:13 - 2013-10-18 22:33 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2013-11-04 18:13 - 2013-10-18 21:59 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2013-11-04 18:13 - 2013-10-18 21:42 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2013-11-04 18:13 - 2013-10-18 21:19 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2013-11-04 18:13 - 2013-10-18 20:42 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2013-11-04 18:13 - 2013-10-18 20:27 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme2013-11-02 14:31 - 2013-09-03 14:31 - 00000032 ____R C:\ProgramData\hash.dat2013-10-29 02:14 - 2013-10-23 05:01 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2013-10-29 02:14 - 2013-10-23 02:59 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD2013-10-19 11:12 - 2013-10-19 11:15 - 00000000 ____D C:\Program Files\ATI Technologies2013-10-19 11:01 - 2013-10-19 11:11 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security2013-10-19 10:36 - 2013-11-12 08:41 - 00000000 __RDO C:\Users\jarec_000\SkyDrive2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD2013-10-19 10:31 - 2013-11-12 05:07 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4}2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini2013-10-19 05:36 - 2013-10-19 23:00 - 00000000 ___DC C:\WINDOWS\Panther2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub2013-10-19 05:30 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe2013-10-19 05:30 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe2013-10-19 03:03 - 2013-11-12 08:36 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate2013-10-19 02:43 - 2013-11-03 11:18 - 00000000 ____D C:\Users\jarec_0002013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagwrn.xml2013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagerr.xml2013-10-19 02:43 - 2013-10-19 02:44 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI2013-10-19 02:40 - 2013-10-19 02:44 - 00012096 _____ C:\WINDOWS\iis.log2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin2013-10-19 01:56 - 2013-10-19 03:02 - 00006514 _____ C:\WINDOWS\comsetup.log2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler2013-10-13 19:02 - 2013-10-13 19:05 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE ==================== One Month Modified Files and Folders ======= 2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST2013-11-12 08:46 - 2013-09-29 22:04 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-11-12 08:45 - 2013-03-15 18:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1756616650-231391826-1458956430-10012013-11-12 08:43 - 2012-09-10 16:54 - 00000787 _____ C:\WINDOWS\SysWOW64\bscs.ini2013-11-12 08:41 - 2013-10-19 10:36 - 00000000 __RDO C:\Users\jarec_000\SkyDrive2013-11-12 08:41 - 2013-04-09 14:03 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-11-12 08:40 - 2013-06-06 23:42 - 00000410 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job2013-11-12 08:40 - 2013-03-15 18:51 - 00000000 ____D C:\Program Files (x86)\Steam2013-11-12 08:40 - 2012-11-23 18:13 - 00004524 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI2013-11-12 08:39 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-11-12 08:39 - 2012-11-23 18:13 - 00000088 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI2013-11-12 08:36 - 2013-10-19 03:03 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log2013-11-12 08:28 - 2013-04-09 14:03 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-11-12 08:27 - 2013-04-14 21:41 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log2013-11-12 08:26 - 2013-04-14 21:41 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt2013-11-12 08:11 - 2013-11-12 08:04 - 00000000 ____D C:\AdwCleaner2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe2013-11-12 08:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru2013-11-12 07:50 - 2013-04-18 18:57 - 01887744 ___SH C:\Users\jarec_000\Downloads\Thumbs.db2013-11-12 07:37 - 2013-03-15 20:04 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\TS3Client2013-11-12 07:27 - 2013-09-09 17:54 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys2013-11-12 07:27 - 2013-09-09 17:54 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar2013-11-12 07:26 - 2013-10-05 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-12 07:26 - 2013-09-29 21:55 - 00085628 _____ C:\WINDOWS\PFRO.log2013-11-12 07:25 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI2013-11-12 07:10 - 2013-04-18 23:34 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Mozilla2013-11-12 07:09 - 2013-08-19 00:00 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2013-11-12 07:07 - 2013-11-12 06:00 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log2013-11-12 07:01 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\Documents\Battleground Europe2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe2013-11-12 05:07 - 2013-10-19 10:31 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4}2013-11-12 02:52 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM2013-11-12 02:50 - 2013-07-22 14:20 - 00000378 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjarec_000.job2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs2013-11-11 21:48 - 2013-10-04 00:38 - 00000000 ____D C:\Program Files (x86)\Origin2013-11-11 21:09 - 2013-08-31 01:51 - 00000000 ____D C:\ProgramData\MFAData2013-11-11 15:57 - 2013-07-22 14:20 - 00003200 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjarec_0002013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)2013-11-07 02:29 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness2013-11-05 07:14 - 2013-09-09 17:54 - 00003742 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme2013-11-03 11:18 - 2013-10-19 02:43 - 00000000 ____D C:\Users\jarec_0002013-11-02 03:55 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Local\ArmA 2 OA2013-10-31 15:18 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP2013-10-29 03:37 - 2013-08-22 08:46 - 00300761 _____ C:\WINDOWS\setupact.log2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large2013-10-25 00:42 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Local\TeamSpeak 3 Client2013-10-23 22:43 - 2013-06-25 21:22 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Arma 32013-10-23 05:01 - 2013-10-29 02:14 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2013-10-23 02:59 - 2013-10-29 02:14 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2013-10-21 00:59 - 2013-03-15 18:41 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Packages2013-10-19 23:00 - 2013-10-19 05:36 - 00000000 ___DC C:\WINDOWS\Panther2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD2013-10-19 11:15 - 2013-10-19 11:12 - 00000000 ____D C:\Program Files\ATI Technologies2013-10-19 11:15 - 2012-11-23 17:41 - 00000000 ____D C:\Program Files (x86)\ATI Technologies2013-10-19 11:13 - 2013-05-02 01:00 - 00000000 ____D C:\ProgramData\Package Cache2013-10-19 11:12 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\restore2013-10-19 11:11 - 2013-10-19 11:01 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2013-10-19 10:31 - 2012-11-23 18:09 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration2013-10-19 05:35 - 2013-08-22 09:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\WinStore2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Camera2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv2013-10-19 03:05 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagwrn.xml2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagerr.xml2013-10-19 03:02 - 2013-10-19 01:56 - 00006514 _____ C:\WINDOWS\comsetup.log2013-10-19 03:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Registration2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RSD C:\WINDOWS\Media2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Public\Libraries2013-10-19 02:52 - 2012-11-23 17:33 - 00000000 ____D C:\ProgramData\SoundResearch2013-10-19 02:51 - 2013-08-22 08:44 - 00380104 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-10-19 02:50 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud2013-10-19 02:50 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep2013-10-19 02:50 - 2013-08-17 22:19 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT2013-10-19 02:50 - 2013-06-23 23:06 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2013-10-19 02:50 - 2013-04-24 22:03 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)2013-10-19 02:50 - 2013-04-24 15:15 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)2013-10-19 02:50 - 2013-04-15 22:55 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder2013-10-19 02:50 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client2013-10-19 02:50 - 2012-11-23 18:07 - 00000000 ____D C:\WINDOWS\en2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\system32\WCN2013-10-19 02:47 - 2013-08-22 09:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\spool2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\MUI2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\IME2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\oobe2013-10-19 02:47 - 2012-07-25 23:37 - 00000000 ____D C:\Users\Default.migrated2013-10-19 02:46 - 2013-08-22 09:43 - 00000000 ____D C:\WINDOWS\DigitalLocker2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files\Windows Sidebar2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Help2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-10-19 02:46 - 2012-08-01 20:05 - 00000000 ____D C:\ProgramData\PRICache2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate2013-10-19 02:44 - 2013-10-19 02:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-10-19 02:44 - 2013-10-19 02:40 - 00012096 _____ C:\WINDOWS\iis.log2013-10-19 02:44 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA2013-10-19 02:44 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Recovery2013-10-19 02:44 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive2013-10-19 02:44 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cornered Rat Software2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI2013-10-19 02:40 - 2012-08-01 20:05 - 00000000 __SHD C:\Recovery2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin2013-10-19 02:38 - 2013-08-22 08:46 - 00000084 _____ C:\WINDOWS\setuperr.log2013-10-19 02:37 - 2013-08-22 07:36 - 00000000 __RHD C:\Users\Default2013-10-19 02:21 - 2013-03-15 18:40 - 01446543 _____ C:\WINDOWS\WindowsUpdate (1).log2013-10-19 01:34 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream2013-10-18 23:38 - 2013-11-04 18:13 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2013-10-18 22:52 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2013-10-18 22:33 - 2013-11-04 18:13 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2013-10-18 21:59 - 2013-11-04 18:13 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2013-10-18 21:42 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2013-10-18 21:19 - 2013-11-04 18:13 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2013-10-18 20:42 - 2013-11-04 18:13 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2013-10-18 20:27 - 2013-11-04 18:13 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler2013-10-14 17:15 - 2013-09-11 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT2013-10-14 17:13 - 2013-03-17 01:12 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2013-10-13 19:05 - 2013-10-13 19:02 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE Files to move or delete:====================C:\ProgramData\hash.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.s(AMD) C:\WINDOWS\system32\atieclxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe() C:\Program Files (x86)\Tor\tor.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe(Microsoft Corporation) C:\Windows\System32\skydrive.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\OneClickStarter.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [37888 2012-09-19] (Hewlett-Packard )HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-07] (Hewlett-Packard)HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)HKLM-x32\...\Run: [btTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364544 2012-09-03] (IVT Corporation)HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)HKLM-x32\...\Run: [bATINDICATORHL] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)HKLM-x32\...\Run: [OSDTool] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)IMEO\hpconnectedremotemgmtui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Heroes & Generals live) - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Extension: (American) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0CHR Extension: (Google Docs) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Adblock Plus) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0CHR Extension: (Google Search) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (AdBlock) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0CHR Extension: (IE Tab) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.11.9.1_0CHR Extension: (Google Wallet) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Gmail) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crxCHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crxCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] ()R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1602560 2012-09-03] (IVT Corporation)R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-09-03] (IVT Corporation)S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-25] ()R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG Technologies CZ, s.r.o.)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130514.001\IDSvia64.sys [513184 2013-04-12] (Symantec Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-09-29] (Microsoft Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\ENG64.SYS [126192 2013-04-13] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\EX64.SYS [2087664 2013-04-13] (Symantec Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695904 2012-09-05] (Ralink Technology, Corp.)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56672 2013-08-22] (Microsoft Corporation)R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)U3 kglyikoc; \??\C:\Users\JAREC_~1\AppData\Local\Temp\kglyikoc.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT2013-11-12 08:04 - 2013-11-12 08:11 - 00000000 ____D C:\AdwCleaner2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe2013-11-12 06:00 - 2013-11-12 07:07 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)2013-11-04 18:13 - 2013-10-18 23:38 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2013-11-04 18:13 - 2013-10-18 22:52 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2013-11-04 18:13 - 2013-10-18 22:33 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2013-11-04 18:13 - 2013-10-18 21:59 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2013-11-04 18:13 - 2013-10-18 21:42 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2013-11-04 18:13 - 2013-10-18 21:19 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2013-11-04 18:13 - 2013-10-18 20:42 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2013-11-04 18:13 - 2013-10-18 20:27 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme2013-11-02 14:31 - 2013-09-03 14:31 - 00000032 ____R C:\ProgramData\hash.dat2013-10-29 02:14 - 2013-10-23 05:01 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2013-10-29 02:14 - 2013-10-23 02:59 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD2013-10-19 11:12 - 2013-10-19 11:15 - 00000000 ____D C:\Program Files\ATI Technologies2013-10-19 11:01 - 2013-10-19 11:11 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security2013-10-19 10:36 - 2013-11-12 08:41 - 00000000 __RDO C:\Users\jarec_000\SkyDrive2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD2013-10-19 10:31 - 2013-11-12 05:07 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4} Link to post Share on other sites More sharing options...
buckshot08 Posted November 12, 2013 Author ID:752644 Share Posted November 12, 2013 for the second software. It says " the process cannot access the file because it is being used by another process" I read where you said after the first scan only, the first scan was completed yet it was open. maybe this caused the problem second part 2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini2013-10-19 05:36 - 2013-10-19 23:00 - 00000000 ___DC C:\WINDOWS\Panther2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub2013-10-19 05:30 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe2013-10-19 05:30 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2013-10-19 05:30 - 2013-08-02 22:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe2013-10-19 03:03 - 2013-11-12 08:36 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate2013-10-19 02:43 - 2013-11-03 11:18 - 00000000 ____D C:\Users\jarec_0002013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagwrn.xml2013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagerr.xml2013-10-19 02:43 - 2013-10-19 02:44 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI2013-10-19 02:40 - 2013-10-19 02:44 - 00012096 _____ C:\WINDOWS\iis.log2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin2013-10-19 01:56 - 2013-10-19 03:02 - 00006514 _____ C:\WINDOWS\comsetup.log2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler2013-10-13 19:02 - 2013-10-13 19:05 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE ==================== One Month Modified Files and Folders ======= 2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST2013-11-12 08:46 - 2013-09-29 22:04 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-11-12 08:45 - 2013-03-15 18:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1756616650-231391826-1458956430-10012013-11-12 08:43 - 2012-09-10 16:54 - 00000787 _____ C:\WINDOWS\SysWOW64\bscs.ini2013-11-12 08:41 - 2013-10-19 10:36 - 00000000 __RDO C:\Users\jarec_000\SkyDrive2013-11-12 08:41 - 2013-04-09 14:03 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-11-12 08:40 - 2013-06-06 23:42 - 00000410 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job2013-11-12 08:40 - 2013-03-15 18:51 - 00000000 ____D C:\Program Files (x86)\Steam2013-11-12 08:40 - 2012-11-23 18:13 - 00004524 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI2013-11-12 08:39 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-11-12 08:39 - 2012-11-23 18:13 - 00000088 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI2013-11-12 08:36 - 2013-10-19 03:03 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log2013-11-12 08:28 - 2013-04-09 14:03 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-11-12 08:27 - 2013-04-14 21:41 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log2013-11-12 08:26 - 2013-04-14 21:41 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt2013-11-12 08:11 - 2013-11-12 08:04 - 00000000 ____D C:\AdwCleaner2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe2013-11-12 08:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru2013-11-12 07:50 - 2013-04-18 18:57 - 01887744 ___SH C:\Users\jarec_000\Downloads\Thumbs.db2013-11-12 07:37 - 2013-03-15 20:04 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\TS3Client2013-11-12 07:27 - 2013-09-09 17:54 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys2013-11-12 07:27 - 2013-09-09 17:54 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar2013-11-12 07:26 - 2013-10-05 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-12 07:26 - 2013-09-29 21:55 - 00085628 _____ C:\WINDOWS\PFRO.log2013-11-12 07:25 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI2013-11-12 07:10 - 2013-04-18 23:34 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Mozilla2013-11-12 07:09 - 2013-08-19 00:00 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2013-11-12 07:07 - 2013-11-12 06:00 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log2013-11-12 07:01 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\Documents\Battleground Europe2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe2013-11-12 05:07 - 2013-10-19 10:31 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4}2013-11-12 02:52 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM2013-11-12 02:50 - 2013-07-22 14:20 - 00000378 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjarec_000.job2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs2013-11-11 21:48 - 2013-10-04 00:38 - 00000000 ____D C:\Program Files (x86)\Origin2013-11-11 21:09 - 2013-08-31 01:51 - 00000000 ____D C:\ProgramData\MFAData2013-11-11 15:57 - 2013-07-22 14:20 - 00003200 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjarec_0002013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)2013-11-07 02:29 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness2013-11-05 07:14 - 2013-09-09 17:54 - 00003742 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme2013-11-03 11:18 - 2013-10-19 02:43 - 00000000 ____D C:\Users\jarec_0002013-11-02 03:55 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Local\ArmA 2 OA2013-10-31 15:18 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP2013-10-29 03:37 - 2013-08-22 08:46 - 00300761 _____ C:\WINDOWS\setupact.log2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large2013-10-25 00:42 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Local\TeamSpeak 3 Client2013-10-23 22:43 - 2013-06-25 21:22 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Arma 32013-10-23 05:01 - 2013-10-29 02:14 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2013-10-23 02:59 - 2013-10-29 02:14 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2013-10-21 00:59 - 2013-03-15 18:41 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Packages2013-10-19 23:00 - 2013-10-19 05:36 - 00000000 ___DC C:\WINDOWS\Panther2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD2013-10-19 11:15 - 2013-10-19 11:12 - 00000000 ____D C:\Program Files\ATI Technologies2013-10-19 11:15 - 2012-11-23 17:41 - 00000000 ____D C:\Program Files (x86)\ATI Technologies2013-10-19 11:13 - 2013-05-02 01:00 - 00000000 ____D C:\ProgramData\Package Cache2013-10-19 11:12 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\restore2013-10-19 11:11 - 2013-10-19 11:01 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2013-10-19 10:31 - 2012-11-23 18:09 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration2013-10-19 05:35 - 2013-08-22 09:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\WinStore2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Camera2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv2013-10-19 03:05 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagwrn.xml2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagerr.xml2013-10-19 03:02 - 2013-10-19 01:56 - 00006514 _____ C:\WINDOWS\comsetup.log2013-10-19 03:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Registration2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RSD C:\WINDOWS\Media2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Public\Libraries2013-10-19 02:52 - 2012-11-23 17:33 - 00000000 ____D C:\ProgramData\SoundResearch2013-10-19 02:51 - 2013-08-22 08:44 - 00380104 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-10-19 02:50 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud2013-10-19 02:50 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep2013-10-19 02:50 - 2013-08-17 22:19 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT2013-10-19 02:50 - 2013-06-23 23:06 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2013-10-19 02:50 - 2013-04-24 22:03 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)2013-10-19 02:50 - 2013-04-24 15:15 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)2013-10-19 02:50 - 2013-04-15 22:55 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder2013-10-19 02:50 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client2013-10-19 02:50 - 2012-11-23 18:07 - 00000000 ____D C:\WINDOWS\en2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\system32\WCN2013-10-19 02:47 - 2013-08-22 09:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\spool2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\MUI2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\IME2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\oobe2013-10-19 02:47 - 2012-07-25 23:37 - 00000000 ____D C:\Users\Default.migrated2013-10-19 02:46 - 2013-08-22 09:43 - 00000000 ____D C:\WINDOWS\DigitalLocker2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files\Windows Sidebar2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Help2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-10-19 02:46 - 2012-08-01 20:05 - 00000000 ____D C:\ProgramData\PRICache2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate2013-10-19 02:44 - 2013-10-19 02:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-10-19 02:44 - 2013-10-19 02:40 - 00012096 _____ C:\WINDOWS\iis.log2013-10-19 02:44 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA2013-10-19 02:44 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Recovery2013-10-19 02:44 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive2013-10-19 02:44 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cornered Rat Software2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI2013-10-19 02:40 - 2012-08-01 20:05 - 00000000 __SHD C:\Recovery2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin2013-10-19 02:38 - 2013-08-22 08:46 - 00000084 _____ C:\WINDOWS\setuperr.log2013-10-19 02:37 - 2013-08-22 07:36 - 00000000 __RHD C:\Users\Default2013-10-19 02:21 - 2013-03-15 18:40 - 01446543 _____ C:\WINDOWS\WindowsUpdate (1).log2013-10-19 01:34 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream2013-10-18 23:38 - 2013-11-04 18:13 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2013-10-18 22:52 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2013-10-18 22:33 - 2013-11-04 18:13 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2013-10-18 21:59 - 2013-11-04 18:13 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2013-10-18 21:42 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2013-10-18 21:19 - 2013-11-04 18:13 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2013-10-18 20:42 - 2013-11-04 18:13 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2013-10-18 20:27 - 2013-11-04 18:13 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler2013-10-14 17:15 - 2013-09-11 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT2013-10-14 17:13 - 2013-03-17 01:12 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2013-10-13 19:05 - 2013-10-13 19:02 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE Files to move or delete:====================C:\ProgramData\hash.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-12 04:50 ==================== End Of Log ============================ys => MD5 is legit LastRegBack: 2013-11-12 04:50 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
buckshot08 Posted November 12, 2013 Author ID:752645 Share Posted November 12, 2013 GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-11-12 08:56:24Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 Seagate rev.HP16____ 1862.65GBRunning: zclvfw2c.exe; Driver: C:\Users\JAREC_~1\AppData\Local\Temp\kglyikoc.sys ---- Devices - GMER 2.1 ---- Device \Driver\WudfPf \Device\WUDFLpcDevice fffff800051d7c90Device \Driver\WudfPf \Device\HostProcess-1e775ebb-a9ce-40f4-b9b1-8d059d9417f7 fffff800051d7c90Device \Driver\NDProxy \Device\NDProxy fffff80005163f90Device \Driver\WudfPf \Device\HostProcess-20cfd66d-b2cb-42bf-bb30-fd3b62fba80d fffff800051d7c90Device \Driver\WudfPf \Device\HostProcess-69c60a63-acba-40ee-a608-03804b4085f8 fffff800051d7c90Device \Driver\WudfRd \Device\UMDFCtrlDev-336ad6da-4ba8-11e3-beae-689423a06940 fffff800051a0750Device \Driver\WudfPf \Device\ProcessManagement fffff800051d7c90Device \Driver\NdisTapi \Device\NdisTapi fffff800055ec290 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [968:992] fffff960009554d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Link to post Share on other sites More sharing options...
Psychotic Posted November 13, 2013 ID:752929 Share Posted November 13, 2013 Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run. There will be a short delay before the next dialog box comes up. Please just wait a minute or two. When asked if you'd like to "download the latest Avast! virus definitions", click Yes. Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready. Click the Scan button to start the scan once the update has finished downloading On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record). Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start Scan If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 15, 2013 Root Admin ID:753924 Share Posted November 15, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts