Jump to content

I'm infected


Recommended Posts

Problem: Whenever I load up any page, as soon as its done loading, it reloads really fast and creates a barrier between what i want to click and my mouse. If i click anything, another screen pops up telling me to download something. I've downloaded lots of software to fix the issue such as this, avg, and used hijack to see what the problem is. I'll post what I have because I don't read pc.

 

 

 

an example of the pop-up looks like http://flashupdatenow.co/6/?pub=p.njcnjnmodhmothlo&keyword=youtube

 

so in the description of the url, youtube is there, which is the page i was on when i clicked the barrier.

 

I dont reccomend clicking it, just letting you guys know what it looks like.

 

This is the log from the software

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.12.07
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16384
jarec_000 :: DADDYSCOMPUTER [administrator]
 
11/12/2013 7:13:08 AM
MBAM-log-2013-11-12 (07-21-20).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210041
Time elapsed: 8 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 13
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken.
HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKCU\Software\InstalledBrowserExtensions\Innovative Apps (PUP.Optional.CrossRider.A) -> No action taken.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> No action taken.
HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 (PUP.Optional.BonanzaDeals.A) -> No action taken.
HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 (PUP.Optional.BonanzaDeals.A) -> No action taken.
 
Registry Values Detected: 3
HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> No action taken.
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://domore.pcutilitiespro.revenuewire.net/driverpro/xsell -> No action taken.
HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 21
C:\Program Files (x86)\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0 (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive\Update\Download (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive\Update\Install (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive\Update\Offline (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDealsLive\Update\Offline\{6F4EC4AF-1F21-445C-AF21-B4CCCBA4E009} (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} (PUP.Optional.Zwangi.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\chrome (PUP.Optional.Zwangi.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults (PUP.Optional.Zwangi.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults\preferences (PUP.Optional.Zwangi.A) -> No action taken.
 
Files Detected: 23
C:\Users\jarec_000\Downloads\FPP_Setup (1).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\jarec_000\Downloads\FPP_Setup (2).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\jarec_000\Downloads\FPP_Setup (3).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\jarec_000\Downloads\FPP_Setup (4).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\jarec_000\Downloads\FPP_Setup (5).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\jarec_000\Downloads\FPP_Setup (6).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\jarec_000\Downloads\vioplayer2_d6415923.exe (PUP.Optional.InstallIQ) -> No action taken.
c:\users\jarec_000\appdata\roaming\mozilla\firefox\profiles\qooqlle.xml (Redir.Qooqlle) -> No action taken.
c:\users\jarec_000\appdata\roaming\mozilla\firefox\profiles\main\mt_32.dll (Trojan.Agent) -> No action taken.
c:\users\jarec_000\appdata\roaming\mozilla\firefox\profiles\main\winload.dll (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.xpi (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\BonanzaDeals\icon.ico (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\background.js (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\manifest.json (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon128.png (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon16.png (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\jarec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon48.png (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\chrome.manifest (PUP.Optional.Zwangi.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\install.rdf (PUP.Optional.Zwangi.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\chrome\basicserve.jar (PUP.Optional.Zwangi.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults\preferences\prefs.js (PUP.Optional.Zwangi.A) -> No action taken.
 
(end)

 

 

 

 

 

 

 

 

 

 

I ran the software Hijackthis

and this is the info it gave me if it means anything to you.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:07:07 AM, on 11/12/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
 
FIREFOX: 24.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TuneUp Utilities 2013\OneClickStarter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jarec_000\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={D940356E-D58B-4238-B808-D25AC5CC1390}&mid=773b8f3c809847d39dd7b9dd654480b3-ec7422bb870309d0cb189e96bf03ec47512f8ba5〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-05 07:14:09&v=17.0.1.12&pid=safeguard&sg=0&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: privitize Helper Object - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll
O2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\jarec_000\AppData\Local\DownloadTerms\temp.dat
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [btTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
O4 - HKLM\..\Run: [bATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
O4 - HKLM\..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13826 bytes
 
It's almost impossible for me to use my computer. I'd be forever gratefull for a subject matter expert to lend me a hand.
 
 
Thanks
 
Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 8.1 x64

Ran by jarec_000 on Tue 11/12/2013 at  8:05:24.49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1756616650-231391826-1458956430-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90DB667F-75D9-4D32-8A79-F8BA648D4D88}

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\privitize.privitizehlpr

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\privitize.privitizehlpr.1

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\privitizevpninstalldates

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1756616650-231391826-1458956430-1001\Software\sweetim

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\webcakeupdater

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\supreme savings

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\supreme savings

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\babylon

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122992262}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166996662}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220122992262}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660166996662}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166996662}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660166996662}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6644344C-598B-4843-AFBC-E54A45A8D648}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2D522817-1209-4DBC-886C-75249ECA3BBB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\apn"

Failed to delete: [Folder] "C:\ProgramData\babylon"

Failed to delete: [Folder] "C:\ProgramData\basicserve"

Successfully deleted: [Folder] "C:\Users\jarec_000\AppData\Roaming\industriya"

Successfully deleted: [Folder] "C:\Users\jarec_000\AppData\Roaming\optimizer pro"

Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\downloadterms"

Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\supreme savings"

Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\local\updater19962"

Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\locallow\delta"

Successfully deleted: [Folder] "C:\Users\jarec_000\appdata\locallow\industriya"

Failed to delete: [Folder] "C:\Program Files (x86)\basicserve"

Failed to delete: [Folder] "C:\Program Files (x86)\free youtube downloader"

Failed to delete: [Folder] "C:\Program Files (x86)\industriya"

Failed to delete: [Folder] "C:\Program Files (x86)\movdap"

Failed to delete: [Folder] "C:\Program Files (x86)\supreme savings"

Failed to delete: [Folder] "C:\Program Files (x86)\tepfel"

Failed to delete: [Folder] "C:\Program Files (x86)\whilokii"

Successfully deleted: [Folder] "C:\Users\jarec_000\AppData\Roaming\microsoft\windows\start menu\programs\bonanzadeals"

Failed to delete: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"

 

 

 

~~~ Chrome

 

Failed to delete: [Folder] C:\Users\jarec_000\appdata\local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 11/12/2013 at  8:12:07.84

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 gotta restart for the other text.

Link to post
Share on other sites

OK, skip all that

Boot normally and run the following:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

FRST

 

(AMD) C:\WINDOWS\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\Tor\tor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\OneClickStarter.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-07] (Hewlett-Packard)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKLM-x32\...\Run: [btTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364544 2012-09-03] (IVT Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [bATINDICATORHL] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
IMEO\hpconnectedremotemgmtui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Heroes & Generals live) - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Extension: (American) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0
CHR Extension: (Google Docs) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (IE Tab) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.11.9.1_0
CHR Extension: (Google Wallet) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] ()
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1602560 2012-09-03] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-09-03] (IVT Corporation)
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-25] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130514.001\IDSvia64.sys [513184 2013-04-12] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-09-29] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\ENG64.SYS [126192 2013-04-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\EX64.SYS [2087664 2013-04-13] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695904 2012-09-05] (Ralink Technology, Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56672 2013-08-22] (Microsoft Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
U3 kglyikoc; \??\C:\Users\JAREC_~1\AppData\Local\Temp\kglyikoc.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe
2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe
2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST
2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload
2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt
2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload
2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe
2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe
2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-12 08:04 - 2013-11-12 08:11 - 00000000 ____D C:\AdwCleaner
2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe
2013-11-12 06:00 - 2013-11-12 07:07 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log
2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe
2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)
2013-11-04 18:13 - 2013-10-18 23:38 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-04 18:13 - 2013-10-18 22:52 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-11-04 18:13 - 2013-10-18 22:33 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-04 18:13 - 2013-10-18 21:59 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-04 18:13 - 2013-10-18 21:42 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-11-04 18:13 - 2013-10-18 21:19 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-04 18:13 - 2013-10-18 20:42 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-04 18:13 - 2013-10-18 20:27 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme
2013-11-02 14:31 - 2013-09-03 14:31 - 00000032 ____R C:\ProgramData\hash.dat
2013-10-29 02:14 - 2013-10-23 05:01 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-29 02:14 - 2013-10-23 02:59 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large
2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large
2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log
2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD
2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI
2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD
2013-10-19 11:12 - 2013-10-19 11:15 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-19 11:01 - 2013-10-19 11:11 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2013-10-19 10:36 - 2013-11-12 08:41 - 00000000 __RDO C:\Users\jarec_000\SkyDrive
2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-10-19 10:31 - 2013-11-12 05:07 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4}
2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini
2013-10-19 05:36 - 2013-10-19 23:00 - 00000000 ___DC C:\WINDOWS\Panther
2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub
2013-10-19 05:30 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-10-19 05:30 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 05:30 - 2013-08-02 22:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-10-19 05:30 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-10-19 05:30 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 05:30 - 2013-08-02 22:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-10-19 03:03 - 2013-11-12 08:36 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-10-19 02:43 - 2013-11-03 11:18 - 00000000 ____D C:\Users\jarec_000
2013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagerr.xml
2013-10-19 02:43 - 2013-10-19 02:44 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2013-10-19 02:40 - 2013-10-19 02:44 - 00012096 _____ C:\WINDOWS\iis.log
2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD
2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2013-10-19 01:56 - 2013-10-19 03:02 - 00006514 _____ C:\WINDOWS\comsetup.log
2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream
2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk
2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention
2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler
2013-10-13 19:02 - 2013-10-13 19:05 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE
 
==================== One Month Modified Files and Folders =======
 
2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe
2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe
2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST
2013-11-12 08:46 - 2013-09-29 22:04 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-12 08:45 - 2013-03-15 18:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1756616650-231391826-1458956430-1001
2013-11-12 08:43 - 2012-09-10 16:54 - 00000787 _____ C:\WINDOWS\SysWOW64\bscs.ini
2013-11-12 08:41 - 2013-10-19 10:36 - 00000000 __RDO C:\Users\jarec_000\SkyDrive
2013-11-12 08:41 - 2013-04-09 14:03 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 08:40 - 2013-06-06 23:42 - 00000410 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2013-11-12 08:40 - 2013-03-15 18:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-12 08:40 - 2012-11-23 18:13 - 00004524 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2013-11-12 08:39 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-12 08:39 - 2012-11-23 18:13 - 00000088 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2013-11-12 08:36 - 2013-10-19 03:03 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-12 08:28 - 2013-04-09 14:03 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 08:27 - 2013-04-14 21:41 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2013-11-12 08:26 - 2013-04-14 21:41 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload
2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt
2013-11-12 08:11 - 2013-11-12 08:04 - 00000000 ____D C:\AdwCleaner
2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload
2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe
2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe
2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe
2013-11-12 08:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-11-12 07:50 - 2013-04-18 18:57 - 01887744 ___SH C:\Users\jarec_000\Downloads\Thumbs.db
2013-11-12 07:37 - 2013-03-15 20:04 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\TS3Client
2013-11-12 07:27 - 2013-09-09 17:54 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2013-11-12 07:27 - 2013-09-09 17:54 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-11-12 07:26 - 2013-10-05 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 07:26 - 2013-09-29 21:55 - 00085628 _____ C:\WINDOWS\PFRO.log
2013-11-12 07:25 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-11-12 07:10 - 2013-04-18 23:34 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Mozilla
2013-11-12 07:09 - 2013-08-19 00:00 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-12 07:07 - 2013-11-12 06:00 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log
2013-11-12 07:01 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\Documents\Battleground Europe
2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe
2013-11-12 05:07 - 2013-10-19 10:31 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4}
2013-11-12 02:52 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-11-12 02:50 - 2013-07-22 14:20 - 00000378 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjarec_000.job
2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2013-11-11 21:48 - 2013-10-04 00:38 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-11 21:09 - 2013-08-31 01:51 - 00000000 ____D C:\ProgramData\MFAData
2013-11-11 15:57 - 2013-07-22 14:20 - 00003200 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjarec_000
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)
2013-11-07 02:29 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-11-05 07:14 - 2013-09-09 17:54 - 00003742 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme
2013-11-03 11:18 - 2013-10-19 02:43 - 00000000 ____D C:\Users\jarec_000
2013-11-02 03:55 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Local\ArmA 2 OA
2013-10-31 15:18 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-10-29 03:37 - 2013-08-22 08:46 - 00300761 _____ C:\WINDOWS\setupact.log
2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large
2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large
2013-10-25 00:42 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Local\TeamSpeak 3 Client
2013-10-23 22:43 - 2013-06-25 21:22 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Arma 3
2013-10-23 05:01 - 2013-10-29 02:14 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-23 02:59 - 2013-10-29 02:14 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-10-21 00:59 - 2013-03-15 18:41 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Packages
2013-10-19 23:00 - 2013-10-19 05:36 - 00000000 ___DC C:\WINDOWS\Panther
2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log
2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD
2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI
2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD
2013-10-19 11:15 - 2013-10-19 11:12 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-19 11:15 - 2012-11-23 17:41 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-10-19 11:13 - 2013-05-02 01:00 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-19 11:12 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\restore
2013-10-19 11:11 - 2013-10-19 11:01 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini
2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-19 10:31 - 2012-11-23 18:09 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2013-10-19 05:35 - 2013-08-22 09:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Camera
2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub
2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2013-10-19 03:05 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagerr.xml
2013-10-19 03:02 - 2013-10-19 01:56 - 00006514 _____ C:\WINDOWS\comsetup.log
2013-10-19 03:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Registration
2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RSD C:\WINDOWS\Media
2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-19 02:52 - 2012-11-23 17:33 - 00000000 ____D C:\ProgramData\SoundResearch
2013-10-19 02:51 - 2013-08-22 08:44 - 00380104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-19 02:50 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2013-10-19 02:50 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-10-19 02:50 - 2013-08-17 22:19 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2013-10-19 02:50 - 2013-06-23 23:06 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-10-19 02:50 - 2013-04-24 22:03 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)
2013-10-19 02:50 - 2013-04-24 15:15 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
2013-10-19 02:50 - 2013-04-15 22:55 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
2013-10-19 02:50 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-10-19 02:50 - 2012-11-23 18:07 - 00000000 ____D C:\WINDOWS\en
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\system32\WCN
2013-10-19 02:47 - 2013-08-22 09:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log
2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\spool
2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\IME
2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-10-19 02:47 - 2012-07-25 23:37 - 00000000 ____D C:\Users\Default.migrated
2013-10-19 02:46 - 2013-08-22 09:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Help
2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-19 02:46 - 2012-08-01 20:05 - 00000000 ____D C:\ProgramData\PRICache
2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-10-19 02:44 - 2013-10-19 02:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-19 02:44 - 2013-10-19 02:40 - 00012096 _____ C:\WINDOWS\iis.log
2013-10-19 02:44 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA
2013-10-19 02:44 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-10-19 02:44 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2013-10-19 02:44 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cornered Rat Software
2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2013-10-19 02:40 - 2012-08-01 20:05 - 00000000 __SHD C:\Recovery
2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD
2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2013-10-19 02:38 - 2013-08-22 08:46 - 00000084 _____ C:\WINDOWS\setuperr.log
2013-10-19 02:37 - 2013-08-22 07:36 - 00000000 __RHD C:\Users\Default
2013-10-19 02:21 - 2013-03-15 18:40 - 01446543 _____ C:\WINDOWS\WindowsUpdate (1).log
2013-10-19 01:34 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream
2013-10-18 23:38 - 2013-11-04 18:13 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-10-18 22:52 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-10-18 22:33 - 2013-11-04 18:13 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-10-18 21:59 - 2013-11-04 18:13 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-10-18 21:42 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-10-18 21:19 - 2013-11-04 18:13 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-10-18 20:42 - 2013-11-04 18:13 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-10-18 20:27 - 2013-11-04 18:13 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk
2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention
2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler
2013-10-14 17:15 - 2013-09-11 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-14 17:13 - 2013-03-17 01:12 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-13 19:05 - 2013-10-13 19:02 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.s(AMD) C:\WINDOWS\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\Tor\tor.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\OneClickStarter.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-07] (Hewlett-Packard)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKLM-x32\...\Run: [btTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364544 2012-09-03] (IVT Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [bATINDICATORHL] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
IMEO\hpconnectedremotemgmtui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {2D522817-1209-4DBC-886C-75249ECA3BBB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Heroes & Generals live) - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Extension: (American) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0
CHR Extension: (Google Docs) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (IE Tab) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.11.9.1_0
CHR Extension: (Google Wallet) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\JAREC_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] ()
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1602560 2012-09-03] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-09-03] (IVT Corporation)
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-25] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-14] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130514.001\IDSvia64.sys [513184 2013-04-12] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-09-29] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\ENG64.SYS [126192 2013-04-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130514.017\EX64.SYS [2087664 2013-04-13] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695904 2012-09-05] (Ralink Technology, Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56672 2013-08-22] (Microsoft Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
U3 kglyikoc; \??\C:\Users\JAREC_~1\AppData\Local\Temp\kglyikoc.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe
2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe
2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST
2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload
2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt
2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload
2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe
2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe
2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-12 08:04 - 2013-11-12 08:11 - 00000000 ____D C:\AdwCleaner
2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe
2013-11-12 06:00 - 2013-11-12 07:07 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log
2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe
2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)
2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)
2013-11-04 18:13 - 2013-10-18 23:38 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-04 18:13 - 2013-10-18 22:52 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-11-04 18:13 - 2013-10-18 22:33 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-04 18:13 - 2013-10-18 21:59 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-04 18:13 - 2013-10-18 21:42 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-11-04 18:13 - 2013-10-18 21:19 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-04 18:13 - 2013-10-18 20:42 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-04 18:13 - 2013-10-18 20:27 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme
2013-11-02 14:31 - 2013-09-03 14:31 - 00000032 ____R C:\ProgramData\hash.dat
2013-10-29 02:14 - 2013-10-23 05:01 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-29 02:14 - 2013-10-23 02:59 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large
2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large
2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log
2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD
2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI
2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD
2013-10-19 11:12 - 2013-10-19 11:15 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-19 11:01 - 2013-10-19 11:11 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2013-10-19 10:36 - 2013-11-12 08:41 - 00000000 __RDO C:\Users\jarec_000\SkyDrive
2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-10-19 10:31 - 2013-11-12 05:07 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4}
Link to post
Share on other sites

for the second software. It says " the process cannot access the file because it is being used by another process"

 

I read where you said after the first scan only, the first scan was completed yet it was open. maybe this caused the problem

 

 

 

second part

 

2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini

2013-10-19 05:36 - 2013-10-19 23:00 - 00000000 ___DC C:\WINDOWS\Panther

2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff

2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe

2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe

2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub

2013-10-19 05:30 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2013-10-19 05:30 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-19 05:30 - 2013-08-02 22:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2013-10-19 05:30 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2013-10-19 05:30 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-19 05:30 - 2013-08-02 22:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2013-10-19 03:03 - 2013-11-12 08:36 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log

2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2013-10-19 02:43 - 2013-11-03 11:18 - 00000000 ____D C:\Users\jarec_000

2013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagwrn.xml

2013-10-19 02:43 - 2013-10-19 03:02 - 00022863 _____ C:\WINDOWS\diagerr.xml

2013-10-19 02:43 - 2013-10-19 02:44 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-10-19 02:43 - 2013-08-22 09:36 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2013-10-19 02:40 - 2013-10-19 02:44 - 00012096 _____ C:\WINDOWS\iis.log

2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD

2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin

2013-10-19 01:56 - 2013-10-19 03:02 - 00006514 _____ C:\WINDOWS\comsetup.log

2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream

2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk

2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention

2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler

2013-10-13 19:02 - 2013-10-13 19:05 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE

 

==================== One Month Modified Files and Folders =======

 

2013-11-12 08:47 - 2013-11-12 08:47 - 01957590 _____ (Farbar) C:\Users\jarec_000\Downloads\FRST64.exe

2013-11-12 08:47 - 2013-11-12 08:47 - 00377856 _____ C:\Users\jarec_000\Downloads\zclvfw2c.exe

2013-11-12 08:47 - 2013-11-12 08:47 - 00000000 ____D C:\FRST

2013-11-12 08:46 - 2013-09-29 22:04 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-11-12 08:45 - 2013-03-15 18:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1756616650-231391826-1458956430-1001

2013-11-12 08:43 - 2012-09-10 16:54 - 00000787 _____ C:\WINDOWS\SysWOW64\bscs.ini

2013-11-12 08:41 - 2013-10-19 10:36 - 00000000 __RDO C:\Users\jarec_000\SkyDrive

2013-11-12 08:41 - 2013-04-09 14:03 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-12 08:40 - 2013-06-06 23:42 - 00000410 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job

2013-11-12 08:40 - 2013-03-15 18:51 - 00000000 ____D C:\Program Files (x86)\Steam

2013-11-12 08:40 - 2012-11-23 18:13 - 00004524 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI

2013-11-12 08:39 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-11-12 08:39 - 2012-11-23 18:13 - 00000088 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI

2013-11-12 08:36 - 2013-10-19 03:03 - 01534402 _____ C:\WINDOWS\WindowsUpdate.log

2013-11-12 08:28 - 2013-04-09 14:03 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-12 08:27 - 2013-04-14 21:41 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log

2013-11-12 08:26 - 2013-04-14 21:41 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-11-12 08:12 - 2013-11-12 08:12 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 893312.crdownload

2013-11-12 08:12 - 2013-11-12 08:12 - 00019224 _____ C:\Users\jarec_000\Desktop\JRT.txt

2013-11-12 08:11 - 2013-11-12 08:04 - 00000000 ____D C:\AdwCleaner

2013-11-12 08:08 - 2013-11-12 08:08 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\Unconfirmed 264687.crdownload

2013-11-12 08:06 - 2013-11-12 08:06 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT (1).exe

2013-11-12 08:05 - 2013-11-12 08:05 - 01034531 _____ (Thisisu) C:\Users\jarec_000\Downloads\JRT.exe

2013-11-12 08:05 - 2013-11-12 08:05 - 00000000 ____D C:\WINDOWS\ERUNT

2013-11-12 08:04 - 2013-11-12 08:04 - 01085542 _____ C:\Users\jarec_000\Downloads\adwcleaner.exe

2013-11-12 08:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru

2013-11-12 07:50 - 2013-04-18 18:57 - 01887744 ___SH C:\Users\jarec_000\Downloads\Thumbs.db

2013-11-12 07:37 - 2013-03-15 20:04 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\TS3Client

2013-11-12 07:27 - 2013-09-09 17:54 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys

2013-11-12 07:27 - 2013-09-09 17:54 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar

2013-11-12 07:26 - 2013-10-05 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-12 07:26 - 2013-09-29 21:55 - 00085628 _____ C:\WINDOWS\PFRO.log

2013-11-12 07:25 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2013-11-12 07:10 - 2013-04-18 23:34 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Mozilla

2013-11-12 07:09 - 2013-08-19 00:00 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-11-12 07:07 - 2013-11-12 06:00 - 00013828 _____ C:\Users\jarec_000\Downloads\hijackthis.log

2013-11-12 07:01 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\Documents\Battleground Europe

2013-11-12 05:59 - 2013-11-12 05:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\jarec_000\Downloads\HijackThis.exe

2013-11-12 05:07 - 2013-10-19 10:31 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5248D2C-27DE-43F3-A317-C017FB1FF0B4}

2013-11-12 02:52 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2013-11-12 02:50 - 2013-07-22 14:20 - 00000378 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjarec_000.job

2013-11-12 00:30 - 2013-11-12 00:30 - 00001127 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk

2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin

2013-11-12 00:30 - 2013-11-12 00:30 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs

2013-11-11 21:48 - 2013-10-04 00:38 - 00000000 ____D C:\Program Files (x86)\Origin

2013-11-11 21:09 - 2013-08-31 01:51 - 00000000 ____D C:\ProgramData\MFAData

2013-11-11 15:57 - 2013-07-22 14:20 - 00003200 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjarec_000

2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (4)

2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (3)

2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (2)

2013-11-10 13:46 - 2013-11-10 13:46 - 00267742 _____ C:\Users\jarec_000\Downloads\history (1)

2013-11-07 02:29 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2013-11-05 07:14 - 2013-09-09 17:54 - 00003742 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

2013-11-03 21:47 - 2013-11-03 21:47 - 00046581 _____ C:\Users\jarec_000\Downloads\black-friday-shopper-logic-meme

2013-11-03 11:18 - 2013-10-19 02:43 - 00000000 ____D C:\Users\jarec_000

2013-11-02 03:55 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Local\ArmA 2 OA

2013-10-31 15:18 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2013-10-29 03:37 - 2013-08-22 08:46 - 00300761 _____ C:\WINDOWS\setupact.log

2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI.jpg-large

2013-10-26 03:53 - 2013-10-26 03:53 - 00026427 _____ C:\Users\jarec_000\Downloads\BPJ_s_ECQAAbVtI (1).jpg-large

2013-10-25 00:42 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Local\TeamSpeak 3 Client

2013-10-23 22:43 - 2013-06-25 21:22 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Arma 3

2013-10-23 05:01 - 2013-10-29 02:14 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2013-10-23 02:59 - 2013-10-29 02:14 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2013-10-21 00:59 - 2013-03-15 18:41 - 00000000 ____D C:\Users\jarec_000\AppData\Local\Packages

2013-10-19 23:00 - 2013-10-19 05:36 - 00000000 ___DC C:\WINDOWS\Panther

2013-10-19 11:16 - 2013-10-19 11:16 - 00060777 _____ C:\WINDOWS\SysWOW64\CCCInstall_201310191216139481.log

2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\Users\jarec_000\AppData\Local\AMD

2013-10-19 11:16 - 2013-10-19 11:16 - 00000000 ____D C:\ProgramData\ATI

2013-10-19 11:15 - 2013-10-19 11:15 - 00000000 ____D C:\ProgramData\AMD

2013-10-19 11:15 - 2013-10-19 11:12 - 00000000 ____D C:\Program Files\ATI Technologies

2013-10-19 11:15 - 2012-11-23 17:41 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2013-10-19 11:13 - 2013-05-02 01:00 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-19 11:12 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\restore

2013-10-19 11:11 - 2013-10-19 11:01 - 207485688 _____ (Advanced Micro Devices, Inc.) C:\Users\jarec_000\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe

2013-10-19 10:54 - 2013-10-19 10:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

2013-10-19 10:39 - 2013-10-19 10:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security

2013-10-19 10:32 - 2013-10-19 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD

2013-10-19 10:31 - 2013-10-19 10:31 - 00001444 _____ C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-19 10:31 - 2013-10-19 10:31 - 00000020 ___SH C:\Users\jarec_000\ntuser.ini

2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-19 10:31 - 2013-03-15 18:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-10-19 10:31 - 2012-11-23 18:09 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration

2013-10-19 05:35 - 2013-08-22 09:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template

2013-10-19 05:34 - 2013-10-19 05:34 - 02144768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01537880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2013-10-19 05:34 - 2013-10-19 05:34 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00698880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2013-10-19 05:34 - 2013-10-19 05:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll

2013-10-19 05:34 - 2013-10-19 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\WinStore

2013-10-19 05:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Camera

2013-10-19 05:33 - 2013-10-19 05:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff

2013-10-19 05:31 - 2013-10-19 05:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe

2013-10-19 05:31 - 2013-10-19 05:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe

2013-10-19 05:31 - 2013-10-19 05:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\Reference Assemblies

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files\MSBuild

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\Program Files (x86)\MSBuild

2013-10-19 05:31 - 2013-10-19 05:31 - 00000000 ____D C:\inetpub

2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv

2013-10-19 05:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv

2013-10-19 03:05 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache

2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagwrn.xml

2013-10-19 03:02 - 2013-10-19 02:43 - 00022863 _____ C:\WINDOWS\diagerr.xml

2013-10-19 03:02 - 2013-10-19 01:56 - 00006514 _____ C:\WINDOWS\comsetup.log

2013-10-19 03:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Registration

2013-10-19 03:01 - 2013-10-19 03:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat

2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RSD C:\WINDOWS\Media

2013-10-19 02:56 - 2013-08-22 09:36 - 00000000 __RHD C:\Users\Public\Libraries

2013-10-19 02:52 - 2012-11-23 17:33 - 00000000 ____D C:\ProgramData\SoundResearch

2013-10-19 02:51 - 2013-08-22 08:44 - 00380104 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-10-19 02:50 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud

2013-10-19 02:50 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2013-10-19 02:50 - 2013-08-17 22:19 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT

2013-10-19 02:50 - 2013-06-23 23:06 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-10-19 02:50 - 2013-04-24 22:03 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)

2013-10-19 02:50 - 2013-04-24 15:15 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)

2013-10-19 02:50 - 2013-04-15 22:55 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder

2013-10-19 02:50 - 2013-03-15 18:59 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2013-10-19 02:50 - 2012-11-23 18:07 - 00000000 ____D C:\WINDOWS\en

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata

2013-10-19 02:47 - 2013-10-19 02:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN

2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep

2013-10-19 02:47 - 2013-09-29 21:48 - 00000000 ____D C:\WINDOWS\system32\WCN

2013-10-19 02:47 - 2013-08-22 09:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log

2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI

2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz

2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME

2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\spool

2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\MUI

2013-10-19 02:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\IME

2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI

2013-10-19 02:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\oobe

2013-10-19 02:47 - 2012-07-25 23:37 - 00000000 ____D C:\Users\Default.migrated

2013-10-19 02:46 - 2013-08-22 09:43 - 00000000 ____D C:\WINDOWS\DigitalLocker

2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files\Windows Sidebar

2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar

2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Help

2013-10-19 02:46 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-10-19 02:46 - 2012-08-01 20:05 - 00000000 ____D C:\ProgramData\PRICache

2013-10-19 02:44 - 2013-10-19 02:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2013-10-19 02:44 - 2013-10-19 02:43 - 00000000 ___RD C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-10-19 02:44 - 2013-10-19 02:40 - 00012096 _____ C:\WINDOWS\iis.log

2013-10-19 02:44 - 2013-09-27 17:51 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA

2013-10-19 02:44 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Recovery

2013-10-19 02:44 - 2013-03-17 15:42 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

2013-10-19 02:44 - 2013-03-15 20:13 - 00000000 ____D C:\Users\jarec_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cornered Rat Software

2013-10-19 02:41 - 2013-10-19 02:41 - 00930400 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2013-10-19 02:40 - 2012-08-01 20:05 - 00000000 __SHD C:\Recovery

2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 ____D C:\Program Files\AMD

2013-10-19 02:38 - 2013-10-19 02:38 - 00000000 _____ C:\WINDOWS\ativpsrm.bin

2013-10-19 02:38 - 2013-08-22 08:46 - 00000084 _____ C:\WINDOWS\setuperr.log

2013-10-19 02:37 - 2013-08-22 07:36 - 00000000 __RHD C:\Users\Default

2013-10-19 02:21 - 2013-03-15 18:40 - 01446543 _____ C:\WINDOWS\WindowsUpdate (1).log

2013-10-19 01:34 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent

2013-10-19 00:41 - 2013-10-19 00:41 - 00072431 _____ C:\Users\jarec_000\Downloads\having-the-perfect-dream

2013-10-18 23:38 - 2013-11-04 18:13 - 23213056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2013-10-18 22:52 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2013-10-18 22:33 - 2013-11-04 18:13 - 02763776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2013-10-18 21:59 - 2013-11-04 18:13 - 17143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2013-10-18 21:42 - 2013-11-04 18:13 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2013-10-18 21:19 - 2013-11-04 18:13 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2013-10-18 20:42 - 2013-11-04 18:13 - 12995072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2013-10-18 20:27 - 2013-11-04 18:13 - 11222016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2013-10-18 11:26 - 2013-10-18 11:26 - 00001106 _____ C:\Users\jarec_000\Downloads\Pictures - Shortcut.lnk

2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-17 17:35 - 2013-07-12 14:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-16 16:00 - 2013-10-16 16:00 - 00000000 ____D C:\Users\jarec_000\Documents\TacticalIntervention

2013-10-14 20:34 - 2013-10-14 20:34 - 00003704 _____ C:\WINDOWS\System32\Tasks\Java Update Scheduler

2013-10-14 17:15 - 2013-09-11 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-10-14 17:13 - 2013-03-17 01:12 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-10-13 19:05 - 2013-10-13 19:02 - 318107720 _____ C:\Users\jarec_000\Downloads\AH2313.EXE

 

Files to move or delete:

====================

C:\ProgramData\hash.dat

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-11-12 04:50

 

==================== End Of Log ============================ys => MD5 is legit

 

 

LastRegBack: 2013-11-12 04:50

 

==================== End Of Log ============================

Link to post
Share on other sites


GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-12 08:56:24

Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000028 Seagate rev.HP16____ 1862.65GB

Running: zclvfw2c.exe; Driver: C:\Users\JAREC_~1\AppData\Local\Temp\kglyikoc.sys

 

 

---- Devices - GMER 2.1 ----

 

Device  \Driver\WudfPf \Device\WUDFLpcDevice                                     fffff800051d7c90

Device  \Driver\WudfPf \Device\HostProcess-1e775ebb-a9ce-40f4-b9b1-8d059d9417f7  fffff800051d7c90

Device  \Driver\NDProxy \Device\NDProxy                                          fffff80005163f90

Device  \Driver\WudfPf \Device\HostProcess-20cfd66d-b2cb-42bf-bb30-fd3b62fba80d  fffff800051d7c90

Device  \Driver\WudfPf \Device\HostProcess-69c60a63-acba-40ee-a608-03804b4085f8  fffff800051d7c90

Device  \Driver\WudfRd \Device\UMDFCtrlDev-336ad6da-4ba8-11e3-beae-689423a06940  fffff800051a0750

Device  \Driver\WudfPf \Device\ProcessManagement                                 fffff800051d7c90

Device  \Driver\NdisTapi \Device\NdisTapi                                        fffff800055ec290

 

---- Threads - GMER 2.1 ----

 

Thread  C:\WINDOWS\system32\csrss.exe [968:992]                                  fffff960009554d0

 

---- Disk sectors - GMER 2.1 ----

 

Disk    \Device\Harddisk0\DR0                                                    unknown MBR code

 

---- EOF - GMER 2.1 ----

 


 

Disk    \Device\Harddisk0\DR0                    unknown MBR code

 

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.