Jump to content

random popups/video ads/highlighted links


Nismo92

Recommended Posts

the last two days i'm being bombarded with random ads.  and getting a box popping up telling me windows has been infected and to call a number.  when i tried to call it said thank you for calling microsoft, please enter your credit card number,  at which point i hung up and searched google and ended up here..

 

read the topic and ran dds.    dds.txt below.   attach.txt attached.     please help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.51.2
Run by Justin at 11:34:26 on 2014-02-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2814.866 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WinUpd8] c:\program files\windows\SLsvc.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [init] c:\program files\windows\SLsvc.exe
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [shadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [sBRegRebootCleaner] "c:\program files\ad-aware antivirus\SBRC.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
uExplorerRun: [WinInitLZ] c:\program files\windows\SLsvc.exe
mExplorerRun: [WinInitLZ] c:\program files\windows\SLsvc.exe
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\driver parallel lines\register\RegistrationReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{DEC9E41B-F26D-4781-97A0-FE223B874FBB} : DHCPNameServer = 192.168.2.1
AppInit_DLLs= tA
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {S760R051-A4CL-05A2-43JY-07F38AY1FOTI} - c:\program files\windows\SLsvc.exe Restart
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-12 13560]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-10-3 19056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-3 242240]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-2-2 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-2-2 701512]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-2-8 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2014-2-8 14658848]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-10-3 88176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-2 22856]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-2-8 34080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-6-12 43368]
S3 lredbooo;lredbooo;c:\users\justin\appdata\local\temp\lredbooo.sys [2012-7-16 15872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2007-5-1 132232]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
.
=============== Created Last 30 ================
.
2014-02-28 14:46:18 54016 ----a-w- c:\windows\system32\drivers\suasj.sys
2014-02-28 02:00:18 -------- d-----w- c:\programdata\Oracle
2014-02-28 01:59:54 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-26 03:36:12 -------- dc----w- c:\program files\webbSave
2014-02-26 03:36:12 -------- d-----w- c:\programdata\webbSave
2014-02-26 03:35:27 -------- d-----w- c:\users\justin\appdata\local\Torch
2014-02-26 03:35:27 -------- d-----w- c:\programdata\aa63562fa540ccf6
2014-02-26 03:35:26 -------- d-----w- c:\users\justin\appdata\local\Comodo
2014-02-26 03:34:27 -------- d-----w- c:\programdata\InstallMate
2014-02-26 03:33:40 40960 ----a-r- c:\users\justin\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2014-02-26 03:33:40 40960 ----a-r- c:\users\justin\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2014-02-26 03:33:40 -------- dc----w- c:\program files\Project64 1.6
2014-02-26 03:33:21 2080797 ----a-w- c:\users\justin\Project64_1.6.exe
2014-02-26 03:23:45 -------- dc----w- c:\program files\HeadGames
2014-02-22 05:45:30 -------- d-----w- c:\programdata\Steam
2014-02-22 05:35:29 -------- dc----w- c:\program files\NASCAR '14
2014-02-10 21:48:36 1166132 ----a-w- c:\users\justin\AdwCleaner.exe
2014-02-09 02:11:06 -------- d-----w- c:\users\justin\appdata\local\NVIDIA Corporation
2014-02-09 02:09:50 982232 ----a-w- c:\windows\system32\nvspcap.dll
2014-02-09 02:09:12 -------- d-----w- c:\users\justin\appdata\local\NVIDIA
2014-02-09 02:07:04 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-09 02:05:29 -------- dc----w- C:\NVIDIA
2014-02-09 01:40:17 161185016 ----a-w- c:\users\justin\332.21-desktop-win8-win7-winvista-32bit-english-whql.exe
2014-02-03 03:10:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-03 03:10:47 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-03 03:10:24 10285040 ----a-w- c:\users\justin\mbam-setup-1.75.0.1300.exe
2014-02-03 03:07:53 -------- dcsh--r- c:\program files\Windows
2014-02-03 03:07:35 -------- dc----w- c:\program files\Games-Gen
2014-01-29 23:34:27 -------- d-----w- c:\users\justin\appdata\local\EA Games
2014-01-29 23:14:08 -------- dc----w- C:\Games
.
==================== Find3M  ====================
.
2014-02-14 05:13:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-01-22 22:01:53 2687908 ----a-w- c:\users\justin\Saitek_Cyborg_Evo_SD6_32.exe
2014-01-21 19:11:20 24097311 ----a-w- c:\users\justin\vlc-2.1.2-win32.exe
2014-01-05 21:46:50 292184 ----a-w- c:\users\justin\dxwebsetup.exe
2013-12-19 18:37:25 4317984 ----a-w- c:\windows\system32\nvcpl.dll
2013-12-19 18:37:25 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2013-12-19 18:37:23 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2013-12-19 18:37:23 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-12-19 18:37:22 376096 ----a-w- c:\windows\system32\nvmctray.dll
2013-12-19 17:20:22 590112 ----a-w- c:\windows\system32\nvStreaming.exe
2013-12-08 04:03:49 2143832 ----a-w- c:\users\justin\instsf449.exe
2013-12-05 08:42:30 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2013-12-05 08:42:26 32544 ----a-w- c:\windows\system32\nvaudcap32v.dll
.
============= FINISH: 11:35:21.39 ===============
 

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malware bytes Anti-Malware

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.28.08
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Justin :: JUSTIN-PC [administrator]
 
2/28/2014 11:47:01 AM
mbam-log-2014-02-28 (11-47-01).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255194
Time elapsed: 12 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
RogueKiller 32 bit 
 
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Justin [Admin rights]
Mode : Scan -- Date : 02/28/2014 12:03:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP2004C ATA Device +++++
--- User ---
[MBR] 6e372bd8123f35a727c9ba6c3856251f
[bSP] 66ea49a97b20ef3eecde3787a2414395 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 84 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 190680 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02282014_120358.txt >>
 
 
 
 
Link to post
Share on other sites

Make sure you have created that new system restore point I mentioned in my first post to you before continuing.

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next.........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Last.......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

# AdwCleaner v3.020 - Report created 28/02/2014 at 12:33:42

# Updated 27/02/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

# Username : Justin - JUSTIN-PC

# Running from : C:\Users\Justin\Desktop\adwcleaner (3).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\Toolbar Cleaner

Folder Deleted : C:\Users\Justin\AppData\Local\torch

Folder Deleted : C:\Users\Justin\Documents\BitLord

File Deleted : C:\Users\Justin\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage

File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\Software\caphyon

Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar

Key Deleted : HKLM\Software\Toolbar Cleaner

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16448

 

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : icon_url

Deleted : search_url

Deleted : keyword

 

*************************

 

AdwCleaner[R0].txt - [1694 octets] - [02/10/2013 12:24:58]

AdwCleaner[R1].txt - [1754 octets] - [03/10/2013 10:31:59]

AdwCleaner[R2].txt - [2289 octets] - [28/02/2014 12:31:37]

AdwCleaner[s0].txt - [1865 octets] - [03/10/2013 10:32:40]

AdwCleaner[s1].txt - [2258 octets] - [28/02/2014 12:33:42]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2318 octets] ##########

 

 

 

 

JRT.txt

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows 7 Ultimate x86

Ran by Justin on Fri 02/28/2014 at 12:39:58.02

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbregrebootcleaner

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\Justin\appdata\locallow\SkwConfig.bin"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Justin\appdata\local\adawarebp"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/28/2014 at 12:43:12.74

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Justin (administrator) on JUSTIN-PC on 28-02-2014 12:45:09
Running from C:\Users\Justin\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Justin\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [init] - C:\Program Files\Windows\SLsvc.exe
HKLM\...\Run: [NvBackend] - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap.dll [982232 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [WinInitLZ] - C:\Program Files\Windows\SLsvc.exe No File
HKU\S-1-5-21-2796156219-500140081-3362875990-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2796156219-500140081-3362875990-1000\...\Run: [EA Core] - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2796156219-500140081-3362875990-1000\...\Run: [WinUpd8] - C:\Program Files\Windows\SLsvc.exe
HKU\S-1-5-21-2796156219-500140081-3362875990-1000\...\Policies\Explorer\Run: [WinInitLZ] - C:\Program Files\Windows\SLsvc.exe
AppInit_DLLs: tA => tA File Not Found
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK
ShortcutTarget: Registration Driver Parallel Lines.LNK -> C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1831B2002C1CD01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: http://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=042150E549952DE2
CHR DefaultNewTabURL: 
CHR Extension: (websave) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkilpppjfbgpnekhnjpoogehpefiknpp [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\adawaretb\chrome-newtab-search.crx [2013-05-06]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2013-05-06]
 
========================== Services (Whitelisted) =================
 
R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-09] (NVIDIA Corporation)
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 AppleChargerSrv; system32\AppleChargerSrv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-03] (DT Soft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-06-12] (GFI Software)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 lredbooo; C:\Users\Justin\AppData\Local\Temp\lredbooo.sys [15872 2012-07-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [132232 2007-05-01] (Saitek)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 androidusb; System32\Drivers\androidusb.sys [X]
S3 catchme; \??\C:\Users\Justin\AppData\Local\Temp\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-28 12:44 - 2014-02-28 12:45 - 01143808 _____ (Farbar) C:\Users\Justin\Downloads\FRST (1).exe
2014-02-28 12:43 - 2014-02-28 12:43 - 00001413 _____ () C:\Users\Justin\Desktop\JRT.txt
2014-02-28 12:38 - 2014-02-28 12:38 - 01037734 _____ (Thisisu) C:\Users\Justin\Desktop\JRT.exe
2014-02-28 12:31 - 2014-02-28 12:31 - 01244192 _____ () C:\Users\Justin\Desktop\adwcleaner (3).exe
2014-02-28 12:03 - 2014-02-28 12:03 - 00001974 _____ () C:\Users\Justin\Desktop\RKreport[0]_S_02282014_120358.txt
2014-02-28 12:00 - 2014-02-28 12:04 - 00000000 ____D () C:\Users\Justin\Desktop\RK_Quarantine
2014-02-28 12:00 - 2014-02-28 12:00 - 03819008 _____ () C:\Users\Justin\Downloads\RogueKiller.exe
2014-02-28 11:35 - 2014-02-28 11:38 - 00009134 _____ () C:\Users\Justin\Desktop\attach.txt
2014-02-28 11:35 - 2014-02-28 11:35 - 00013360 _____ () C:\Users\Justin\Desktop\dds.txt
2014-02-28 11:34 - 2014-02-28 11:34 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr
2014-02-27 21:00 - 2014-02-27 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-27 21:00 - 2014-02-27 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-27 21:00 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-27 20:59 - 2014-02-27 20:59 - 00006460 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-02-27 20:59 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-27 20:59 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-27 20:59 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-27 20:57 - 2014-02-27 20:57 - 00921000 _____ (Oracle Corporation) C:\Users\Justin\Downloads\chromeinstall-7u51.exe
2014-02-25 22:38 - 2004-03-28 07:54 - 33554432 _____ () C:\Users\Justin\Desktop\Pokemon Stadium (E) (V1.0) [!].z64
2014-02-25 22:37 - 2014-02-25 22:37 - 27778896 _____ () C:\Users\Justin\Downloads\pokemonstadium.zip
2014-02-25 22:36 - 2014-02-28 09:46 - 00000000 ____D () C:\ProgramData\webbSave
2014-02-25 22:36 - 2014-02-25 22:36 - 00000000 ___DC () C:\Program Files\webbSave
2014-02-25 22:35 - 2014-02-25 22:37 - 00000000 ____D () C:\ProgramData\aa63562fa540ccf6
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Justin\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator
2014-02-25 22:34 - 2014-02-25 22:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-25 22:33 - 2014-02-25 22:38 - 00000000 ___DC () C:\Program Files\Project64 1.6
2014-02-25 22:33 - 2014-02-25 22:33 - 02080797 _____ (Project64 ) C:\Users\Justin\Project64_1.6.exe
2014-02-25 22:33 - 2014-02-25 22:33 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2014-02-25 22:24 - 2014-02-25 22:24 - 82588651 _____ () C:\Users\Justin\Downloads\__rzi_0.008
2014-02-25 22:23 - 2014-02-25 22:23 - 00001152 _____ () C:\Users\Public\Desktop\Gearhead Garage.lnk
2014-02-25 22:23 - 2014-02-25 22:23 - 00000000 ___DC () C:\Program Files\HeadGames
2014-02-25 22:15 - 2014-02-25 22:18 - 82600787 ____R () C:\Users\Justin\Downloads\GEARHEAD GARAGE.zip
2014-02-25 22:08 - 2014-02-25 22:08 - 00000022 _____ () C:\Users\Justin\Desktop\track.txt
2014-02-25 22:05 - 2014-02-25 22:05 - 00001459 _____ () C:\Users\Public\Desktop\Back To The Future The Game.lnk
2014-02-24 23:08 - 2014-02-24 23:23 - 00000000 ____D () C:\Users\Justin\Downloads\BTTF pack 1-5
2014-02-23 14:03 - 2014-02-23 14:03 - 03932214 _____ () C:\Users\Justin\Downloads\invoice.bmp
2014-02-22 00:45 - 2014-02-22 00:45 - 00000000 ____D () C:\ProgramData\Steam
2014-02-22 00:44 - 2014-02-22 10:10 - 00000848 _____ () C:\Users\Public\Desktop\NASCAR '14.lnk
2014-02-22 00:35 - 2014-02-22 00:44 - 00000000 ___DC () C:\Program Files\NASCAR '14
2014-02-21 23:31 - 2014-02-22 00:22 - 2750470144 _____ () C:\Users\Justin\Downloads\rld-na'1.iso
2014-02-21 22:02 - 2014-02-21 22:05 - 00000000 ____D () C:\Users\Justin\Downloads\Zombieland (2009)
2014-02-21 21:12 - 2014-02-21 21:13 - 00000000 ____D () C:\Users\Justin\Downloads\American Graffiti 720p BRRip
2014-02-14 21:27 - 2014-02-14 21:33 - 412661390 _____ () C:\Users\Justin\Downloads\Nancy Drew  And The Haunted Carousel.zip
2014-02-14 21:25 - 2014-02-14 21:25 - 00000899 _____ () C:\Users\Public\Desktop\The Haunted Carousel.lnk
2014-02-14 00:16 - 2014-02-14 00:16 - 04768229 _____ () C:\Users\Justin\hlm-gtasa.rar
2014-02-13 23:02 - 2014-02-13 23:23 - 4213047452 _____ () C:\Users\Justin\Downloads\GTA_SA.iso
2014-02-12 20:06 - 2014-02-12 20:06 - 00002762 _____ () C:\Users\Justin\Desktop\used.txt
2014-02-12 13:08 - 2014-02-12 19:42 - 00000000 ____D () C:\Users\Justin\Downloads\Nancy Drew 07 - Ghost Dogs of Moon Lake
2014-02-11 13:57 - 2014-02-11 14:13 - 643422528 _____ () C:\Users\Justin\Downloads\Nancy Drew - Secret of the Scarlet Hand.iso
2014-02-10 21:14 - 2014-02-10 21:25 - 568394789 _____ () C:\Users\Justin\Downloads\Nancy Drew And The Final Scene.zip
2014-02-10 16:48 - 2014-02-10 16:48 - 01166132 _____ () C:\Users\Justin\AdwCleaner.exe
2014-02-08 21:11 - 2014-02-08 21:11 - 00000000 ____D () C:\Users\Justin\AppData\Local\NVIDIA Corporation
2014-02-08 21:09 - 2014-02-08 21:09 - 00000000 ___DC () C:\Program Files\AGEIA Technologies
2014-02-08 21:09 - 2014-02-08 21:09 - 00000000 ____D () C:\Users\Justin\AppData\Local\NVIDIA
2014-02-08 21:09 - 2013-12-09 21:15 - 00982232 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-02-08 21:07 - 2013-12-19 15:26 - 00053024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-08 21:06 - 2014-02-08 21:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-08 21:06 - 2013-12-19 15:26 - 22960416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 15877216 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 15230352 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 10471712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-08 21:06 - 2013-12-19 15:26 - 09700224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 09657464 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 02947872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 02747680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233221.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233221.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 00852768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 00847648 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-02-08 21:06 - 2013-12-19 15:26 - 00018439 _____ () C:\Windows\system32\nvinfo.pb
2014-02-08 21:06 - 2013-12-05 03:42 - 00034080 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-02-08 21:06 - 2013-12-05 03:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2014-02-08 21:05 - 2014-02-08 21:05 - 00000000 ___DC () C:\NVIDIA
2014-02-08 20:40 - 2014-02-08 20:42 - 161185016 _____ (NVIDIA Corporation) C:\Users\Justin\332.21-desktop-win8-win7-winvista-32bit-english-whql.exe
2014-02-08 17:20 - 2014-02-08 17:20 - 00047814 _____ () C:\Users\Justin\nfstrcc_10.zip
2014-02-08 17:20 - 2014-02-08 17:20 - 00047814 _____ () C:\Users\Justin\nfstrcc_10 (1).zip
2014-02-08 16:42 - 2014-02-08 16:43 - 00000000 ____D () C:\Users\Justin\Documents\NFSTR
2014-02-08 00:19 - 2014-02-08 00:19 - 00000000 ____D () C:\Users\Justin\Documents\Criterion Games
2014-02-07 09:33 - 2014-02-07 09:33 - 00000046 _____ () C:\Users\Justin\Documents\tracking.txt
2014-02-02 22:10 - 2014-02-02 22:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Justin\mbam-setup-1.75.0.1300.exe
2014-02-02 22:10 - 2014-02-02 22:10 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-02 22:10 - 2014-02-02 22:10 - 00000000 ___DC () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-02 22:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-02 22:09 - 2014-02-02 22:09 - 00001802 _____ () C:\Users\Public\Desktop\Uninstall Car Mechanic Simulator 2014.lnk
2014-02-02 22:09 - 2014-02-02 22:09 - 00000980 _____ () C:\Users\Public\Desktop\Car Mechanic Simulator 2014.lnk
2014-02-02 22:07 - 2014-02-02 22:09 - 00000000 RSHDC () C:\Program Files\Windows
2014-02-02 22:07 - 2014-02-02 22:07 - 00000838 _____ () C:\Users\Public\ikrafrwhgi.bat
2014-02-02 22:07 - 2014-02-02 22:07 - 00000087 _____ () C:\Users\Public\iafhnnfcoiweu.bat
2014-02-02 22:02 - 2014-02-02 22:06 - 00000000 ____D () C:\Users\Justin\Downloads\cms2014
2014-02-02 21:53 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Justin\Downloads\CarMechanic
2014-01-30 21:27 - 2014-01-30 21:27 - 00000000 ____D () C:\Users\Justin\Documents\NFS Most Wanted
2014-01-30 20:55 - 2014-01-30 21:10 - 2000878744 _____ (Electronic Arts) C:\Users\Justin\Downloads\NFSMostWanted2005_1.3_setup.exe
2014-01-29 18:34 - 2014-01-29 18:34 - 00000000 ____D () C:\Users\Justin\AppData\Local\EA Games
2014-01-29 18:14 - 2014-02-08 20:23 - 00000000 ___DC () C:\Games
2014-01-29 16:57 - 2014-01-29 17:11 - 179039558 _____ () C:\Users\Justin\l4d1_one4nine_211110_6687.zip
2014-01-29 16:55 - 2014-01-29 17:07 - 148389271 _____ () C:\Users\Justin\nightterror_161009_1693.zip
 
==================== One Month Modified Files and Folders =======
 
2014-02-28 12:45 - 2014-02-28 12:44 - 01143808 _____ (Farbar) C:\Users\Justin\Downloads\FRST (1).exe
2014-02-28 12:45 - 2013-10-06 11:47 - 00010081 _____ () C:\Users\Justin\Downloads\FRST.txt
2014-02-28 12:45 - 2013-10-06 11:44 - 00000000 ___DC () C:\FRST
2014-02-28 12:45 - 2009-07-13 23:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 12:45 - 2009-07-13 23:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 12:43 - 2014-02-28 12:43 - 00001413 _____ () C:\Users\Justin\Desktop\JRT.txt
2014-02-28 12:41 - 2012-10-02 21:20 - 01239798 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 12:39 - 2012-10-02 22:02 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 12:38 - 2014-02-28 12:38 - 01037734 _____ (Thisisu) C:\Users\Justin\Desktop\JRT.exe
2014-02-28 12:35 - 2013-06-12 21:28 - 00001826 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-28 12:35 - 2012-10-03 00:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-28 12:35 - 2012-10-02 22:02 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 12:35 - 2010-11-20 16:48 - 00197430 _____ () C:\Windows\PFRO.log
2014-02-28 12:35 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 12:35 - 2009-07-13 23:39 - 00039806 _____ () C:\Windows\setupact.log
2014-02-28 12:33 - 2013-10-02 12:24 - 00000000 ___DC () C:\AdwCleaner
2014-02-28 12:31 - 2014-02-28 12:31 - 01244192 _____ () C:\Users\Justin\Desktop\adwcleaner (3).exe
2014-02-28 12:04 - 2014-02-28 12:00 - 00000000 ____D () C:\Users\Justin\Desktop\RK_Quarantine
2014-02-28 12:03 - 2014-02-28 12:03 - 00001974 _____ () C:\Users\Justin\Desktop\RKreport[0]_S_02282014_120358.txt
2014-02-28 12:00 - 2014-02-28 12:00 - 03819008 _____ () C:\Users\Justin\Downloads\RogueKiller.exe
2014-02-28 11:38 - 2014-02-28 11:35 - 00009134 _____ () C:\Users\Justin\Desktop\attach.txt
2014-02-28 11:35 - 2014-02-28 11:35 - 00013360 _____ () C:\Users\Justin\Desktop\dds.txt
2014-02-28 11:34 - 2014-02-28 11:34 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr
2014-02-28 11:33 - 2013-10-21 18:48 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\uTorrent
2014-02-28 09:46 - 2014-02-25 22:36 - 00000000 ____D () C:\ProgramData\webbSave
2014-02-28 09:46 - 2012-10-03 00:24 - 00000000 ____D () C:\Users\Justin
2014-02-28 09:46 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Web
2014-02-27 21:00 - 2014-02-27 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-27 21:00 - 2014-02-27 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-27 20:59 - 2014-02-27 20:59 - 00006460 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-02-27 20:59 - 2012-10-08 01:19 - 00000000 ____D () C:\Program Files\Java
2014-02-27 20:57 - 2014-02-27 20:57 - 00921000 _____ (Oracle Corporation) C:\Users\Justin\Downloads\chromeinstall-7u51.exe
2014-02-25 22:38 - 2014-02-25 22:33 - 00000000 ___DC () C:\Program Files\Project64 1.6
2014-02-25 22:37 - 2014-02-25 22:37 - 27778896 _____ () C:\Users\Justin\Downloads\pokemonstadium.zip
2014-02-25 22:37 - 2014-02-25 22:35 - 00000000 ____D () C:\ProgramData\aa63562fa540ccf6
2014-02-25 22:36 - 2014-02-25 22:36 - 00000000 ___DC () C:\Program Files\webbSave
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Justin\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Guest
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\ASPNET
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-25 22:35 - 2014-02-25 22:35 - 00000000 ____D () C:\Users\Administrator
2014-02-25 22:35 - 2012-10-02 22:02 - 00000000 ____D () C:\Users\Justin\AppData\Local\Google
2014-02-25 22:34 - 2014-02-25 22:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-25 22:33 - 2014-02-25 22:33 - 02080797 _____ (Project64 ) C:\Users\Justin\Project64_1.6.exe
2014-02-25 22:33 - 2014-02-25 22:33 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2014-02-25 22:24 - 2014-02-25 22:24 - 82588651 _____ () C:\Users\Justin\Downloads\__rzi_0.008
2014-02-25 22:23 - 2014-02-25 22:23 - 00001152 _____ () C:\Users\Public\Desktop\Gearhead Garage.lnk
2014-02-25 22:23 - 2014-02-25 22:23 - 00000000 ___DC () C:\Program Files\HeadGames
2014-02-25 22:18 - 2014-02-25 22:15 - 82600787 ____R () C:\Users\Justin\Downloads\GEARHEAD GARAGE.zip
2014-02-25 22:08 - 2014-02-25 22:08 - 00000022 _____ () C:\Users\Justin\Desktop\track.txt
2014-02-25 22:05 - 2014-02-25 22:05 - 00001459 _____ () C:\Users\Public\Desktop\Back To The Future The Game.lnk
2014-02-25 22:05 - 2013-08-28 17:56 - 00000000 ____D () C:\Windows\system32\directx
2014-02-25 22:04 - 2013-12-25 19:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-25 22:04 - 2013-04-06 12:54 - 00000000 ____D () C:\Users\Justin\Documents\Telltale Games
2014-02-25 22:03 - 2013-04-06 12:51 - 00000000 ___DC () C:\Program Files\Telltale Games
2014-02-24 23:57 - 2012-10-18 02:10 - 00009861 _____ () C:\Windows\MKDEMSG.LOG
2014-02-24 23:56 - 2012-10-18 02:09 - 00000000 ____D () C:\RTE
2014-02-24 23:40 - 2012-10-18 02:10 - 00043353 _____ () C:\Windows\pvsw.log
2014-02-24 23:23 - 2014-02-24 23:08 - 00000000 ____D () C:\Users\Justin\Downloads\BTTF pack 1-5
2014-02-23 14:03 - 2014-02-23 14:03 - 03932214 _____ () C:\Users\Justin\Downloads\invoice.bmp
2014-02-22 10:10 - 2014-02-22 00:44 - 00000848 _____ () C:\Users\Public\Desktop\NASCAR '14.lnk
2014-02-22 00:45 - 2014-02-22 00:45 - 00000000 ____D () C:\ProgramData\Steam
2014-02-22 00:44 - 2014-02-22 00:35 - 00000000 ___DC () C:\Program Files\NASCAR '14
2014-02-22 00:22 - 2014-02-21 23:31 - 2750470144 _____ () C:\Users\Justin\Downloads\rld-na'1.iso
2014-02-21 23:30 - 2012-10-03 00:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-21 23:30 - 2012-10-02 21:50 - 00000000 ____D () C:\Program Files\Rockstar Games
2014-02-21 22:05 - 2014-02-21 22:02 - 00000000 ____D () C:\Users\Justin\Downloads\Zombieland (2009)
2014-02-21 21:13 - 2014-02-21 21:12 - 00000000 ____D () C:\Users\Justin\Downloads\American Graffiti 720p BRRip
2014-02-21 00:01 - 2013-03-28 08:47 - 00142336 ___SH () C:\Users\Justin\Thumbs.db
2014-02-20 21:48 - 2013-04-28 22:37 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-14 21:33 - 2014-02-14 21:27 - 412661390 _____ () C:\Users\Justin\Downloads\Nancy Drew  And The Haunted Carousel.zip
2014-02-14 21:26 - 2014-01-05 16:14 - 00000000 ___DC () C:\Program Files\Nancy Drew
2014-02-14 21:26 - 2012-10-11 23:40 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-14 21:25 - 2014-02-14 21:25 - 00000899 _____ () C:\Users\Public\Desktop\The Haunted Carousel.lnk
2014-02-14 00:16 - 2014-02-14 00:16 - 04768229 _____ () C:\Users\Justin\hlm-gtasa.rar
2014-02-14 00:13 - 2013-06-08 14:41 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\system32\CmdLineExt.dll
2014-02-13 23:23 - 2014-02-13 23:02 - 4213047452 _____ () C:\Users\Justin\Downloads\GTA_SA.iso
2014-02-12 20:06 - 2014-02-12 20:06 - 00002762 _____ () C:\Users\Justin\Desktop\used.txt
2014-02-12 20:04 - 2012-10-18 13:04 - 00000041 _____ () C:\Windows\crw.ini
2014-02-12 19:42 - 2014-02-12 13:08 - 00000000 ____D () C:\Users\Justin\Downloads\Nancy Drew 07 - Ghost Dogs of Moon Lake
2014-02-11 14:13 - 2014-02-11 13:57 - 643422528 _____ () C:\Users\Justin\Downloads\Nancy Drew - Secret of the Scarlet Hand.iso
2014-02-10 21:25 - 2014-02-10 21:14 - 568394789 _____ () C:\Users\Justin\Downloads\Nancy Drew And The Final Scene.zip
2014-02-10 16:48 - 2014-02-10 16:48 - 01166132 _____ () C:\Users\Justin\AdwCleaner.exe
2014-02-09 19:05 - 2013-05-13 14:31 - 00000000 ___DC () C:\Nancy Drew
2014-02-09 19:02 - 2014-01-20 17:18 - 00000000 ____D () C:\Users\Justin\Downloads\Brady Bunch Movie HDTV Box
2014-02-08 21:11 - 2014-02-08 21:11 - 00000000 ____D () C:\Users\Justin\AppData\Local\NVIDIA Corporation
2014-02-08 21:11 - 2014-02-08 21:06 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-08 21:09 - 2014-02-08 21:09 - 00000000 ___DC () C:\Program Files\AGEIA Technologies
2014-02-08 21:09 - 2014-02-08 21:09 - 00000000 ____D () C:\Users\Justin\AppData\Local\NVIDIA
2014-02-08 21:09 - 2012-10-03 00:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-08 21:09 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-08 21:05 - 2014-02-08 21:05 - 00000000 ___DC () C:\NVIDIA
2014-02-08 21:03 - 2014-01-27 21:59 - 00000000 ____D () C:\Users\Justin\Documents\EA Games
2014-02-08 21:03 - 2013-05-23 13:09 - 00000000 ___DC () C:\Program Files\EA GAMES
2014-02-08 21:00 - 2014-01-23 19:52 - 00000000 ____D () C:\Users\Justin\AppData\Local\Microsoft Game Studios
2014-02-08 20:42 - 2014-02-08 20:40 - 161185016 _____ (NVIDIA Corporation) C:\Users\Justin\332.21-desktop-win8-win7-winvista-32bit-english-whql.exe
2014-02-08 20:23 - 2014-01-29 18:14 - 00000000 ___DC () C:\Games
2014-02-08 17:20 - 2014-02-08 17:20 - 00047814 _____ () C:\Users\Justin\nfstrcc_10.zip
2014-02-08 17:20 - 2014-02-08 17:20 - 00047814 _____ () C:\Users\Justin\nfstrcc_10 (1).zip
2014-02-08 16:43 - 2014-02-08 16:42 - 00000000 ____D () C:\Users\Justin\Documents\NFSTR
2014-02-08 00:19 - 2014-02-08 00:19 - 00000000 ____D () C:\Users\Justin\Documents\Criterion Games
2014-02-07 09:33 - 2014-02-07 09:33 - 00000046 _____ () C:\Users\Justin\Documents\tracking.txt
2014-02-02 22:10 - 2014-02-02 22:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Justin\mbam-setup-1.75.0.1300.exe
2014-02-02 22:10 - 2014-02-02 22:10 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-02 22:10 - 2014-02-02 22:10 - 00000000 ___DC () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-02 22:09 - 2014-02-02 22:09 - 00001802 _____ () C:\Users\Public\Desktop\Uninstall Car Mechanic Simulator 2014.lnk
2014-02-02 22:09 - 2014-02-02 22:09 - 00000980 _____ () C:\Users\Public\Desktop\Car Mechanic Simulator 2014.lnk
2014-02-02 22:09 - 2014-02-02 22:07 - 00000000 RSHDC () C:\Program Files\Windows
2014-02-02 22:07 - 2014-02-02 22:07 - 00000838 _____ () C:\Users\Public\ikrafrwhgi.bat
2014-02-02 22:07 - 2014-02-02 22:07 - 00000087 _____ () C:\Users\Public\iafhnnfcoiweu.bat
2014-02-02 22:07 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-02-02 22:06 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Justin\Downloads\cms2014
2014-02-02 22:02 - 2014-02-02 21:53 - 00000000 ____D () C:\Users\Justin\Downloads\CarMechanic
2014-01-30 21:27 - 2014-01-30 21:27 - 00000000 ____D () C:\Users\Justin\Documents\NFS Most Wanted
2014-01-30 21:10 - 2014-01-30 20:55 - 2000878744 _____ (Electronic Arts) C:\Users\Justin\Downloads\NFSMostWanted2005_1.3_setup.exe
2014-01-30 20:46 - 2012-10-05 00:28 - 00383464 _____ () C:\Windows\DirectX.log
2014-01-30 00:16 - 2013-06-11 01:54 - 00000000 ___DC () C:\Program Files\SpeedFan
2014-01-29 18:34 - 2014-01-29 18:34 - 00000000 ____D () C:\Users\Justin\AppData\Local\EA Games
2014-01-29 17:11 - 2014-01-29 16:57 - 179039558 _____ () C:\Users\Justin\l4d1_one4nine_211110_6687.zip
2014-01-29 17:07 - 2014-01-29 16:55 - 148389271 _____ () C:\Users\Justin\nightterror_161009_1693.zip
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
C:\Users\Justin\095RC2R2.exe
C:\Users\Justin\332.21-desktop-win8-win7-winvista-32bit-english-whql.exe
C:\Users\Justin\AdwCleaner.exe
C:\Users\Justin\dxwebsetup.exe
C:\Users\Justin\GHGWinXPUpdate.exe
C:\Users\Justin\instsf449.exe
C:\Users\Justin\interface mod.exe
C:\Users\Justin\mbam-setup-1.75.0.1300.exe
C:\Users\Justin\Project64_1.6.exe
C:\Users\Justin\Saitek_Cyborg_Evo_SD6_32.exe
C:\Users\Justin\utorrent.exe
C:\Users\Justin\vlc-2.1.2-win32.exe
C:\Users\Public\iafhnnfcoiweu.bat
C:\Users\Public\ikrafrwhgi.bat
 
 
Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\ab4c000c.exe
C:\Users\Justin\AppData\Local\Temp\AutoRun.exe
C:\Users\Justin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Justin\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Justin\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\Justin\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Justin\AppData\Local\Temp\EAD45A6.exe
C:\Users\Justin\AppData\Local\Temp\EAD7E24.exe
C:\Users\Justin\AppData\Local\Temp\EAD817E.exe
C:\Users\Justin\AppData\Local\Temp\EAD8B7C.exe
C:\Users\Justin\AppData\Local\Temp\EAD91A4.exe
C:\Users\Justin\AppData\Local\Temp\EAD9240.exe
C:\Users\Justin\AppData\Local\Temp\EADB7BA.exe
C:\Users\Justin\AppData\Local\Temp\EADD335.exe
C:\Users\Justin\AppData\Local\Temp\EADEB67.exe
C:\Users\Justin\AppData\Local\Temp\eauninstall.exe
C:\Users\Justin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Justin\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Justin\AppData\Local\Temp\nvStInst.exe
C:\Users\Justin\AppData\Local\Temp\Quarantine.exe
C:\Users\Justin\AppData\Local\Temp\Setup.exe
C:\Users\Justin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Justin\AppData\Local\Temp\sfextra.dll
C:\Users\Justin\AppData\Local\Temp\SIntf16.dll
C:\Users\Justin\AppData\Local\Temp\SIntf32.dll
C:\Users\Justin\AppData\Local\Temp\SIntfNT.dll
C:\Users\Justin\AppData\Local\Temp\Tsu5BCE5899.dll
C:\Users\Justin\AppData\Local\Temp\_is495E.exe
C:\Users\Justin\AppData\Local\Temp\_is5B31.exe
C:\Users\Justin\AppData\Local\Temp\_isB7BB.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 03:15
 
==================== End Of Log ============================
 
 
 
 
Addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Justin at 2014-02-28 12:45:47
Running from C:\Users\Justin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Lavasoft Ad-Aware (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{F075020E-43B2-4F2C-9723-C81CE162E7B6}) (Version: 10.5.2.4379 - Lavasoft)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Annoying Sound Remover (HKLM\...\Annoying Sound Remover) (Version:  - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Back to the Future The Game - Episode 1 (HKLM\...\Episode 1) (Version: 1.0.0.0 - Telltale Games)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
Car Mechanic Simulator 2014 (HKLM\...\{A4ADF4AC-E6B7-44AD-AF74-42868A3EF180}) (Version: 1.0.0 - Games-Gen)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CoUMa's Interface Mod (HKLM\...\CoUMa's Interface Mod) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dr Jekyll and Mr Hyde Extended Edition (HKLM\...\Dr Jekyll and Mr Hyde Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
Driver: Parallel Lines (HKLM\...\{31CB0D80-1866-462A-9455-88614410971F}) (Version: 1.00.0000 - Ubisoft)
DX Studio Player v3.2.68 (HKLM\...\DX Studio Player v3.2.68_is1) (Version: 3.2.68 - Worldweaver Ltd.)
EA Download Manager (HKLM\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
EAX Unified (HKLM\...\EAX Unified) (Version:  - )
End It All (HKLM\...\End It All) (Version:  - )
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow v1.1.3572 [2010-09-13] (HKLM\...\ffdshow_is1) (Version: 1.1.3572.0 - )
Ford Racing 3 (HKLM\...\{797E03F8-C8A0-47ED-AA9F-D7076276E491}) (Version:  - )
Gearhead Garage (HKLM\...\GearheadGarage) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GimpShop 2.8 (HKLM\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GTA IV Vehicle Mod Installer v1.5 (HKLM\...\GTA IV Vehicle Mod Installer v1.5_is1) (Version:  - MobileD2)
Haunted Train Spirits of Charon Collectors 1.00 (HKLM\...\Haunted Train Spirits of Charon Collectors 1.00) (Version: 1.00 - Games)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 5.9.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 5.9.0 - )
Mafia (HKLM\...\Mafia) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Monster Garage (HKLM\...\Monster Garage) (Version:  - )
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nancy Drew Secrets Can Kill Remastered version 1.0 (HKLM\...\{042C4AC5-75A8-43FE-A566-7E09EC823871}_is1) (Version: 1.0 - Her Interactive)
Nancy Drew The Deadly Device 1.00 (HKLM\...\Nancy Drew The Deadly Device 1.00) (Version:  - )
Nancy Drew: Danger by Design (HKLM\...\{C3D82C0B-3592-4B03-A970-F84C081A8152}) (Version:  - )
Nancy Drew: Legend of the Crystal Skull (HKLM\...\{24328842-A29C-4FEA-81D3-1929D3A7F1AE}) (Version: 1.0 - Her Interactive, Inc.)
Nancy Drew: Ransom of the Seven Ships (HKLM\...\{1088F929-91D9-4FD5-8AE8-E9593CD47CD7}) (Version: 1.0.0 - Her Interactive, Inc.)
Nancy Drew: Shadow at the Water's Edge (HKLM\...\{10A10C6C-FF5E-40B2-A343-8D69E24167DF}) (Version: 1.0.0 - Her Interactive, Inc.)
Nancy Drew: Stay Tuned For Danger (HKLM\...\Nancy Drew: Stay Tuned For Danger) (Version:  - )
Nancy Drew: The Creature of Kapu Cave (HKLM\...\{F4EC2FB1-4255-4040-8DE6-5D75FA9D039F}) (Version:  - )
Nancy Drew: The Haunted Carousel (HKLM\...\{750B354A-BF46-45E0-86D6-620026703B92}) (Version:  - )
Nancy Drew: The Phantom of Venice (HKLM\...\{1505D9B1-6037-4310-815A-4D8A212C5075}) (Version: 1.0 - Her Interactive, Inc.)
Nancy Drew: Tomb of the Lost Queen (HKLM\...\{56CCBC54-8CEE-479F-9302-E0651BCBA13D}) (Version: 1.00 - Her Interactive)
Nancy Drew: Warnings at Waverly Academy (HKLM\...\{411DAD75-86F2-4C70-8666-EA14BE017690}) (Version: 1.0.0 - Her Interactive, Inc.)
NASCAR '14 (HKLM\...\TkFTQ0FSMTQ=_is1) (Version: 1 - )
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Pazera Free FLV to AVI Converter 1.5 (HKLM\...\{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1) (Version: 1.5 - Jacek Pazera)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
RAD Video Tools (HKLM\...\RADVideo) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RonyaSoft Poster Designer (Poster Forge) 2.01 (HKLM\...\RonyaSoft Poster Designer (Poster Forge)) (Version: 2.01 - RonyaSoft)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sothink Movie DVD Maker (HKLM\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Street Legal Racing - Redline (HKLM\...\{BC043E6C-A31C-468E-A699-8B1073A4C6FE}) (Version: 2.2.1 - Relentless Technologies)
The Game Of Life by Hasbro (HKLM\...\The Game Of Life by Hasbro1.0) (Version: 1.0 - Adnan_Boy 2008)
The Godfather™ The Game (HKLM\...\{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}) (Version:  - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trainz: Engineer's Edition (HKLM\...\AuranTS2009_is1) (Version:  - Auran)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TRS2006 (HKLM\...\{5ED9E38C-9A96-49D8-89B3-92E278003FCF}) (Version: 1.00.000 - )
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XVID Player 2.1 (HKLM\...\XVID Player_is1) (Version:  - vsevensoft.com)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Restore Points  =========================
 
28-02-2014 17:30:11 malware
 
==================== Hosts content: ==========================
 
2009-07-13 21:04 - 2013-10-03 11:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {77013898-4481-48FE-A0AF-E4AFAACA6ECF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {AA40A46C-B1CF-4BA2-BA45-794C6EE62B98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-12 21:37 - 2013-02-12 21:37 - 01263952 ____C () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 ____C () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-06-12 21:35 - 2014-02-07 10:24 - 00190752 ____C () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-06-12 21:35 - 2014-02-07 10:24 - 00178464 ____C () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2014-02-20 21:48 - 2014-02-19 20:02 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-20 21:48 - 2014-02-19 20:03 - 04060488 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-20 21:48 - 2014-02-19 20:03 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-20 21:48 - 2014-02-19 20:02 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-20 21:48 - 2014-02-19 20:03 - 13632840 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-12 22:11:25.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-12 22:00:19.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-12 21:42:33.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-12 21:15:26.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 2813.55 MB
Available physical RAM: 1725.39 MB
Total Pagefile: 5625.39 MB
Available Pagefile: 4424.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:186.21 GB) (Free:9.54 GB) NTFS
Drive e: (010425_1528) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: CAB10BEE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

seems better.  computer seems very slow still though.  links and that box with phone number are gone.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-02-2014 02

Ran by Justin at 2014-02-28 13:32:49 Run:1

Running from C:\Users\Justin\Downloads

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

HKLM\...\Run: [init] - C:\Program Files\Windows\SLsvc.exe

HKLM\...\Policies\Explorer\Run: [WinInitLZ] - C:\Program Files\Windows\SLsvc.exe No File

HKU\S-1-5-21-2796156219-500140081-3362875990-1000\...\Run: [WinUpd8] - C:\Program Files\Windows\SLsvc.exe

HKU\S-1-5-21-2796156219-500140081-3362875990-1000\...\Policies\Explorer\Run: [WinInitLZ] - C:\Program Files\Windows\SLsvc.exe

AppInit_DLLs: tA => tA File Not Found

SearchScopes: HKLM - DefaultScope value is missing.

CHR Extension: (websave) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkilpppjfbgpnekhnjpoogehpefiknpp [2014-02-25]

C:\Program Files\Windows\SLsvc.exe

C:\Program Files\Windows

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\init => Value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\WinInitLZ => Value deleted successfully.

HKU\S-1-5-21-2796156219-500140081-3362875990-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinUpd8 => Value deleted successfully.

HKU\HKU\S-1-5-21-2796156219-500140081-3362875990-1000\...\Policies\Explorer\Run: [WinInitLZ] - C:\Program Files\Windows\SLsvc.exe\Software\Microsoft\Windows\CurrentVersion\Run\\WinInitLZ => Value not found.

"tA" => Value Data not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkilpppjfbgpnekhnjpoogehpefiknpp => Moved successfully.

"C:\Program Files\Windows\SLsvc.exe" => File/Directory not found.

C:\Program Files\Windows => Moved successfully.

 

==== End of Fixlog ====
Link to post
Share on other sites

Good.......please run these scans:

Clean out temp files: (may require a reboot)

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then....................

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Looks Good.....

Clean out temp files: (may require a reboot)

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Let me know how it is, MrC

Link to post
Share on other sites

Give StartUpLITE a try:

https://www.malwarebytes.org/startuplite/

-------------------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x86 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 Windows Firewall Disabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 51  

 Adobe Reader XI  

 Google Chrome 32.0.1700.107  

 Google Chrome 33.0.1750.117  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

That looks OK

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.