Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run computer longer 5mins.


  • This topic is locked This topic is locked
100 replies to this topic

#1 clfarrar

clfarrar

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 04 October 2013 - 01:01 AM

      Basically I need to fix a virus that has corrupted my computer. My AVG virus scanner did not protect me, and these are my symptoms: 

Cannot log-in computer longer than 5mins/31 secs,

when accessing wi-fi network computer stalls,
cannot restore computer to earlier settings without virus affecting computer,

cannot open Internet browsers without computer stalling,

cannot restore computer in safe-mode.

 

      All these factors are a stalling virus that leave my computer lost in a 'busy' state where I cannot push anything.

 

Please help~!



BC AdBot (Login to Remove)

 


#2 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 07 October 2013 - 12:24 AM

Here's the DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by NewUser at 17:16:40 on 2013-10-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6058.5275 [GMT -7:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=4AC788532EAC520C&affID=123485&tt=240913_91215&tsp=5019
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
uURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - C:\Program Files (x86)\Search_Spin\prxtbSear.dll
mURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - C:\Program Files (x86)\Search_Spin\prxtbSear.dll
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - C:\Program Files (x86)\Search_Spin\prxtbSear.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Search Spin Toolbar: {FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C} - C:\Program Files (x86)\Search_Spin\prxtbSear.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
TB: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - C:\Program Files (x86)\Search_Spin\prxtbSear.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{11522A51-CB67-4794-A9E6-CFE5360E6F41} : NameServer = 0.0.0.0
TCP: Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66}\2435446556E646F627 : DHCPNameServer = 10.200.1.22 10.200.1.26
TCP: Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66}\3456E647572797C496E6B603131323 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66}\447237C4160747F60737022556071696273702E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66}\D6168616E616D20534D275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66}\F6E697F65727F677E6 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-7-24 45856]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
S1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-7-25 1432080]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-22 13336]
S2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-31 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-31 701512]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-22 2656536]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
S2 WinisoCDBus;WinISO Virtual CD Drive;C:\Windows\System32\drivers\WinisoCDBus.sys [2013-8-31 204032]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-31 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-22 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-28 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-26 1255736]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
.
=============== Created Last 30 ================
.
2013-10-04 05:26:40 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE2D151D-0256-4290-A530-2A4A568DBD65}\mpengine.dll
2013-10-01 04:00:40 -------- d-----w- C:\Users\NewUser\AppData\Roaming\WeatherBug
2013-10-01 04:00:40 -------- d-----w- C:\Users\NewUser\AppData\Local\WeatherBug
2013-09-29 16:35:36 -------- d-----w- C:\Users\NewUser\AppData\Local\Wajam
2013-09-29 16:34:20 -------- d-----w- C:\ProgramData\Conduit
2013-09-29 16:33:48 -------- d-----w- C:\Users\NewUser\AppData\Local\SwvUpdater
2013-09-28 23:25:00 -------- d-----w- C:\Users\NewUser\AppData\Roaming\Open Download Manager
2013-09-28 23:21:06 -------- d-----w- C:\ProgramData\boost_interprocess
2013-09-28 23:21:05 -------- d-----w- C:\ProgramData\GorillaPrice
2013-09-28 23:20:59 -------- d-----w- C:\Program Files (x86)\GorillaPrice
2013-09-28 23:20:27 -------- d-----w- C:\Windows\SysWow64\modules
2013-09-28 23:20:27 -------- d-----w- C:\Windows\SysWow64\js
2013-09-28 23:20:27 -------- d-----w- C:\Windows\SysWow64\images
2013-09-28 23:20:27 -------- d-----w- C:\Windows\SysWow64\html
2013-09-28 23:20:27 -------- d-----w- C:\Windows\SysWow64\css
2013-09-28 23:20:25 -------- d-----w- C:\ProgramData\WeCareReminder
2013-09-28 23:19:18 -------- d-----w- C:\Program Files (x86)\Delta
2013-09-28 23:19:17 -------- d-----w- C:\ProgramData\BitGuard
2013-09-28 23:18:40 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager
2013-09-26 22:15:23 -------- d-----w- C:\Program Files (x86)\Skype
2013-09-21 16:43:33 -------- d-----w- C:\ProgramData\Oracle
2013-09-17 01:28:20 -------- d-----w- C:\Users\NewUser\AppData\Roaming\skyz
2013-09-17 01:25:53 -------- d-----w- C:\Minecraft_Backup
2013-09-13 03:51:42 -------- d-----w- C:\Users\NewUser\AppData\Local\Adobe
2013-09-10 05:14:26 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2013-09-11 02:12:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 02:12:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-14 19:01:13 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-09 11:00:58 204032 ----a-w- C:\Windows\System32\drivers\WinisoCDBus.sys
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-29 10:13:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-07-29 10:13:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 02:21:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-25 02:21:14 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-25 02:21:14 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-22 23:55:17 317440 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2013-07-22 23:55:17 14848 ----a-w- C:\Windows\System32\IntcDAuC.dll
2013-07-22 23:53:59 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2013-07-22 23:53:56 145804 ----a-w- C:\Windows\SysWow64\igcompkrng600.bin
2013-07-22 23:53:56 145804 ----a-w- C:\Windows\System32\igcompkrng600.bin
2013-07-22 23:53:55 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll
2013-07-22 23:53:48 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2013-07-22 23:53:44 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2013-07-22 23:53:44 392984 ----a-w- C:\Windows\System32\hkcmd.exe
2013-07-22 23:53:43 4379416 ----a-w- C:\Windows\System32\GfxUI.exe
2013-07-22 23:53:43 110080 ----a-w- C:\Windows\System32\hccutils.dll
2013-07-22 23:53:42 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll
2013-07-22 23:53:40 184600 ----a-w- C:\Windows\System32\difx64.exe
2013-07-22 23:41:17 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-07-20 08:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 08:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 08:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 08:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 08:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 17:17:39.14 ===============

Attached Files

  • Attached File  dds.txt   20.05KB   3 downloads

Edited by Oh My, 08 October 2013 - 08:23 AM.
DDS log posted


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:52 PM

Posted 08 October 2013 - 08:17 AM

Greetings clfarrar and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review what you have already posted please run these program for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Adwcleaner log
  • Junkware log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 08 October 2013 - 10:09 AM

By the way, I'm running all of this using 'safe-mode'. Otherwise, my computer will not run longer than 5mins. Here's the requested docs (:


# AdwCleaner v3.006 - Report created 08/10/2013 at 07:55:22
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : NewUser - NEWUSER-PC
# Running from : E:\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Search_Spin
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\NewUser\AppData\Local\Conduit
Folder Deleted : C:\Users\NewUser\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\NewUser\AppData\Local\Wajam
Folder Deleted : C:\Users\NewUser\AppData\Local\Temp\apn
Folder Deleted : C:\Users\NewUser\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\NewUser\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\NewUser\AppData\LocalLow\Search_Spin
Folder Deleted : C:\Users\NewUser\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\NewUser\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\NewUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpimkfhjdaobobdomcikioipaenlhke
Folder Deleted : C:\Users\NewUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\5f578ddee23de846
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3241284
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0A0C99B-FB33-428B-963D-820A325212DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0A0C99B-FB33-428B-963D-820A325212DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E0A0C99B-FB33-428B-963D-820A325212DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F71453D-89FA-40E0-9AF8-4F0D784830C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C6098D0-34A7-4923-926F-45D30B344B96}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search_Spin
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\Software\Search_Spin
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search_Spin Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\NewUser\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11393 octets] - [08/10/2013 07:54:14]
AdwCleaner[S0].txt - [11159 octets] - [08/10/2013 07:55:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11220 octets] ##########
 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by NewUser on Tue 10/08/2013 at  8:02:23.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-547112992-345739189-1308640009-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy-codedownloader_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\NewUser\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\NewUser\appdata\locallow\whitesmoke_new"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/08/2013 at  8:04:20.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 08 October 2013 - 10:11 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by NewUser (administrator) on NEWUSER-PC on 08-10-2013 08:05:08
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKCU\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
HKCU\...\Run: [Open Download Manager] - C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
HKCU\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [11325 2013-10-08] ()
MountPoints2: {cb4ca575-12c2-11e3-8905-88532eac520f} - E:\SETUP.EXE
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=4AC788532EAC520C&affID=123485&tt=240913_91215&tsp=5019
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x24C3F81D3A87CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -  No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{11522A51-CB67-4794-A9E6-CFE5360E6F41}: [NameServer]0.0.0.0
Tcpip\..\Interfaces\{B4F6D0BA-904E-40B6-A768-07C2D7B01F66}: [NameServer]75.75.75.75,75.75.76.76

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Extension: () - C:\Users\NewUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Skype Click to Call) - C:\Users\NewUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_1
CHR Extension: () - C:\Users\NewUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-07-25] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-08-09] (WinISO.com)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 08:04 - 2013-10-08 08:04 - 00001849 _____ C:\Users\NewUser\Desktop\JRT.txt
2013-10-08 08:04 - 2013-10-08 08:04 - 00000000 ____D C:\FRST
2013-10-08 08:02 - 2013-10-08 08:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 08:01 - 2013-10-08 07:55 - 00011325 _____ C:\Users\NewUser\Desktop\AdwCleaner[S0].txt
2013-10-08 07:53 - 2013-10-08 07:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:16 - 2013-10-06 17:16 - 00000000 ___RD C:\Users\NewUser\Desktop\Startup
2013-10-06 17:16 - 2013-10-06 17:16 - 00000000 ___RD C:\Users\NewUser\Desktop\Administrative Tools
2013-10-01 01:30 - 2013-10-01 01:30 - 00003352 ____N C:\bootsqm.dat
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\WeatherBug
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Local\WeatherBug
2013-09-29 11:44 - 2013-09-29 11:44 - 14055457 _____ C:\Users\NewUser\Downloads\The Survival Games - San Andreas-COMPLETE (1).zip
2013-09-29 11:41 - 2013-09-29 11:42 - 14055457 _____ C:\Users\NewUser\Downloads\The Survival Games - San Andreas-COMPLETE.zip
2013-09-29 09:24 - 2013-09-29 09:24 - 00776165 _____ C:\Users\NewUser\Downloads\[1.6.2] Map Making Tools - v2.0.3a.zip
2013-09-28 16:48 - 2013-09-28 18:51 - 00000000 ____D C:\Users\NewUser\Desktop\screenshots
2013-09-28 16:38 - 2013-09-29 09:28 - 00000000 ____D C:\Users\NewUser\Desktop\mods
2013-09-28 16:26 - 2013-09-28 16:27 - 02153194 _____ C:\Users\NewUser\Downloads\minecraftforge-installer-1.6.2-9.10.0.799.jar
2013-09-28 16:25 - 2013-10-03 21:49 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Open Download Manager
2013-09-28 16:25 - 2013-09-28 16:25 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2013-09-28 16:21 - 2013-10-03 22:24 - 00000000 ____D C:\ProgramData\GorillaPrice
2013-09-28 16:20 - 2013-10-03 22:24 - 00000000 ____D C:\Program Files (x86)\GorillaPrice
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\modules
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\js
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\images
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\html
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\css
2013-09-28 16:19 - 2013-09-29 11:45 - 00000000 ____D C:\Users\NewUser\Desktop\saves
2013-09-28 16:18 - 2013-10-03 22:24 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2013-09-27 18:20 - 2013-09-27 18:20 - 00066493 _____ C:\Users\NewUser\Downloads\X-RayMod_v043.zip
2013-09-27 15:39 - 2013-09-27 15:39 - 00222909 _____ C:\Users\NewUser\Downloads\Cheating_Essentials_3.1.0_-_Minecraft_1.6.2.zip
2013-09-26 15:15 - 2013-10-03 22:24 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Skype
2013-09-26 15:15 - 2013-10-03 22:24 - 00000000 ____D C:\ProgramData\Skype
2013-09-26 15:15 - 2013-10-03 22:24 - 00000000 ____D C:\Program Files (x86)\Skype
2013-09-22 20:16 - 2013-09-22 20:18 - 00421387 _____ C:\Users\NewUser\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-22 13:42 - 2013-09-22 13:43 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm (3).html
2013-09-22 13:42 - 2013-09-22 13:42 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm.html
2013-09-21 22:17 - 2013-09-21 22:18 - 02124543 _____ C:\Users\NewUser\Downloads\minecraftforge-installer-1.6.4-9.11.0.883.jar
2013-09-21 22:13 - 2013-09-21 22:16 - 00098304 _____ C:\Users\NewUser\Documents\Publication1.pub
2013-09-21 09:43 - 2013-09-21 09:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-20 23:09 - 2013-09-20 23:09 - 00196608 _____ C:\Users\NewUser\Downloads\audit adjustments 09 through 13.xls
2013-09-20 23:07 - 2013-09-20 23:07 - 00186880 _____ C:\Users\NewUser\Downloads\audit adjustments 07 & 08 (2).xls
2013-09-20 23:06 - 2013-09-20 23:06 - 00186880 _____ C:\Users\NewUser\Downloads\audit adjustments 07 & 08 (1).xls
2013-09-20 20:27 - 2013-09-20 20:27 - 00186880 _____ C:\Users\NewUser\Downloads\audit adjustments 07 & 08.xls
2013-09-20 16:40 - 2013-09-20 16:40 - 00066494 _____ C:\Users\NewUser\Downloads\X-RayMod_v042 (2).zip
2013-09-20 12:41 - 2013-09-20 12:41 - 00975872 _____ C:\Users\NewUser\Downloads\Luck.pps
2013-09-17 17:09 - 2013-09-17 17:09 - 00066494 _____ C:\Users\NewUser\Downloads\X-RayMod_v042 (1).zip
2013-09-17 17:05 - 2013-09-17 17:05 - 00066494 _____ C:\Users\NewUser\Downloads\X-RayMod_v042.zip
2013-09-16 18:28 - 2013-09-16 18:29 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\skyz
2013-09-16 18:25 - 2013-09-16 18:26 - 00000000 ____D C:\Minecraft_Backup
2013-09-16 18:19 - 2013-09-16 18:19 - 00577501 _____ C:\Users\NewUser\Downloads\MC Helicopters Mod Installer (1).zip
2013-09-16 10:39 - 2013-09-16 10:39 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm (2).html
2013-09-16 10:39 - 2013-09-16 10:39 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm (1).html
2013-09-14 18:11 - 2013-09-14 18:11 - 00577501 _____ C:\Users\NewUser\Downloads\MC Helicopters Mod Installer.zip
2013-09-14 11:02 - 2013-09-14 11:02 - 00928132 _____ C:\Users\NewUser\Downloads\Morph-Beta-0.1.0.zip
2013-09-12 23:04 - 2013-09-12 23:04 - 00000743 _____ C:\Users\NewUser\Downloads\bin.txt
2013-09-12 23:00 - 2013-09-12 23:00 - 00014479 _____ C:\Users\NewUser\Downloads\Invoice that calculates total1 (1).xlsx
2013-09-12 21:16 - 2013-09-12 21:16 - 00000000 ____D C:\Users\NewUser\Documents\OneNote Notebooks
2013-09-12 21:05 - 2013-09-12 21:05 - 00421588 _____ C:\Users\NewUser\Downloads\OptiFine_1.6.2_HD_U_C4.jar
2013-09-12 20:53 - 2013-09-12 20:58 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 20:53 - 2013-09-12 20:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-12 20:51 - 2013-09-12 20:57 - 00000000 ____D C:\Users\NewUser\AppData\Local\Adobe
2013-09-11 23:46 - 2013-09-12 21:30 - 00016556 _____ C:\Users\NewUser\Downloads\Invoice that calculates total1.xlsx
2013-09-11 20:24 - 2013-09-11 20:24 - 00666950 _____ C:\Users\NewUser\Downloads\MC-War-By-HystericScar (2).zip
2013-09-11 20:23 - 2013-09-11 20:23 - 00666950 _____ C:\Users\NewUser\Downloads\MC-War-By-HystericScar (1).zip
2013-09-11 20:21 - 2013-09-11 20:21 - 00666950 _____ C:\Users\NewUser\Downloads\MC-War-By-HystericScar.zip
2013-09-11 19:45 - 2013-08-09 22:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 19:45 - 2013-08-09 22:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 19:45 - 2013-08-09 22:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 19:45 - 2013-08-09 22:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 19:45 - 2013-08-09 22:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 19:45 - 2013-08-09 22:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 19:45 - 2013-08-09 22:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 19:45 - 2013-08-09 22:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 19:45 - 2013-08-09 22:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 19:45 - 2013-08-09 22:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 19:45 - 2013-08-09 22:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 19:45 - 2013-08-09 22:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 19:45 - 2013-08-09 20:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 19:45 - 2013-08-09 20:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 19:45 - 2013-08-09 20:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 19:45 - 2013-08-09 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 19:45 - 2013-08-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 19:45 - 2013-08-09 19:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 19:45 - 2013-08-09 19:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 19:44 - 2013-08-09 22:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 19:44 - 2013-08-09 22:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 19:44 - 2013-08-09 20:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 15:09 - 2013-08-07 18:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:09 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 15:09 - 2013-08-01 19:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 15:09 - 2013-08-01 19:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 15:09 - 2013-08-01 19:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 15:09 - 2013-08-01 19:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 15:09 - 2013-08-01 19:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 15:09 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 15:09 - 2013-08-01 19:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 15:09 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 15:09 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 15:09 - 2013-08-01 18:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 15:09 - 2013-08-01 18:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 15:09 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 15:09 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 15:09 - 2013-08-01 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 15:09 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 15:09 - 2013-08-01 17:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 15:09 - 2013-08-01 17:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 15:09 - 2013-08-01 17:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 15:09 - 2013-08-01 17:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 15:09 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:09 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:09 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 15:09 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 15:09 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 15:09 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 15:22 - 2013-09-10 15:24 - 04103879 _____ C:\Users\NewUser\Downloads\Multiplayer_Sky_Challenge (1).rar
2013-09-10 15:18 - 2013-09-10 15:18 - 01628160 _____ (Bandoo Media Inc) C:\Users\NewUser\Downloads\iLividSetup-r157-n-bc.exe
2013-09-10 15:16 - 2013-09-10 15:19 - 04103879 _____ C:\Users\NewUser\Downloads\Multiplayer_Sky_Challenge.rar
2013-09-09 19:30 - 2013-09-09 19:31 - 07215237 _____ C:\Users\NewUser\Downloads\Crusoe_by_ICrafting_04.zip
2013-09-09 19:26 - 2013-09-09 19:28 - 31470460 _____ C:\Users\NewUser\Downloads\YoursCrafters_Stranded_1.3.zip
2013-09-08 17:07 - 2013-09-08 17:10 - 84734859 _____ C:\Users\NewUser\Downloads\Pixelmon 2.3.1 install.zip
2013-09-08 12:22 - 2013-09-08 12:22 - 00021490 _____ C:\Users\NewUser\Downloads\BouncingBlockMod-v20.zip
2013-09-08 12:20 - 2013-09-08 12:20 - 00113400 _____ C:\Users\NewUser\Downloads\Bosscraft2 (1.0.1).zip
2013-09-08 09:13 - 2013-09-08 09:13 - 00407312 _____ C:\Users\NewUser\Downloads\Borderlands Weapon Mod v0.0.8e 1.6.2.zip

==================== One Month Modified Files and Folders =======

2013-10-08 08:04 - 2013-10-08 08:04 - 00001849 _____ C:\Users\NewUser\Desktop\JRT.txt
2013-10-08 08:04 - 2013-10-08 08:04 - 00000000 ____D C:\FRST
2013-10-08 08:04 - 2009-07-13 22:13 - 00867060 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-08 08:02 - 2013-10-08 08:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 08:01 - 2013-07-21 19:45 - 01454274 _____ C:\Windows\WindowsUpdate.log
2013-10-08 07:58 - 2013-08-23 22:09 - 00000000 ____D C:\Users\NewUser\AppData\Local\LogMeIn Hamachi
2013-10-08 07:58 - 2013-07-22 17:28 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 07:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-08 07:57 - 2013-07-28 01:00 - 00007428 _____ C:\Windows\setupact.log
2013-10-08 07:57 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 07:55 - 2013-10-08 08:01 - 00011325 _____ C:\Users\NewUser\Desktop\AdwCleaner[S0].txt
2013-10-08 07:55 - 2013-10-08 07:53 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:16 - 2013-10-06 17:16 - 00000000 ___RD C:\Users\NewUser\Desktop\Startup
2013-10-06 17:16 - 2013-10-06 17:16 - 00000000 ___RD C:\Users\NewUser\Desktop\Administrative Tools
2013-10-03 22:27 - 2009-07-13 21:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 22:27 - 2009-07-13 21:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 22:24 - 2013-09-28 16:21 - 00000000 ____D C:\ProgramData\GorillaPrice
2013-10-03 22:24 - 2013-09-28 16:20 - 00000000 ____D C:\Program Files (x86)\GorillaPrice
2013-10-03 22:24 - 2013-09-28 16:18 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2013-10-03 22:24 - 2013-09-26 15:15 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Skype
2013-10-03 22:24 - 2013-09-26 15:15 - 00000000 ____D C:\ProgramData\Skype
2013-10-03 22:24 - 2013-09-26 15:15 - 00000000 ____D C:\Program Files (x86)\Skype
2013-10-03 22:24 - 2013-08-31 22:23 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\PFStaticIP
2013-10-03 22:24 - 2013-08-31 20:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:24 - 2013-08-23 21:47 - 00000000 ____D C:\Users\NewUser\Desktop\My BOSS Server
2013-10-03 22:24 - 2013-08-14 20:53 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\.minecraft
2013-10-03 22:24 - 2013-07-27 10:27 - 00000000 ____D C:\Windows\system32\Macromed
2013-10-03 22:24 - 2013-07-24 18:29 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-03 22:24 - 2013-07-24 18:23 - 00000000 ____D C:\ProgramData\MFAData
2013-10-03 22:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\security
2013-10-03 22:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-10-03 22:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-03 22:22 - 2013-08-31 20:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:21 - 2013-08-31 22:28 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-03 22:20 - 2013-08-31 22:22 - 00000000 __RHD C:\MSOCache
2013-10-03 22:20 - 2013-07-24 19:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 21:49 - 2013-09-28 16:25 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Open Download Manager
2013-10-01 01:30 - 2013-10-01 01:30 - 00003352 ____N C:\bootsqm.dat
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\WeatherBug
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Local\WeatherBug
2013-09-30 20:58 - 2013-08-14 20:53 - 00000000 ____D C:\Users\NewUser\Desktop\old .minecra
2013-09-30 20:58 - 2009-07-14 00:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-29 11:45 - 2013-09-28 16:19 - 00000000 ____D C:\Users\NewUser\Desktop\saves
2013-09-29 11:44 - 2013-09-29 11:44 - 14055457 _____ C:\Users\NewUser\Downloads\The Survival Games - San Andreas-COMPLETE (1).zip
2013-09-29 11:42 - 2013-09-29 11:41 - 14055457 _____ C:\Users\NewUser\Downloads\The Survival Games - San Andreas-COMPLETE.zip
2013-09-29 09:28 - 2013-09-28 16:38 - 00000000 ____D C:\Users\NewUser\Desktop\mods
2013-09-29 09:24 - 2013-09-29 09:24 - 00776165 _____ C:\Users\NewUser\Downloads\[1.6.2] Map Making Tools - v2.0.3a.zip
2013-09-28 18:51 - 2013-09-28 16:48 - 00000000 ____D C:\Users\NewUser\Desktop\screenshots
2013-09-28 18:11 - 2013-08-25 22:24 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-28 16:27 - 2013-09-28 16:26 - 02153194 _____ C:\Users\NewUser\Downloads\minecraftforge-installer-1.6.2-9.10.0.799.jar
2013-09-28 16:25 - 2013-09-28 16:25 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\modules
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\js
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\images
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\html
2013-09-28 16:20 - 2013-09-28 16:20 - 00000000 ____D C:\Windows\SysWOW64\css
2013-09-27 18:20 - 2013-09-27 18:20 - 00066493 _____ C:\Users\NewUser\Downloads\X-RayMod_v043.zip
2013-09-27 15:39 - 2013-09-27 15:39 - 00222909 _____ C:\Users\NewUser\Downloads\Cheating_Essentials_3.1.0_-_Minecraft_1.6.2.zip
2013-09-26 19:55 - 2013-08-31 22:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-22 20:18 - 2013-09-22 20:16 - 00421387 _____ C:\Users\NewUser\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-22 13:43 - 2013-09-22 13:42 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm (3).html
2013-09-22 13:42 - 2013-09-22 13:42 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm.html
2013-09-21 22:18 - 2013-09-21 22:17 - 02124543 _____ C:\Users\NewUser\Downloads\minecraftforge-installer-1.6.4-9.11.0.883.jar
2013-09-21 22:16 - 2013-09-21 22:13 - 00098304 _____ C:\Users\NewUser\Documents\Publication1.pub
2013-09-21 09:43 - 2013-09-21 09:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-20 23:09 - 2013-09-20 23:09 - 00196608 _____ C:\Users\NewUser\Downloads\audit adjustments 09 through 13.xls
2013-09-20 23:07 - 2013-09-20 23:07 - 00186880 _____ C:\Users\NewUser\Downloads\audit adjustments 07 & 08 (2).xls
2013-09-20 23:06 - 2013-09-20 23:06 - 00186880 _____ C:\Users\NewUser\Downloads\audit adjustments 07 & 08 (1).xls
2013-09-20 20:27 - 2013-09-20 20:27 - 00186880 _____ C:\Users\NewUser\Downloads\audit adjustments 07 & 08.xls
2013-09-20 16:40 - 2013-09-20 16:40 - 00066494 _____ C:\Users\NewUser\Downloads\X-RayMod_v042 (2).zip
2013-09-20 12:41 - 2013-09-20 12:41 - 00975872 _____ C:\Users\NewUser\Downloads\Luck.pps
2013-09-17 17:09 - 2013-09-17 17:09 - 00066494 _____ C:\Users\NewUser\Downloads\X-RayMod_v042 (1).zip
2013-09-17 17:05 - 2013-09-17 17:05 - 00066494 _____ C:\Users\NewUser\Downloads\X-RayMod_v042.zip
2013-09-16 18:29 - 2013-09-16 18:28 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\skyz
2013-09-16 18:26 - 2013-09-16 18:25 - 00000000 ____D C:\Minecraft_Backup
2013-09-16 18:19 - 2013-09-16 18:19 - 00577501 _____ C:\Users\NewUser\Downloads\MC Helicopters Mod Installer (1).zip
2013-09-16 10:39 - 2013-09-16 10:39 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm (2).html
2013-09-16 10:39 - 2013-09-16 10:39 - 00048112 _____ C:\Users\NewUser\Downloads\message_zdm (1).html
2013-09-14 18:11 - 2013-09-14 18:11 - 00577501 _____ C:\Users\NewUser\Downloads\MC Helicopters Mod Installer.zip
2013-09-14 11:02 - 2013-09-14 11:02 - 00928132 _____ C:\Users\NewUser\Downloads\Morph-Beta-0.1.0.zip
2013-09-12 23:04 - 2013-09-12 23:04 - 00000743 _____ C:\Users\NewUser\Downloads\bin.txt
2013-09-12 23:00 - 2013-09-12 23:00 - 00014479 _____ C:\Users\NewUser\Downloads\Invoice that calculates total1 (1).xlsx
2013-09-12 21:30 - 2013-09-11 23:46 - 00016556 _____ C:\Users\NewUser\Downloads\Invoice that calculates total1.xlsx
2013-09-12 21:16 - 2013-09-12 21:16 - 00000000 ____D C:\Users\NewUser\Documents\OneNote Notebooks
2013-09-12 21:05 - 2013-09-12 21:05 - 00421588 _____ C:\Users\NewUser\Downloads\OptiFine_1.6.2_HD_U_C4.jar
2013-09-12 20:58 - 2013-09-12 20:53 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 20:57 - 2013-09-12 20:51 - 00000000 ____D C:\Users\NewUser\AppData\Local\Adobe
2013-09-12 20:57 - 2013-07-27 10:27 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Adobe
2013-09-12 20:53 - 2013-09-12 20:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-12 00:33 - 2013-07-22 17:28 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 00:29 - 2013-08-23 21:49 - 00000898 _____ C:\Users\NewUser\Downloads\banned-ips.txt
2013-09-12 00:07 - 2013-07-27 10:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 23:55 - 2013-09-03 10:37 - 00015597 _____ C:\Users\NewUser\Documents\Invoice that calculates total1.xlsx
2013-09-11 22:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 20:24 - 2013-09-11 20:24 - 00666950 _____ C:\Users\NewUser\Downloads\MC-War-By-HystericScar (2).zip
2013-09-11 20:23 - 2013-09-11 20:23 - 00666950 _____ C:\Users\NewUser\Downloads\MC-War-By-HystericScar (1).zip
2013-09-11 20:23 - 2013-07-22 17:18 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{28946CDE-2729-4C73-BB75-DDDEC17B3338}
2013-09-11 20:21 - 2013-09-11 20:21 - 00666950 _____ C:\Users\NewUser\Downloads\MC-War-By-HystericScar.zip
2013-09-11 19:59 - 2009-07-13 21:45 - 00442192 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 19:44 - 2013-07-29 23:08 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 19:43 - 2013-07-22 18:26 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 19:12 - 2013-07-27 10:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-10 19:12 - 2013-07-27 10:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-10 19:12 - 2013-07-27 10:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-10 15:24 - 2013-09-10 15:22 - 04103879 _____ C:\Users\NewUser\Downloads\Multiplayer_Sky_Challenge (1).rar
2013-09-10 15:19 - 2013-09-10 15:16 - 04103879 _____ C:\Users\NewUser\Downloads\Multiplayer_Sky_Challenge.rar
2013-09-10 15:18 - 2013-09-10 15:18 - 01628160 _____ (Bandoo Media Inc) C:\Users\NewUser\Downloads\iLividSetup-r157-n-bc.exe
2013-09-09 19:31 - 2013-09-09 19:30 - 07215237 _____ C:\Users\NewUser\Downloads\Crusoe_by_ICrafting_04.zip
2013-09-09 19:28 - 2013-09-09 19:26 - 31470460 _____ C:\Users\NewUser\Downloads\YoursCrafters_Stranded_1.3.zip
2013-09-08 17:10 - 2013-09-08 17:07 - 84734859 _____ C:\Users\NewUser\Downloads\Pixelmon 2.3.1 install.zip
2013-09-08 12:22 - 2013-09-08 12:22 - 00021490 _____ C:\Users\NewUser\Downloads\BouncingBlockMod-v20.zip
2013-09-08 12:20 - 2013-09-08 12:20 - 00113400 _____ C:\Users\NewUser\Downloads\Bosscraft2 (1.0.1).zip
2013-09-08 09:13 - 2013-09-08 09:13 - 00407312 _____ C:\Users\NewUser\Downloads\Borderlands Weapon Mod v0.0.8e 1.6.2.zip
2013-09-08 08:55 - 2013-07-29 12:59 - 00000000 ____D C:\Users\NewUser\Downloads\world

Some content of TEMP:
====================
C:\Users\NewUser\AppData\Local\Temp\htmlayout.dll
C:\Users\NewUser\AppData\Local\Temp\nsc4F39.exe
C:\Users\NewUser\AppData\Local\Temp\nsc9169.exe
C:\Users\NewUser\AppData\Local\Temp\nscE965.exe
C:\Users\NewUser\AppData\Local\Temp\nscF412.exe
C:\Users\NewUser\AppData\Local\Temp\nsrBDA9.exe
C:\Users\NewUser\AppData\Local\Temp\nsrFEA.exe
C:\Users\NewUser\AppData\Local\Temp\nsw7AAE.exe
C:\Users\NewUser\AppData\Local\Temp\nsx19CD.exe
C:\Users\NewUser\AppData\Local\Temp\nsxBC2C.exe
C:\Users\NewUser\AppData\Local\Temp\ose00000.exe
C:\Users\NewUser\AppData\Local\Temp\ose00001.exe
C:\Users\NewUser\AppData\Local\Temp\Quarantine.exe
C:\Users\NewUser\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\NewUser\AppData\Local\Temp\tbappb.dll
C:\Users\NewUser\AppData\Local\Temp\uninst1.exe
C:\Users\NewUser\AppData\Local\Temp\uninstall141653853.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 08:13

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by NewUser at 2013-10-08 08:06:17
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
CCleaner (Version: 4.05)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Google Chrome (x32 Version: 29.0.1547.66)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2622)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.1000)
Intel® Rapid Storage Technology (x32 Version: 10.1.5.1001)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
PFPortChecker 1.0.39 (x32 Version: 1.0.39)
Portforward Static IP Address 1.0.47 (x32 Version: 1.0.47)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Access 2013 (KB2752093) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2727096) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760533) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768014) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817489) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817491) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817632) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2817629) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817622) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817308) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817627) 64-Bit Edition
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WinISO (x32 Version: 6.3.0.4969)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Wizard101 (x32 Version: 1.0.0)

==================== Restore Points  =========================

14-09-2013 18:52:46 Windows Update
17-09-2013 23:11:27 Windows Update
18-09-2013 01:55:58 Windows Update
21-09-2013 05:50:12 Windows Update
21-09-2013 16:42:20 Installed Java 7 Update 40
25-09-2013 02:31:00 Windows Update
27-09-2013 02:54:09 Windows Update
28-09-2013 23:22:04 Installed WeatherBug
29-09-2013 01:11:30 Removed WeatherBug

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {017B5275-984F-494A-99F3-16E7E155C01F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {52DE63F0-6F1E-492C-A347-49383C2F576E} - \Dealply No Task File
Task: {5752AC3C-D982-4ECF-8F4B-524005F964D1} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {6DA0A7AC-B294-47AD-8225-A33FDECC7B7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7E56044E-43A9-47A4-8983-6036CF3BA415} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {81921314-6256-43BF-9515-BD720C8EC5E6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {8FB8393C-3903-49EF-9570-439AAC3E9536} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {94A54CAF-D8D1-432B-9F57-8FFE106DD1B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {A329C1F8-FA3F-4792-9F3D-989B0A26FE5C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A9CA249B-0068-408F-AE13-3FFE9786C1DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D3FF3CDD-E95B-4C75-BCA4-556F5677C9E7} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6057.55 MB
Available physical RAM: 5239.32 MB
Total Pagefile: 12113.28 MB
Available Pagefile: 11313.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:416.93 GB) NTFS
Drive e: () (Removable) (Total:3.76 GB) (Free:3.3 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6DB4B9F3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:52 PM

Posted 09 October 2013 - 09:24 AM

Welcome and sorry for the delay. Please consider and do the following for me in Safe Mode if you must.

===================================================

Multiple Antivirus Programs Microsoft Security Essentials and AVG

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKCU\...\Run: [Open Download Manager] - C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
MountPoints2: {cb4ca575-12c2-11e3-8905-88532eac520f} - E:\SETUP.EXE
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
Toolbar: HKCU -  No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
2013-10-03 21:49 - 2013-09-28 16:25 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Open Download Manager
2013-09-28 16:25 - 2013-09-28 16:25 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2013-09-10 15:18 - 2013-09-10 15:18 - 01628160 _____ (Bandoo Media Inc) C:\Users\NewUser\Downloads\iLividSetup-r157-n-bc.exe
C:\Users\NewUser\AppData\Local\Temp\htmlayout.dll
C:\Users\NewUser\AppData\Local\Temp\nsc4F39.exe
C:\Users\NewUser\AppData\Local\Temp\nsc9169.exe
C:\Users\NewUser\AppData\Local\Temp\nscE965.exe
C:\Users\NewUser\AppData\Local\Temp\nscF412.exe
C:\Users\NewUser\AppData\Local\Temp\nsrBDA9.exe
C:\Users\NewUser\AppData\Local\Temp\nsrFEA.exe
C:\Users\NewUser\AppData\Local\Temp\nsw7AAE.exe
C:\Users\NewUser\AppData\Local\Temp\nsx19CD.exe
C:\Users\NewUser\AppData\Local\Temp\nsxBC2C.exe
C:\Users\NewUser\AppData\Local\Temp\ose00000.exe
C:\Users\NewUser\AppData\Local\Temp\ose00001.exe
C:\Users\NewUser\AppData\Local\Temp\Quarantine.exe
C:\Users\NewUser\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\NewUser\AppData\Local\Temp\tbappb.dll
C:\Users\NewUser\AppData\Local\Temp\uninst1.exe
C:\Users\NewUser\AppData\Local\Temp\uninstall141653853.exe
Task: {52DE63F0-6F1E-492C-A347-49383C2F576E} - \Dealply No Task File
Task: {5752AC3C-D982-4ECF-8F4B-524005F964D1} - \DealPlyLiveUpdateTaskMachineUA No Task File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to delete an antivirus program?
  • Fixlog
  • MiniToolBox results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 09 October 2013 - 03:35 PM

I tried deleting first Microsoft Security, it cannot be deleted in Safemode. Then AVG, it also cannot be deleted, it had a setup error.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by NewUser at 2013-10-09 13:30:22 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Open Download Manager] - C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
MountPoints2: {cb4ca575-12c2-11e3-8905-88532eac520f} - E:\SETUP.EXE
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
Toolbar: HKCU -  No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
2013-10-03 21:49 - 2013-09-28 16:25 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Open Download Manager
2013-09-28 16:25 - 2013-09-28 16:25 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2013-09-10 15:18 - 2013-09-10 15:18 - 01628160 _____ (Bandoo Media Inc) C:\Users\NewUser\Downloads\iLividSetup-r157-n-bc.exe
C:\Users\NewUser\AppData\Local\Temp\htmlayout.dll
C:\Users\NewUser\AppData\Local\Temp\nsc4F39.exe
C:\Users\NewUser\AppData\Local\Temp\nsc9169.exe
C:\Users\NewUser\AppData\Local\Temp\nscE965.exe
C:\Users\NewUser\AppData\Local\Temp\nscF412.exe
C:\Users\NewUser\AppData\Local\Temp\nsrBDA9.exe
C:\Users\NewUser\AppData\Local\Temp\nsrFEA.exe
C:\Users\NewUser\AppData\Local\Temp\nsw7AAE.exe
C:\Users\NewUser\AppData\Local\Temp\nsx19CD.exe
C:\Users\NewUser\AppData\Local\Temp\nsxBC2C.exe
C:\Users\NewUser\AppData\Local\Temp\ose00000.exe
C:\Users\NewUser\AppData\Local\Temp\ose00001.exe
C:\Users\NewUser\AppData\Local\Temp\Quarantine.exe
C:\Users\NewUser\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\NewUser\AppData\Local\Temp\tbappb.dll
C:\Users\NewUser\AppData\Local\Temp\uninst1.exe
C:\Users\NewUser\AppData\Local\Temp\uninstall141653853.exe
Task: {52DE63F0-6F1E-492C-A347-49383C2F576E} - \Dealply No Task File
Task: {5752AC3C-D982-4ECF-8F4B-524005F964D1} - \DealPlyLiveUpdateTaskMachineUA No Task File
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Open Download Manager => Value deleted successfully.
"C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb4ca575-12c2-11e3-8905-88532eac520f} => Key deleted successfully.
HKCR\CLSID\{cb4ca575-12c2-11e3-8905-88532eac520f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{D8278076-BC68-4484-9233-6E7F1628B56C} => Value deleted successfully.
HKCR\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Key not found.
C:\Users\NewUser\AppData\Roaming\Open Download Manager => Moved successfully.
C:\Users\NewUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager => Moved successfully.
C:\Users\NewUser\Downloads\iLividSetup-r157-n-bc.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nsc4F39.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nsc9169.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nscE965.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nscF412.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nsrBDA9.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nsrFEA.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nsw7AAE.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nsx19CD.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\nsxBC2C.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\ose00001.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\tbappb.dll => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\NewUser\AppData\Local\Temp\uninstall141653853.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52DE63F0-6F1E-492C-A347-49383C2F576E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52DE63F0-6F1E-492C-A347-49383C2F576E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5752AC3C-D982-4ECF-8F4B-524005F964D1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5752AC3C-D982-4ECF-8F4B-524005F964D1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA => Key deleted successfully.

==== End of Fixlog ====


MiniToolBox by Farbar  Version: 13-07-2013
Ran by NewUser (administrator) on 09-10-2013 at 13:32:01
Running from "E:\"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Minimal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : NewUser-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure.
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/09/2013 01:25:09 PM) (Source: MsiInstaller) (User: NewUser-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27023. CA_Error27023: ToolbarStuff(0xE0010058): Toolbar install/uninstall failed

Error: (10/09/2013 01:24:33 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2013; Error = 0x8007043c).

Error: (10/09/2013 01:24:25 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2013; Error = 0x8007043c).

Error: (10/09/2013 01:23:39 PM) (Source: Microsoft Security Client Setup) (User: NewUser-PC)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.


System errors:
=============
Error: (10/09/2013 01:31:55 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.3.0216.00

    Source Path: 4.3.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (10/09/2013 01:31:55 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.159.954.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.3.0216.00

    Source Path: 4.3.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (10/09/2013 01:31:55 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.159.954.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.3.0216.00

    Source Path: 4.3.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (10/09/2013 01:31:55 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.159.954.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.3.0216.00

    Source Path: 4.3.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (10/09/2013 01:25:21 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/09/2013 01:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/09/2013 01:21:55 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/09/2013 01:21:55 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/09/2013 01:21:55 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/09/2013 01:21:55 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/09/2013 01:25:09 PM) (Source: MsiInstaller)(User: NewUser-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27023. CA_Error27023: ToolbarStuff(0xE0010058): Toolbar install/uninstall failed(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/09/2013 01:24:33 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20130x8007043c

Error: (10/09/2013 01:24:25 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20130x8007043c

Error: (10/09/2013 01:23:39 PM) (Source: Microsoft Security Client Setup)(User: NewUser-PC)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.


========================= Devices: ================================

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


**** End of log ****
 


question, should I run the MiniTollBox in Safemode with Networking?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:52 PM

Posted 09 October 2013 - 03:40 PM

Excellent question but not yet. As much as anything I was looking for the recent errors but the information doesn't help us much.

When you are in Normal Mode does your computer simply freeze? If so, does that happen whether or not you have any programs running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 09 October 2013 - 06:42 PM

Basically what happens, is I log-in, and windows starts normally until I do one of the following:

 

-Keep the computer on for longer than 10-15 mins = will freeze up

-Open Google Chrome = will freeze up

-Perform a Malware Bytes scan for 10 mins = will freeze up during scan



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:52 PM

Posted 09 October 2013 - 07:59 PM

I want to start your computer a different way. Please do this.

===================================================

Clean Boot
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart
  • Boot into Normal Mode and check the computer performance
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Does your computer freeze?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 09 October 2013 - 08:45 PM

I let everything load. The  AdwCleaner[S0].txt loaded by itself. I closed it and tried to open GoogleChrome, nothing happened. I tried clicking on the start menu..... FROZE.

 

I think it could be this following file, I noticed it in the System Configuration Utility dialog box, and I also remember trying to delete this program manually before and it not deleted:

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:52 PM

Posted 09 October 2013 - 09:46 PM

I let everything load.

Did you disable the items as instructed in the Clean Boot steps?

Let's delete those entries and see if that helps. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKCU\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\WeatherBug
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Local\WeatherBug
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Any better?

Edited by Oh My, 09 October 2013 - 09:48 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 09 October 2013 - 10:16 PM

 

Did you disable the items as instructed in the Clean Boot steps?

 

 

YES

 

I started up my computer after doing that in Safemode. And nope..it still freezes.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by NewUser at 2013-10-09 20:08:50 Run:2
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Roaming\WeatherBug
2013-09-30 21:00 - 2013-09-30 21:00 - 00000000 ____D C:\Users\NewUser\AppData\Local\WeatherBug
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Weather => Value not found.
"C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1" => File/Directory not found.
C:\Users\NewUser\AppData\Roaming\WeatherBug => Moved successfully.
C:\Users\NewUser\AppData\Local\WeatherBug => Moved successfully.

==== End of Fixlog ====



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:52 PM

Posted 09 October 2013 - 10:50 PM

Thanks for clarifying. Please do this in Safe Mode. This will be my last post for the evening but I will be checking back in first thing in the morning.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click Start, type msconfig, then hit Enter
  • Click the Boot tab
  • Place a check mark in Base video, then click OK
  • Restart your computer into Normal Mode
  • Check your computer's performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 clfarrar

clfarrar
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 10 October 2013 - 09:08 AM

The same issue happens.

I also try to use ctrl+alt+del and that option box does not show up. But sometimes I get a white box titled: Failure to display security and shut down options, but nothing is displayed in it. I just get the never-ending blue circle icon that goes around and around. So I force shut-down.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users