Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential hijack - Huge variance between packets sent and received.


  • This topic is locked This topic is locked
14 replies to this topic

#1 JohnnyProphecy

JohnnyProphecy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 17 October 2013 - 03:40 AM

Good afternoon all,

 

I was hoping someone could assist me in resolving an issue i'm currently facing with my computer. I've noted that network connectivity in general has been slow for the past 4-5 days and through further investigation can see a extremely large variance between packets sent and packets received. I have attached a screenshot for reference. Initial virus scans/rootkit etc have not yieled any results and also, my firewall/virus scanner is now reporting pecific functions are corrupted.

 

Any assistance would be most appreciated.

 

Thank you,

 

Johnny

Attached Files

  • Attached File  uhoh.png   15.82KB   2 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 22 October 2013 - 03:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/511048 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 JohnnyProphecy

JohnnyProphecy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 23 October 2013 - 02:34 AM

I'm experiencing a slow connection and noting a huge variance between packets sent and received e.g. my computer has been on for 10 minutes and has 5,374,346 packets sent and 171,679,907 received.
 
I do not have my original windows disc available but am happy to source a new disc if need be.

 

Logs are attached.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by user at 18:32:26 on 2013-10-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8150.5748 [GMT 11:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B9572247-B5C0-474A-8B0F-E0CB3D343DCC} : DHCPNameServer = 192.168.0.1
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\
FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-02 19:36; {a9dd2140-08b7-49ac-84e3-3b1b7bdc5f8f}; C:\Program Files (x86)\a2zlyr\131.xpi
FF - ExtSQL: 2013-10-07 09:51; jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi
FF - ExtSQL: 2013-10-09 04:35; donottrackplus@abine.com; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-10-09 04:35; YoutubeDownloader@PeterOlayev.com; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF - ExtSQL: 2013-10-09 17:54; idme@abine.com; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\extensions\idme@abine.com
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-23 19264]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-9 1139800]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-5-23 22680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-9 169048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-2 283064]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131018.001\IDSviA64.sys [2013-10-19 521816]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-9 433752]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-23 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-23 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-10 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 14984480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-23 365376]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-5-23 27792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-28 140376]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-5-23 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-5-23 88832]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-23 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-23 789824]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-5-23 110744]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-10 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-7-31 39712]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-7-10 39096]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-7-10 137400]
R3 SaiK1709;SaiK1709;C:\Windows\System32\drivers\SaiK1709.sys [2012-9-20 180544]
R3 SaiU1709;SaiU1709;C:\Windows\System32\drivers\SaiU1709.sys [2012-9-20 47168]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-5-23 2206352]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [2013-10-2 1525848]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-9 224416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\SteamLibrary\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2013-7-21 25832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-10-17 08:25:10    --------    d-----w-    C:\Users\user\AppData\Local\NPE
2013-10-15 03:05:00    --------    d-----w-    C:\Program Files (x86)\WinPcap
2013-10-15 03:04:49    --------    d-----w-    C:\Program Files\Wireshark
2013-10-14 18:41:50    --------    d-----w-    C:\AdwCleaner
2013-10-14 12:56:08    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-10-14 06:55:04    --------    d-----w-    C:\Users\user\AppData\Roaming\StealthBastard[Steam]
2013-10-14 01:44:11    --------    d-----w-    C:\ProgramData\BioWare
2013-10-14 01:34:25    --------    d-----w-    C:\Users\user\AppData\Roaming\Red Alert 3 Uprising
2013-10-13 11:01:14    --------    d-----w-    C:\Users\user\AppData\Roaming\Doublefine
2013-10-13 06:40:38    --------    d-----w-    C:\Users\user\AppData\Local\4A Games
2013-10-12 06:15:53    --------    d-----w-    C:\Users\user\AppData\Local\dxhr
2013-10-12 06:14:59    --------    d-----w-    C:\Users\user\AppData\Local\28050
2013-10-11 08:27:35    --------    d-----w-    C:\Users\user\AppData\Roaming\Might & Magic Heroes VI
2013-10-10 12:46:50    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-10-10 12:46:50    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2013-10-10 12:46:37    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-10-10 12:46:37    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-10-10 12:46:37    41472    ----a-w-    C:\Windows\System32\lpk.dll
2013-10-10 12:46:37    368128    ----a-w-    C:\Windows\System32\atmfd.dll
2013-10-10 12:46:37    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-10-10 12:46:37    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-10-10 12:46:37    25600    ----a-w-    C:\Windows\SysWow64\lpk.dll
2013-10-10 12:46:37    14336    ----a-w-    C:\Windows\System32\dciman32.dll
2013-10-10 12:46:37    10240    ----a-w-    C:\Windows\SysWow64\dciman32.dll
2013-10-10 12:46:37    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-10-10 12:44:31    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 12:44:31    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 12:44:25    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-10 12:44:19    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-10-08 17:51:24    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 17:51:24    --------    d-----w-    C:\Program Files\iTunes
2013-10-08 17:51:24    --------    d-----w-    C:\Program Files\iPod
2013-10-08 17:51:24    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-10-05 21:43:05    --------    d-----w-    C:\Users\user\AppData\Roaming\Ubisoft
2013-10-05 05:41:30    --------    d-----w-    C:\Users\user\AppData\Roaming\FEZ
.
==================== Find3M  ====================
.
2013-10-16 11:12:42    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-10-16 11:12:42    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-10-12 04:55:48    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-11 12:10:27    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-10-08 17:46:52    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 17:46:52    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-02 09:35:37    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-06-02 17:42:20    44    ---h--w-    C:\Program Files (x86)\4db61657.tmp
.
============= FINISH: 18:32:33.73 ===============
 

Attached Files

  • Attached File  dds.txt   21.87KB   1 downloads

Edited by JohnnyProphecy, 24 October 2013 - 01:45 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 24 October 2013 - 08:37 AM

Greetings Johnny and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. You issue does not appear to be malware related from what you describe but we will take a quick look at things before possibly referring you to a more appropriate forum.

A large discrepency is normal. Think of it like the number of words used to ask a question compared to the number of words used to answer. Kind of like asking a wife "How was your day?" :)

Please start with this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt
  • FSS.txt
  • Farbar logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 JohnnyProphecy

JohnnyProphecy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 24 October 2013 - 05:23 PM

Good morning Oh My!

 

Thank you for your response and attention. Please find below the requested logs:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by user (administrator) on 25-10-2013 at 09:20:05
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1    localhost

========================= IP Configuration: ================================

Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : user-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 94-DE-80-61-67-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b542:6605:bdde:bbd4%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, 23 October 2013 6:22:17 PM
   Lease Expires . . . . . . . . . . : Saturday, 26 October 2013 6:22:17 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 244637312
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-2F-64-4A-94-DE-80-61-67-72
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B9572247-B5C0-474A-8B0F-E0CB3D343DCC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:24e5:3d2:91de:317b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::24e5:3d2:91de:317b%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2404:6800:4006:803::1003
      74.125.237.110
      74.125.237.104
      74.125.237.103
      74.125.237.101
      74.125.237.96
      74.125.237.98
      74.125.237.105
      74.125.237.100
      74.125.237.97
      74.125.237.99
      74.125.237.102


Pinging google.com [74.125.237.110] with 32 bytes of data:
Reply from 74.125.237.110: bytes=32 time=21ms TTL=54
Reply from 74.125.237.110: bytes=32 time=20ms TTL=54

Ping statistics for 74.125.237.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 21ms, Average = 20ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=239ms TTL=49
Reply from 98.138.253.109: bytes=32 time=262ms TTL=50

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 239ms, Maximum = 262ms, Average = 250ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 3ms, Average = 3ms
===========================================================================
Interface List
 11...94 de 80 61 67 72 ......Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    276
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6abd:24e5:3d2:91de:317b/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::24e5:3d2:91de:317b/128
                                    On-link
 11    276 fe80::b542:6605:bdde:bbd4/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/23/2013 06:23:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2013 06:22:17 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/23/2013 06:22:16 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/21/2013 07:57:16 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough space on the drive that Windows is installed on to prepare for backing up your files. At least 400 MB of free space is required to continue. Free up some space by deleting unnecessary files and try again. (0x81000014).

Error: (10/21/2013 07:48:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 07:46:20 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/21/2013 07:46:19 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/19/2013 06:48:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 06:46:32 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/19/2013 06:46:31 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]


System errors:
=============
Error: (10/25/2013 09:06:49 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/24/2013 09:20:59 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/24/2013 05:34:20 AM) (Source: Service Control Manager) (User: )
Description: The BHDrvx64 service depends on the Symantec Iron Driver service which failed to start because of the following error:
%%31

Error: (10/24/2013 05:34:20 AM) (Source: Service Control Manager) (User: )
Description: The Symantec Iron Driver service failed to start due to the following error:
%%31

Error: (10/23/2013 07:12:09 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/23/2013 06:22:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
SymIRON

Error: (10/22/2013 00:15:15 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/21/2013 07:56:58 PM) (Source: Service Control Manager) (User: )
Description: The BHDrvx64 service depends on the Symantec Iron Driver service which failed to start because of the following error:
%%31

Error: (10/21/2013 07:56:58 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Iron Driver service failed to start due to the following error:
%%31

Error: (10/21/2013 07:56:58 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Iron Driver service failed to start due to the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (10/23/2013 06:23:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2013 06:22:17 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/23/2013 06:22:16 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/21/2013 07:57:16 PM) (Source: Windows Backup)(User: )
Description: There is not enough space on the drive that Windows is installed on to prepare for backing up your files. At least 400 MB of free space is required to continue. Free up some space by deleting unnecessary files and try again. (0x81000014)

Error: (10/21/2013 07:48:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 07:46:20 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/21/2013 07:46:19 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (10/19/2013 06:48:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 06:46:32 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (10/19/2013 06:46:31 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]


========================= Devices: ================================

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


**** End of log ****
 

 

FFS:

 

Farbar Service Scanner Version: 24-10-2013
Ran by user (administrator) on 25-10-2013 at 09:20:41
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-10 23:45] - [2013-09-14 12:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-10 23:45] - [2013-09-08 13:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

FRST:

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by user (administrator) on USER-PC on 25-10-2013 09:20:57
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [uTorrent] - C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [902736 2013-10-15] (BitTorrent Inc.)
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3456080 2013-05-30] (Electronic Arts)
MountPoints2: {9c253ccd-12a0-11e3-8080-94de80616772} - F:\setup.exe
MountPoints2: {a57d3ec7-c368-11e2-a93a-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606056 2013-07-23] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default
FF DefaultSearchEngine: Mixi.DJ Search
FF SelectedSearchEngine: Mixi.DJ Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: DoNotTrackMe - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\Extensions\donottrackplus@abine.com
FF Extension: MaskMe - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\Extensions\idme@abine.com
FF Extension: jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi
FF Extension: YoutubeDownloader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wvn1g0sj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF
FF HKCU\...\Firefox\Extensions: [{a9dd2140-08b7-49ac-84e3-3b1b7bdc5f8f}] - C:\Program Files (x86)\a2zlyr\131.xpi
FF Extension: No Name - C:\Program Files (x86)\a2zlyr\131.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files (x86)\a2zlyr\131.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S3 DAUpdaterSvc; D:\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-07-21] (BioWare)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-02] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131023.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131023.024\ENG64.SYS [126040 2013-10-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131023.024\EX64.SYS [2099288 2013-10-24] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-15] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-07-10] (Razer Inc)
R3 SaiK1709; C:\Windows\System32\DRIVERS\SaiK1709.sys [180544 2012-09-20] (Saitek)
R3 SaiU1709; C:\Windows\System32\DRIVERS\SaiU1709.sys [47168 2012-09-20] (Saitek)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 09:20 - 2013-10-25 09:20 - 00002679 _____ C:\Users\user\Desktop\FSS.txt
2013-10-25 09:18 - 2013-10-25 09:20 - 00017778 _____ C:\Users\user\Desktop\Result.txt
2013-10-25 09:07 - 2013-10-25 09:07 - 00043229 _____ C:\Users\user\Downloads\FRST.txt
2013-10-25 09:07 - 2013-10-25 09:07 - 00024337 _____ C:\Users\user\Downloads\Addition.txt
2013-10-25 09:05 - 2013-10-25 09:05 - 00000000 ____D C:\FRST
2013-10-25 09:04 - 2013-10-25 09:04 - 00002681 _____ C:\Users\user\Downloads\FSS.txt
2013-10-25 08:55 - 2013-10-25 08:55 - 01955412 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-10-25 08:55 - 2013-10-25 08:55 - 00359085 _____ (Farbar) C:\Users\user\Desktop\FSS.exe
2013-10-25 08:54 - 2013-10-25 08:54 - 00760937 _____ (Farbar) C:\Users\user\Desktop\MiniToolBox(1).exe
2013-10-24 11:49 - 2013-10-24 11:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Wireshark
2013-10-19 14:11 - 2013-10-19 14:11 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds(1).com
2013-10-19 08:16 - 2013-10-19 08:16 - 00002173 _____ C:\Users\user\AppData\Local\recently-used.xbel
2013-10-18 23:01 - 2013-10-18 23:01 - 00000534 _____ C:\ProgramData\SMRResults410.dat
2013-10-17 19:25 - 2013-10-17 19:30 - 00000000 ____D C:\Users\user\AppData\Local\NPE
2013-10-17 19:24 - 2013-10-17 19:25 - 03053416 ____N (Symantec Corporation) C:\Users\user\Downloads\NPE.exe
2013-10-16 15:12 - 2013-10-16 15:12 - 00001747 _____ C:\Users\user\Desktop\RKreport[0]_S_10162013_151248.txt
2013-10-15 14:56 - 2013-10-15 14:56 - 339705856 _____ C:\Users\user\Documents\kjhik.pcapng
2013-10-15 14:05 - 2013-10-15 14:05 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-10-15 14:04 - 2013-10-15 14:05 - 00000000 ____D C:\Program Files\Wireshark
2013-10-15 14:03 - 2013-10-15 14:04 - 27966944 _____ (Wireshark development team) C:\Users\user\Downloads\Wireshark-win64-1.10.2.exe
2013-10-15 06:10 - 2013-10-25 09:01 - 00017759 _____ C:\Users\user\Downloads\Result.txt
2013-10-15 06:09 - 2013-10-15 06:09 - 00760937 _____ (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2013-10-15 06:05 - 2013-10-15 06:05 - 00002192 _____ C:\Users\user\Desktop\RKreport[0]_D_10152013_060513.txt
2013-10-15 06:05 - 2013-10-15 06:05 - 00000852 _____ C:\Users\user\Desktop\RKreport[0]_H_10152013_060516.txt
2013-10-15 06:05 - 2013-10-15 06:05 - 00000754 _____ C:\Users\user\Desktop\RKreport[0]_DN_10152013_060521.txt
2013-10-15 06:04 - 2013-10-15 06:04 - 00002115 _____ C:\Users\user\Desktop\RKreport[0]_S_10152013_060458.txt
2013-10-15 06:03 - 2013-10-15 06:05 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2013-10-15 06:03 - 2013-10-15 06:03 - 00951296 _____ C:\Users\user\Downloads\RogueKiller.exe
2013-10-15 05:45 - 2013-10-15 05:46 - 00002596 _____ C:\Users\user\Desktop\Rkill.txt
2013-10-15 05:45 - 2013-10-15 05:45 - 00000000 ____D C:\Users\user\Desktop\rkill
2013-10-15 05:42 - 2013-10-15 05:42 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill(1).exe
2013-10-15 05:41 - 2013-10-23 18:33 - 00022392 _____ C:\Users\user\Desktop\dds.txt
2013-10-15 05:41 - 2013-10-23 18:33 - 00010751 _____ C:\Users\user\Desktop\attach.txt
2013-10-15 05:41 - 2013-10-15 05:42 - 00000000 ____D C:\AdwCleaner
2013-10-15 05:41 - 2013-10-15 05:41 - 01048960 _____ C:\Users\user\Downloads\AdwCleaner.exe
2013-10-15 05:40 - 2013-10-15 05:40 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.com
2013-10-14 23:56 - 2013-10-14 23:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-14 23:53 - 2013-10-14 23:53 - 04232099 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe.part
2013-10-14 23:53 - 2013-04-10 08:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-14 23:51 - 2013-10-14 23:52 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2013-10-14 17:55 - 2013-10-15 14:30 - 00000000 ____D C:\Users\user\AppData\Roaming\StealthBastard[Steam]
2013-10-14 12:44 - 2013-10-14 12:44 - 00000000 ____D C:\ProgramData\BioWare
2013-10-14 12:34 - 2013-10-14 12:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Red Alert 3 Uprising
2013-10-13 22:01 - 2013-10-13 22:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Doublefine
2013-10-13 17:46 - 2013-10-13 17:46 - 00000000 ____D C:\Users\user\Documents\4A Games
2013-10-13 17:40 - 2013-10-13 17:40 - 00000000 ____D C:\Users\user\AppData\Local\4A Games
2013-10-12 17:15 - 2013-10-12 17:29 - 00000000 ____D C:\Users\user\AppData\Local\dxhr
2013-10-12 17:14 - 2013-10-12 17:14 - 00000000 ____D C:\Users\user\AppData\Local\28050
2013-10-11 23:27 - 2013-10-11 23:27 - 00007693 _____ C:\Users\user\Documents\DAO Ultimate Addins Updater.log
2013-10-11 23:27 - 2013-10-11 23:27 - 00000000 ____D C:\Users\user\Documents\BioWare
2013-10-11 19:27 - 2013-10-11 19:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Might & Magic Heroes VI
2013-10-11 19:27 - 2013-10-11 19:41 - 00000000 ____D C:\Users\user\Documents\Might & Magic Heroes VI
2013-10-11 10:32 - 2013-08-30 08:50 - 202617962 _____ C:\Users\user\Downloads\192359.mp4
2013-10-11 02:58 - 2013-09-23 10:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 02:58 - 2013-09-23 10:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 02:58 - 2013-09-23 10:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 02:58 - 2013-09-23 09:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:58 - 2013-09-23 09:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:58 - 2013-09-23 09:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:58 - 2013-09-23 09:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:58 - 2013-09-23 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:58 - 2013-09-21 14:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:58 - 2013-09-21 14:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 02:58 - 2013-09-21 13:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 02:58 - 2013-09-21 13:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 23:46 - 2013-07-04 23:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 23:46 - 2013-07-04 22:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 23:46 - 2013-06-06 16:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 23:46 - 2013-06-06 16:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 23:46 - 2013-06-06 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 23:46 - 2013-06-06 16:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 23:46 - 2013-06-06 15:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 23:46 - 2013-06-06 15:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 23:46 - 2013-06-06 15:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 23:46 - 2013-06-06 14:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 23:46 - 2013-06-06 14:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 23:46 - 2013-06-06 14:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 23:45 - 2013-09-14 12:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 23:45 - 2013-09-08 13:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 23:45 - 2013-09-08 13:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 23:45 - 2013-09-08 13:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 23:45 - 2013-08-29 13:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 23:45 - 2013-08-29 13:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 23:45 - 2013-08-29 13:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 23:45 - 2013-08-29 13:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 23:45 - 2013-08-29 13:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 23:45 - 2013-08-29 12:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 23:45 - 2013-08-29 12:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 23:45 - 2013-08-29 12:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 23:45 - 2013-08-29 12:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 23:45 - 2013-08-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 23:45 - 2013-08-29 12:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 23:45 - 2013-08-29 11:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 23:45 - 2013-08-29 11:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 23:45 - 2013-08-29 11:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 23:45 - 2013-08-29 11:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 23:45 - 2013-08-28 12:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 23:45 - 2013-07-12 21:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 23:45 - 2013-07-12 21:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 23:45 - 2013-07-04 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 23:45 - 2013-07-04 23:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 23:45 - 2013-07-04 22:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 23:45 - 2013-07-04 22:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 23:45 - 2013-07-04 21:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 23:45 - 2013-07-03 15:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 23:45 - 2013-07-03 15:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 23:45 - 2013-06-26 09:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 23:44 - 2013-08-28 12:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 23:44 - 2013-08-01 23:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 23:44 - 2013-07-20 21:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 23:44 - 2013-07-20 21:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:51 - 2013-10-09 04:51 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\Program Files\iTunes
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\Program Files\iPod
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-09 04:39 - 2013-10-16 22:49 - 00000000 ____D C:\Users\user\Desktop\traxx
2013-10-06 08:43 - 2013-10-06 08:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Ubisoft
2013-10-05 18:38 - 2013-10-05 18:38 - 00000000 ____D C:\Users\user\Documents\Zen Studios
2013-10-05 16:41 - 2013-10-05 17:00 - 00000000 ____D C:\Users\user\AppData\Roaming\FEZ
2013-10-05 16:41 - 2013-08-10 17:23 - 00012005 _____ C:\Users\user\AppData\Roaming\alsoft.ini
2013-09-28 14:19 - 2013-09-28 14:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-09-26 20:52 - 2013-09-27 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-25 09:20 - 2013-10-25 09:20 - 00002679 _____ C:\Users\user\Desktop\FSS.txt
2013-10-25 09:20 - 2013-10-25 09:18 - 00017778 _____ C:\Users\user\Desktop\Result.txt
2013-10-25 09:18 - 2013-06-02 13:33 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-10-25 09:07 - 2013-10-25 09:07 - 00043229 _____ C:\Users\user\Downloads\FRST.txt
2013-10-25 09:07 - 2013-10-25 09:07 - 00024337 _____ C:\Users\user\Downloads\Addition.txt
2013-10-25 09:05 - 2013-10-25 09:05 - 00000000 ____D C:\FRST
2013-10-25 09:04 - 2013-10-25 09:04 - 00002681 _____ C:\Users\user\Downloads\FSS.txt
2013-10-25 09:01 - 2013-10-15 06:10 - 00017759 _____ C:\Users\user\Downloads\Result.txt
2013-10-25 08:55 - 2013-10-25 08:55 - 01955412 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-10-25 08:55 - 2013-10-25 08:55 - 00359085 _____ (Farbar) C:\Users\user\Desktop\FSS.exe
2013-10-25 08:54 - 2013-10-25 08:54 - 00760937 _____ (Farbar) C:\Users\user\Desktop\MiniToolBox(1).exe
2013-10-25 08:44 - 2013-05-24 21:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-25 08:29 - 2013-05-23 16:30 - 01362603 _____ C:\Windows\WindowsUpdate.log
2013-10-25 00:19 - 2009-07-14 15:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 00:19 - 2009-07-14 15:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 16:42 - 2013-05-24 20:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-24 11:49 - 2013-10-24 11:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Wireshark
2013-10-23 18:33 - 2013-10-15 05:41 - 00022392 _____ C:\Users\user\Desktop\dds.txt
2013-10-23 18:33 - 2013-10-15 05:41 - 00010751 _____ C:\Users\user\Desktop\attach.txt
2013-10-23 18:28 - 2009-07-14 16:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 18:22 - 2013-05-23 16:46 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-23 18:22 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 18:22 - 2009-07-14 15:51 - 00055697 _____ C:\Windows\setupact.log
2013-10-21 22:24 - 2013-06-03 01:34 - 00000000 ____D C:\Users\user\Documents\Telltale Games
2013-10-19 14:11 - 2013-10-19 14:11 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds(1).com
2013-10-19 09:18 - 2013-08-17 22:28 - 00000000 ____D C:\Users\user\.gimp-2.8
2013-10-19 09:17 - 2013-05-27 06:52 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-19 08:16 - 2013-10-19 08:16 - 00002173 _____ C:\Users\user\AppData\Local\recently-used.xbel
2013-10-18 23:01 - 2013-10-18 23:01 - 00000534 _____ C:\ProgramData\SMRResults410.dat
2013-10-17 22:01 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 19:30 - 2013-10-17 19:25 - 00000000 ____D C:\Users\user\AppData\Local\NPE
2013-10-17 19:25 - 2013-10-17 19:24 - 03053416 ____N (Symantec Corporation) C:\Users\user\Downloads\NPE.exe
2013-10-17 19:25 - 2013-05-24 21:09 - 00000000 ____D C:\ProgramData\Norton
2013-10-16 22:49 - 2013-10-09 04:39 - 00000000 ____D C:\Users\user\Desktop\traxx
2013-10-16 22:12 - 2013-06-01 13:57 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-16 22:12 - 2013-06-01 13:55 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-16 15:12 - 2013-10-16 15:12 - 00001747 _____ C:\Users\user\Desktop\RKreport[0]_S_10162013_151248.txt
2013-10-16 14:26 - 2013-08-31 18:28 - 00000000 ____D C:\Users\user\AppData\Local\Game Dev Tycoon - Steam
2013-10-15 15:55 - 2013-05-25 17:59 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-10-15 14:56 - 2013-10-15 14:56 - 339705856 _____ C:\Users\user\Documents\kjhik.pcapng
2013-10-15 14:30 - 2013-10-14 17:55 - 00000000 ____D C:\Users\user\AppData\Roaming\StealthBastard[Steam]
2013-10-15 14:05 - 2013-10-15 14:05 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-10-15 14:05 - 2013-10-15 14:04 - 00000000 ____D C:\Program Files\Wireshark
2013-10-15 14:04 - 2013-10-15 14:03 - 27966944 _____ (Wireshark development team) C:\Users\user\Downloads\Wireshark-win64-1.10.2.exe
2013-10-15 06:09 - 2013-10-15 06:09 - 00760937 _____ (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2013-10-15 06:05 - 2013-10-15 06:05 - 00002192 _____ C:\Users\user\Desktop\RKreport[0]_D_10152013_060513.txt
2013-10-15 06:05 - 2013-10-15 06:05 - 00000852 _____ C:\Users\user\Desktop\RKreport[0]_H_10152013_060516.txt
2013-10-15 06:05 - 2013-10-15 06:05 - 00000754 _____ C:\Users\user\Desktop\RKreport[0]_DN_10152013_060521.txt
2013-10-15 06:05 - 2013-10-15 06:03 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine
2013-10-15 06:04 - 2013-10-15 06:04 - 00002115 _____ C:\Users\user\Desktop\RKreport[0]_S_10152013_060458.txt
2013-10-15 06:03 - 2013-10-15 06:03 - 00951296 _____ C:\Users\user\Downloads\RogueKiller.exe
2013-10-15 05:46 - 2013-10-15 05:45 - 00002596 _____ C:\Users\user\Desktop\Rkill.txt
2013-10-15 05:45 - 2013-10-15 05:45 - 00000000 ____D C:\Users\user\Desktop\rkill
2013-10-15 05:43 - 2010-11-21 14:47 - 00029092 _____ C:\Windows\PFRO.log
2013-10-15 05:42 - 2013-10-15 05:42 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill(1).exe
2013-10-15 05:42 - 2013-10-15 05:41 - 00000000 ____D C:\AdwCleaner
2013-10-15 05:41 - 2013-10-15 05:41 - 01048960 _____ C:\Users\user\Downloads\AdwCleaner.exe
2013-10-15 05:40 - 2013-10-15 05:40 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.com
2013-10-15 05:35 - 2013-09-02 20:36 - 00000000 ____D C:\Program Files (x86)\a2zlyr
2013-10-14 23:56 - 2013-10-14 23:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-14 23:56 - 2013-06-10 15:42 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-14 23:56 - 2013-06-10 15:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-14 23:53 - 2013-10-14 23:53 - 04232099 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe.part
2013-10-14 23:52 - 2013-10-14 23:51 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2013-10-14 21:29 - 2013-09-07 14:33 - 00007611 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2013-10-14 12:44 - 2013-10-14 12:44 - 00000000 ____D C:\ProgramData\BioWare
2013-10-14 12:34 - 2013-10-14 12:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Red Alert 3 Uprising
2013-10-14 12:34 - 2013-05-24 23:28 - 00321354 _____ C:\Windows\DirectX.log
2013-10-13 22:01 - 2013-10-13 22:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Doublefine
2013-10-13 18:42 - 2013-06-03 09:56 - 00000000 ____D C:\Users\user\AppData\Local\The Witcher
2013-10-13 17:46 - 2013-10-13 17:46 - 00000000 ____D C:\Users\user\Documents\4A Games
2013-10-13 17:40 - 2013-10-13 17:40 - 00000000 ____D C:\Users\user\AppData\Local\4A Games
2013-10-13 13:36 - 2013-05-24 23:29 - 00000000 ____D C:\Users\user\Documents\My Games
2013-10-12 20:39 - 2013-05-24 22:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Mumble
2013-10-12 17:29 - 2013-10-12 17:15 - 00000000 ____D C:\Users\user\AppData\Local\dxhr
2013-10-12 17:14 - 2013-10-12 17:14 - 00000000 ____D C:\Users\user\AppData\Local\28050
2013-10-12 15:55 - 2013-06-01 13:55 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-12 01:15 - 2013-07-06 21:44 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2013-10-12 01:15 - 2013-05-29 21:57 - 00000000 ____D C:\Program Files (x86)\Project64 2.1
2013-10-11 23:27 - 2013-10-11 23:27 - 00007693 _____ C:\Users\user\Documents\DAO Ultimate Addins Updater.log
2013-10-11 23:27 - 2013-10-11 23:27 - 00000000 ____D C:\Users\user\Documents\BioWare
2013-10-11 23:18 - 2013-06-01 13:57 - 00000000 ____D C:\Users\user\AppData\Local\PunkBuster
2013-10-11 23:10 - 2013-06-01 13:55 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-11 19:52 - 2013-10-11 19:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Might & Magic Heroes VI
2013-10-11 19:41 - 2013-10-11 19:27 - 00000000 ____D C:\Users\user\Documents\Might & Magic Heroes VI
2013-10-11 09:33 - 2009-07-14 15:45 - 00292784 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 09:32 - 2013-05-25 04:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 09:32 - 2013-05-25 04:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 09:32 - 2009-07-14 16:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-11 02:57 - 2013-05-23 16:39 - 00764302 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 02:55 - 2013-08-15 23:51 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:55 - 2013-05-26 09:01 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 04:51 - 2013-10-09 04:51 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\Program Files\iTunes
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\Program Files\iPod
2013-10-09 04:51 - 2013-10-09 04:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-09 04:46 - 2013-05-24 21:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 04:46 - 2013-05-24 21:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 04:46 - 2013-05-24 21:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-07 00:45 - 2013-05-26 09:41 - 00000000 ____D C:\Users\user\Documents\SavedGames
2013-10-06 08:43 - 2013-10-06 08:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Ubisoft
2013-10-05 18:38 - 2013-10-05 18:38 - 00000000 ____D C:\Users\user\Documents\Zen Studios
2013-10-05 17:00 - 2013-10-05 16:41 - 00000000 ____D C:\Users\user\AppData\Roaming\FEZ
2013-10-05 16:21 - 2013-06-02 11:59 - 00000000 ____D C:\Users\user\AppData\Roaming\Tropico 4
2013-09-30 19:33 - 2013-05-24 21:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-28 14:19 - 2013-09-28 14:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-09-27 21:56 - 2013-09-26 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 21:56 - 2013-05-24 21:07 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
2013-09-26 23:40 - 2013-07-13 23:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Rogue Legacy

Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\user\AppData\Local\Temp\lowproc.exe
C:\Users\user\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\user\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
C:\Users\user\AppData\Local\Temp\ntdll_dump.dll
C:\Users\user\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sonarinst.exe
C:\Users\user\AppData\Local\Temp\stubhelper.dll
C:\Users\user\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\user\AppData\Local\Temp\uninst1.exe
C:\Users\user\AppData\Local\Temp\_is32B3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-22 00:56

==================== End Of Log ============================

 

Regards,

 

Johnny



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 24 October 2013 - 06:48 PM

Hi Johnny,

Good afternoon to you! :)

Can you tell me which browser you are using when you notice difficulties?

I have some files I would like you to delete. But first I would like to provide some caution about one of the programs on your computer.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\ProgramData\SMRResults410.dat
C:\Users\user\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\user\AppData\Local\Temp\lowproc.exe
C:\Users\user\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\user\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
C:\Users\user\AppData\Local\Temp\ntdll_dump.dll
C:\Users\user\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sonarinst.exe
C:\Users\user\AppData\Local\Temp\stubhelper.dll
C:\Users\user\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\user\AppData\Local\Temp\uninst1.exe
C:\Users\user\AppData\Local\Temp\_is32B3.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Which browser?
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 JohnnyProphecy

JohnnyProphecy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 25 October 2013 - 02:44 AM

Good afternoon Oh My!

 

I'm using firefox primarily but this issue is affecting WAN/Internet connectivity in general.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by user at 2013-10-25 18:40:17 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\SMRResults410.dat
C:\Users\user\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\user\AppData\Local\Temp\lowproc.exe
C:\Users\user\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\user\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
C:\Users\user\AppData\Local\Temp\ntdll_dump.dll
C:\Users\user\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sonarinst.exe
C:\Users\user\AppData\Local\Temp\stubhelper.dll
C:\Users\user\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\user\AppData\Local\Temp\uninst1.exe
C:\Users\user\AppData\Local\Temp\_is32B3.exe
*****************

C:\ProgramData\SMRResults410.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\drm_dyndata_7410004.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\MixiDJToolbar_yh.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\_is32B3.exe => Moved successfully.

==== End of Fixlog ====

 

Thank you



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 25 October 2013 - 08:07 AM

Now it is Good Morning here.  :)
 
The reason why I asked about which browser you use is because of this. It appears you don't use Chrome so we can attempt to fix this or not.

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

Any change in your internet performance?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 JohnnyProphecy

JohnnyProphecy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 25 October 2013 - 06:59 PM

Hi Oh No!

 

You are correct, i don't use chrome so I'm not too concerned if that relates specifically to that browser. My network connection seems to be running okay but i'm still having issues with my anti virus/firewall presenting an error upon launch and won't allow me to turn the firewall on or "fix" this portion of the security package via a repair tool within the software.

 

I use Norton 2013.

 

Could this be related?

 

Thank you,

 

Johnny



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 25 October 2013 - 07:02 PM

What is the error message you are receiving?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 JohnnyProphecy

JohnnyProphecy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 25 October 2013 - 07:29 PM

Upon the software starting when i first boot windows i receive an error advising that there is an issue with Sonar protection and that it needs to be fixed the program then attempts to fix it and fails. When attempting to turn this element of the software on as well it simply switches back to off.

 

Norton error: 3039, 69639



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 25 October 2013 - 07:55 PM

Hi Johnny,

Thanks for the information. I think the best thing to do is uninstall and reinstall Norton. Please do this.

===================================================

Norton Remove and Reinstall tool

----------
  • Downlod the Norton Remove and Reinstall tool and save it to your desktop
  • Double click the NRnR icon
  • Follow the on-screen instructions
  • Restart your computer (you may be prompted for several restarts and repeat of steps)
  • Check your antivirus and Firewall
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 28 October 2013 - 09:37 AM

How are we doing Johnny?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 30 October 2013 - 08:23 AM

Greetings Johnny,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 01 November 2013 - 11:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users