Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit and Zekos malware infection Help plz


  • This topic is locked This topic is locked
22 replies to this topic

#1 Bamaman

Bamaman

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 10 January 2014 - 09:44 PM

http://www.bleepingcomputer.com/forums/t/520340/dcom-service-restarts-windows-offline-and-uses-high-cpu-when-online/#entry3256047

 

as per instruction i have linked the previous topic. 

 

I have been struggling with this infection for sometime now any help would be appreciated. Here are the dds logs and thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.15.2
Run by TIM G at 21:32:43 on 2014-01-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.890 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\TIM G\AppData\Local\GamersFirst\LIVE!\Live.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "C:\Users\TIM G\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\TIMG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Users\TIM G\AppData\Local\GamersFirst\LIVE!\Live.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{3988E41F-6575-477C-9131-37EE7915147D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{713FD0CE-4996-4CD4-B61A-C545A61D87C4} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{E6C1DCDF-429A-480C-9E67-F922E176556C} : DHCPNameServer = 7.254.254.254
AppInit_DLLs= c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll 
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-10-15 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-10-22 32512]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-8-26 121416]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-10-19 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-12-20 759248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?]
.
=============== Created Last 30 ================
.
2014-01-09 07:12:45 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6048147-ECB2-45E0-BA9A-C82CD6C66504}\mpengine.dll
2014-01-09 05:12:06 -------- d-----w- C:\db8c790c6260ae55878ddd74
2014-01-09 04:10:55 -------- d-----w- C:\Windows\System32\MRT
2014-01-09 03:09:21 -------- d-----w- C:\Windows\New folder
2014-01-03 06:37:36 -------- d-----w- C:\Program Files (x86)\SEGA
2014-01-03 06:33:49 -------- d-----w- C:\Users\TIM G\AppData\Roaming\SEGA
2014-01-01 03:34:49 -------- d-----w- C:\american hustle
2014-01-01 03:33:01 -------- d-----w- C:\the hobbit smoag
2014-01-01 02:39:52 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-31 16:45:46 -------- d-----w- C:\hitmanpro
2013-12-30 21:12:44 -------- d-----w- C:\Program Files (x86)\GamersFirst
2013-12-30 20:50:25 -------- d-----w- C:\Users\TIM G\AppData\Local\GamersFirst LIVE!
2013-12-30 20:50:13 -------- d-----w- C:\Users\TIM G\AppData\Local\GamersFirst
2013-12-26 05:12:23 -------- d-----w- C:\thor2
2013-12-23 00:19:53 -------- d-----w- C:\last days on mars
2013-12-23 00:18:17 -------- d-----w- C:\rush
2013-12-23 00:13:01 -------- d-----w- C:\gravity
2013-12-23 00:02:53 -------- d-----w- C:\the family
2013-12-20 16:01:20 -------- d-----w- C:\ProgramData\Tunngle
2013-12-20 16:01:19 -------- d-----w- C:\Program Files (x86)\Tunngle
2013-12-20 15:28:41 -------- d-----w- C:\tunngle
2013-12-20 03:17:03 -------- d-----w- C:\Crash
2013-12-19 18:22:58 -------- d-----w- C:\Program Files(x68)
2013-12-19 17:23:06 -------- d-----w- C:\borderlands2
.
==================== Find3M  ====================
.
2013-11-26 17:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-06 22:12:11 5204224 ----a-w- C:\Windows\SysWow64\GameMon.des
2013-10-22 20:13:08 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-10-20 02:40:00 1033335 ----a-w- C:\JRT.exe
2012-10-15 21:00:28 1606656 ----a-w- C:\Program Files (x86)\SteamInstall.msi
.
============= FINISH: 21:33:17.09 ===============
 


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 11 January 2014 - 08:58 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Bamaman

Bamaman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 11 January 2014 - 01:04 PM

Hello RPMMcMurphy, first i would like to thank you for your timely response. I hope we can resolve these issues. I will follow all instructions provided until given the "all clear" here are the requested logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2014 05
Ran by TIM G at 2014-01-11 12:54:46
Running from C:\Users\TIM G\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 2.2.1 - )
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.22beta (x32 Version:  - )
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (x32 Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (x32 Version: 10.1.2 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.2.120 - Apple Inc.)
BioShock Infinite (x32 Version:  - )
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (Version: 2.0.4.0 - Apple Inc.)
Borderlands.2.Incl.All.24.DLC.[1.7].W.B.Repack (x32 Version:  - )
Bundled software uninstaller (x32 Version:  - ) <==== ATTENTION
Curse Client (HKCU Version: 5.1.1.706 - Curse)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dokan Library 0.6.0 (x32 Version:  - )
Don't Starve (x32 Version:  - Klei Entertainment)
DoomRL version 0.9.9.6 (x32 Version: 0.9.9.6 - ChaosForge)
Doxillion Document Converter (x32 Version:  - NCH Software)
Dungeon Keeper 2 (x32 Version:  - )
Emulator Starter (HKCU Version: 1.0.0.136 - Free Game Empire)
Express Zip File Compression Software (x32 Version:  - NCH Software)
Fallen Earth (x32 Version:  - GamersFirst)
Fallout (x32 Version:  - )
Fallout 3 (x32 Version: 1.00.0000 - Bethesda Softworks)
Fallout Mod Manager 0.13.21 (x32 Version:  - Q, Timeslip)
Fallout2 (x32 Version:  - )
GamersFirst LIVE! (HKCU Version:  - GamersFirst)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Greeting Card Factory Photo Card Maker (x32 Version: 1.0.0.5 - Nova Development)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (Version: 3.7.8.208 - SurfRight B.V.)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.12.0 - Hewlett-Packard) Hidden
HP Setup (x32 Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Information (x32 Version: 10.1.0002 - Hewlett-Packard)
HP Update (x32 Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKCU Version: 0.9.10 - Hulu LLC)
iTunes (Version: 10.2.0.34 - Apple Inc.)
Java 7 Update 15 (x32 Version: 7.0.150 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ SE Runtime Environment 6 Update 1 (x32 Version: 1.6.0.10 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
League of Legends (x32 Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LightScribe System Software (x32 Version: 1.18.17.1 - LightScribe)
magicJack (HKCU Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 1.1 (x32 Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 1.2.0241 - Microsoft Corporation)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Minecraft1.6.2 (x32 Version:  - )
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
MP3 Rocket (x32 Version:  - )
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
MusicBrainz Picard (x32 Version: 0.12.1 - MusicBrainz)
Neverwinter Nights 2 (x32 Version: 1.00.0000 - Obsidian)
Norton Online Backup (x32 Version: 1.2.20.0 - Symantec)
NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Drivers (Version: 1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
OpenAL (x32 Version:  - )
Pando Media Booster (x32 Version: 2.6.0.9 - Pando Networks Inc.)
PHANTASY STAR ONLINE 2 (x32 Version:  - SEGA)
PictureMover (x32 Version: 3.3.1.19 - Hewlett-Packard Company)
Planescape Torment (x32 Version:  - GOG.com)
PlanetSide 2 (HKCU Version: 1.0.3.183 - Sony Online Entertainment)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PS3 Media Server (x32 Version: 1.72.0 - PS3 Media Server)
PurePlay Poker (x32 Version: 2.0.3104.0 - PurePlay)
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
RegInOut System Utilities (x32 Version: 3.0.0.2000 - SORCIM Technologies)
RegInOut System Utilities 3.0.0.2 (x32 Version:  - )
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7 - VS Revo Group, Ltd.)
Shattered Haven version 1.00 (x32 Version: 1.00 - )
Snood 4 (x32 Version:  - Word of Mouse Games)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Switch Sound File Converter (x32 Version:  - NCH Software)
System Requirements Lab CYRI (x32 Version: 5.0.6.0 - Husdawg, LLC)
System Shock 2 (x32 Version: 2.0.0.9 - GOG.com)
The Wolf Among Us (x32 Version: 1 - )
Tunngle beta (x32 Version:  - Tunngle.net GmbH)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Ventrilo Client (x32 Version: 3.0.7 - Flagship Industries, Inc.)
VLC media player 1.1.8 (x32 Version: 1.1.8 - VideoLAN)
War Thunder Launcher 1.0.1.278 (x32 Version:  - 2013 Gaijin Entertainment Corporation)
WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.4.12 - WildTangent) Hidden
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows XP Mode (Version: 1.3.7600.16423 - Microsoft Corporation)
World of Tanks v.0.6.7 (x32 Version:  - Wargaming.net)
World of Warcraft (x32 Version: 5.1.0.16309 - Blizzard Entertainment)
World of Warplanes (x32 Version:  - Wargaming.net)
Yahoo! Software Update (x32 Version:  - )
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check WMI.
 
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {197F728C-50BE-443B-A81D-D369DB6F40CF} - System32\Tasks\{AD27E883-B3A0-45E6-A95D-657D433F9BF7} => C:\Program Files (x86)\Bullfrog\Dungeon Keeper 2\DKII.exe
Task: {22D84303-7C72-460C-A43D-D3360F92F12C} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {237D760A-4815-43AD-B59B-6640F1259A14} - System32\Tasks\Driver Manager-RTMScan => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
Task: {30EF5B8B-6B00-44DD-AF0D-299BE73C8998} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2351418227-987604480-1267744043-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {49487776-F0A2-4E9A-AAB0-C19BDD75DB96} - System32\Tasks\Driver Manager-RTMUpdater => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
Task: {562BCD27-2650-4AAF-85BB-725C7F927E0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001Core => C:\Users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.)
Task: {5B86452B-9589-4792-ACFE-70152E0E05C2} - \AdobeFlashPlayerUpdate No Task File
Task: {5BA21BB4-923C-41D5-A5A6-65A516BC190C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {72551498-4250-44C4-AB9B-CB8C757CB976} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {797A5D84-66BD-4F50-AABE-5B89DD88148B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2351418227-987604480-1267744043-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7EF7BD7B-624D-4662-A79D-3EBF523480FF} - System32\Tasks\NCH Software\expresszipShakeIcon => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe [2012-01-26] (NCH Software)
Task: {8069782C-699C-462A-AD9F-C7BA5FE0B1EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {909B29C0-A09A-424E-A049-AB5A306017A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23] (Google Inc.)
Task: {97D269DE-793C-4B8E-9E94-C0E758C6E52B} - System32\Tasks\{60407A4F-748A-422B-A660-7709EE690F07} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {9E3BA191-AEC8-43F4-A100-F3C8633D9379} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001UA => C:\Users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.)
Task: {A186D783-F64D-409A-8E5A-DB82CA1D96CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {A87DD98C-78D8-4B0F-BBF1-D8B7B69C4AB9} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {B033FF7B-1B51-4797-8ABE-A3293E65FF71} - System32\Tasks\{5CA9A836-2D23-4FE4-93BE-8D922E25882A} => C:\cdcgames\lunia\Lunia.exe
Task: {CD74895B-1B9C-473B-89C6-7423BB3AD5E5} - System32\Tasks\Driver Manager-RTMRules => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
Task: {D4C4EC6B-53B5-4304-ACF8-968EA346A269} - System32\Tasks\{610ABEA0-A40D-4294-BF44-1B25FB6D6B0B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {D6B692C6-E998-437C-87BB-C1F6CFD942D9} - System32\Tasks\{BD162DFE-8529-4D91-9908-E0252465806F} => Iexplore.exe http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsProgressBar
Task: {D7E2D302-DEC2-4BDD-ADBE-2912BBBE4AC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23] (Google Inc.)
Task: {EDE95B78-50E9-4E01-AB1C-E6FC9D1ED42B} - System32\Tasks\{2B82BDAB-569E-46AC-9FD9-DF2485FD13B7} => C:\cdcgames\lunia\Lunia.exe
Task: {EF3926AB-AE2F-4D68-823A-031F5D9680D1} - System32\Tasks\HPCeeScheduleForTIM G => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F39EEB7C-3ABA-491D-AECE-E75E1907A0E3} - System32\Tasks\EPUpdater => C:\Users\TIMG~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {F94FEE9A-5601-43A3-AB74-CBA8579A2073} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001Core.job => C:\Users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001UA.job => C:\Users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTIM G.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-05 22:01 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 22:01 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 22:01 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 22:01 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 22:01 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: ABXU3MDN IDE Controller
Description: ABXU3MDN IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: akdvzogd
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2014 00:46:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000011b2e8d
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 08:11:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_1_102.ocx, version: 11.1.102.55, time stamp: 0x4eaf8c6d
Exception code: 0xc0000005
Fault offset: 0x00000000005d7905
Faulting process id: 0x2d0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 07:31:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2014 06:21:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037c01f
Exception code: 0xc0000005
Fault offset: 0x00000000000322ca
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 06:14:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037c01f
Exception code: 0xc0000005
Fault offset: 0x0000000000551fb3
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 05:20:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037c01f
Exception code: 0xc0000005
Fault offset: 0x00000000000322ca
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 05:01:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037c01f
Exception code: 0xc0000005
Fault offset: 0x0000000000551fb3
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 04:49:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037c01f
Exception code: 0xc0000005
Fault offset: 0x00000000000322ca
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 04:23:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037c01f
Exception code: 0xc0000005
Fault offset: 0x00000000000322ca
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/11/2014 03:38:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037c01f
Exception code: 0xc0000005
Fault offset: 0x00000000000322ca
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
 
System errors:
=============
Error: (01/11/2014 00:40:59 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (01/11/2014 08:20:34 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005
 
Error: (01/11/2014 08:20:34 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005
 
Error: (01/11/2014 08:18:24 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (01/11/2014 08:18:23 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/11/2014 08:18:23 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
Logon failure: the user has not been granted the requested logon type at this computer.
 
Service: nvUpdatusService 
Domain and account: .\UpdatusUser
 
This service account does not have the required user right "Log on as a service."
 
User Action
 
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
 
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
 
Error: (01/11/2014 08:16:12 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: 
%%1190
 
Error: (01/11/2014 08:16:10 AM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (01/11/2014 08:16:10 AM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (01/11/2014 06:25:44 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005
 
 
Microsoft Office Sessions:
=========================
Error: (01/11/2014 00:46:40 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000011b2e8d2d401cf0ecf95648e00C:\Windows\system32\svchost.exeunknown52cd6280-7ae8-11e3-828b-7071bcaa1baa
 
Error: (01/11/2014 08:11:12 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_11_1_102.ocx11.1.102.554eaf8c6dc000000500000000005d79052d001cf0ebf8a347dc0C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocxd7b82060-7ac1-11e3-b6bf-7071bcaa1baa
 
Error: (01/11/2014 07:31:43 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
Error: (01/11/2014 06:21:19 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.179405037c01fc000000500000000000322ca2d801cf0ebed7772ac0C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll7dfb2fe0-7ab2-11e3-b3e5-7071bcaa1baa
 
Error: (01/11/2014 06:14:30 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.179405037c01fc00000050000000000551fb32d401cf0eb727545520C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll8a339ff0-7ab1-11e3-a96c-7071bcaa1baa
 
Error: (01/11/2014 05:20:15 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.179405037c01fc000000500000000000322ca2d401cf0eb44e83ac20C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dllf5ebfc40-7aa9-11e3-a3b7-7071bcaa1baa
 
Error: (01/11/2014 05:01:03 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.179405037c01fc00000050000000000551fb32d801cf0eb2dc0fcbc0C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll47674c30-7aa7-11e3-b6c4-7071bcaa1baa
 
Error: (01/11/2014 04:49:03 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.179405037c01fc000000500000000000322ca2d801cf0eaf43a06320C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll9a2ace80-7aa5-11e3-8417-7071bcaa1baa
 
Error: (01/11/2014 04:23:29 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.179405037c01fc000000500000000000322ca2d401cf0ea9a22e7fe0C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll07d63400-7aa2-11e3-ae8f-7071bcaa1baa
 
Error: (01/11/2014 03:38:59 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.179405037c01fc000000500000000000322ca2d401cf0e9ffa5921c0C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dlld04894c0-7a9b-11e3-b454-7071bcaa1baa
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 90%
Total physical RAM: 4094.49 MB
Available physical RAM: 384.5 MB
Total Pagefile: 12092.68 MB
Available Pagefile: 7132.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:455.02 GB) (Free:18.3 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.62 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
Drive h: (BioShock Infinite Disc3) (CDROM) (Total:2.5 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05
Ran by TIM G (administrator) on TIMG-PC on 11-01-2014 12:45:02
Running from C:\Users\TIM G\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Google Inc.) C:\Users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(GamersFirst) C:\Users\TIM G\AppData\Local\GamersFirst\LIVE!\Live.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-29] (Google Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-23] (Google Inc.)
HKCU\...\Run: [cdloader] - C:\Users\TIM G\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-24] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Driver Manager] - C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
MountPoints2: {01910df9-0778-11e3-8f3a-7071bcaa1baa} - F:\LaunchU3.exe -a
MountPoints2: {cc2db5c0-404e-11e1-8699-806e6f6e6963} - F:\autorun\autorun.exe
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\UpdatusUser\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll  [ ] ()
Startup: C:\Users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\TIM G\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://g.msn.com/CQDSK/1
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
URLSearchHook: HKCU - (No Name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {5C0EC60F-8D39-48D3-9D2A-9E5F933C4570} URL = 
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKCU - {C4114D80-5FBF-4D1E-A8B0-9A05B27707BD} URL = 
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\TIM G\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\TIM G\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\TIM G\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TIM G\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TIM G\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TIM G\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\TIM G\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TIM G\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\TIM G\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com [2011-01-08]
FF Extension: BitTorrentBar Community Toolbar - \Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2011-01-08]
FF Extension: OneClickDownloader - C:\Users\TIM G\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-09-16]
 
Chrome: 
=======
CHR Extension: (Skype Click to Call) - C:\Users\TIM G\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0 [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\TIM G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5204224 2013-11-06] (INCA Internet Co., Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759248 2013-10-27] (Tunngle.net GmbH)
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-10-22] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-24] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 akdvzogd; No ImagePath
U3 ar9z6e9m; C:\Windows\System32\Drivers\ar9z6e9m.sys [0 ] (NVIDIA Corporation)
S3 Gun; \??\C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-11 12:45 - 2014-01-11 12:52 - 00014604 _____ C:\Users\TIM G\Downloads\FRST.txt
2014-01-11 12:44 - 2014-01-11 12:44 - 02076672 _____ (Farbar) C:\Users\TIM G\Downloads\FRST64.exe
2014-01-11 12:44 - 2014-01-11 12:44 - 00000000 ____D C:\FRST
2014-01-10 20:47 - 2014-01-10 20:50 - 00006182 _____ C:\Users\TIM G\Desktop\Rkill.txt
2014-01-10 20:47 - 2014-01-10 20:47 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\TIM G\Downloads\rkill.exe
2014-01-10 18:50 - 2014-01-10 21:33 - 00019300 _____ C:\Users\TIM G\Desktop\attach.txt
2014-01-10 18:50 - 2014-01-10 21:33 - 00011539 _____ C:\Users\TIM G\Desktop\dds.txt
2014-01-10 18:48 - 2014-01-10 18:48 - 00688992 ____R (Swearware) C:\Users\TIM G\Downloads\dds.com
2014-01-10 11:54 - 2014-01-10 11:54 - 01153912 _____ (Emsi Software GmbH) C:\Users\TIM G\Downloads\BlitzBlank.exe
2014-01-09 11:51 - 2014-01-09 11:52 - 00001272 _____ C:\Users\TIM G\Desktop\shutdown.lnk
2014-01-09 00:12 - 2014-01-09 00:12 - 00000000 ____D C:\db8c790c6260ae55878ddd74
2014-01-08 23:42 - 2014-01-09 02:28 - 00016895 _____ C:\Windows\IE10_main.log
2014-01-08 23:42 - 2014-01-09 02:28 - 00000134 _____ C:\Users\TIM G\Desktop\Internet Explorer Troubleshooting.url
2014-01-08 23:10 - 2014-01-08 23:14 - 00000000 ____D C:\Windows\system32\MRT
2014-01-08 22:09 - 2014-01-08 22:09 - 00000000 ____D C:\Windows\New folder
2014-01-08 22:04 - 2014-01-08 22:04 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2014-01-08 21:27 - 2014-01-08 21:27 - 00377856 _____ C:\Users\TIM G\Downloads\zjv4csc7.exe
2014-01-08 21:22 - 2014-01-08 21:22 - 00000031 _____ C:\Users\TIM G\Desktop\shutdownaero.bat
2014-01-08 21:14 - 2014-01-08 21:14 - 00037376 _____ C:\Windows\system32\yugsh.fgw
2014-01-08 21:03 - 2014-01-11 02:02 - 00000092 _____ C:\Windows\system32\pghcrnm.hhc
2014-01-08 21:02 - 2014-01-08 21:14 - 00000099 _____ C:\Windows\system32\wejcl.rno
2014-01-08 21:02 - 2014-01-08 21:02 - 00000064 _____ C:\Windows\system32\swhw.cpi
2014-01-08 20:46 - 2014-01-08 20:46 - 00219314 ____S C:\Windows\system32\zytw.gev
2014-01-08 00:27 - 2014-01-08 00:27 - 06934513 _____ C:\Users\TIM G\Downloads\patch_2013_12_25 (1).rar
2014-01-03 12:45 - 2014-01-03 12:45 - 06934513 _____ C:\Users\TIM G\Downloads\patch_2013_12_25.rar
2014-01-03 12:27 - 2014-01-03 12:27 - 00476552 _____ (SEGA Corporation) C:\Users\TIM G\Downloads\downloader (2).exe
2014-01-03 12:27 - 2014-01-03 12:27 - 00001300 _____ C:\Users\TIM G\Desktop\PHANTASY STAR ONLINE 2.lnk
2014-01-03 12:26 - 2014-01-03 12:26 - 02848256 _____ (SEGA                                                        ) C:\Users\TIM G\Desktop\PSO2_SETUP.exe
2014-01-03 12:26 - 2014-01-03 12:26 - 00476552 _____ (SEGA Corporation) C:\Users\TIM G\Downloads\downloader (1).exe
2014-01-03 12:25 - 2014-01-03 12:25 - 00476552 _____ (SEGA Corporation) C:\Users\TIM G\Downloads\downloader.exe
2014-01-03 11:43 - 2014-01-03 11:43 - 00000064 _____ C:\Windows\system32\cekemmg.zwl
2014-01-03 01:37 - 2014-01-03 01:37 - 00000000 ____D C:\Users\TIM G\Documents\SEGA
2014-01-03 01:37 - 2014-01-03 01:37 - 00000000 ____D C:\Program Files (x86)\SEGA
2014-01-03 01:33 - 2014-01-03 01:33 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\SEGA
2013-12-31 22:34 - 2013-12-31 22:34 - 00000000 ____D C:\american hustle
2013-12-31 22:33 - 2013-12-31 22:33 - 00000000 ____D C:\the hobbit smoag
2013-12-31 21:39 - 2013-12-31 21:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-31 21:31 - 2013-12-31 21:31 - 04101441 _____ C:\Users\TIM G\Downloads\tdsskiller.zip
2013-12-31 13:32 - 2013-12-31 13:32 - 00002419 _____ C:\RHDSetup.log
2013-12-31 11:45 - 2013-12-31 11:45 - 00000000 ____D C:\hitmanpro
2013-12-30 17:19 - 2013-12-30 17:19 - 00068496 _____ C:\Users\TIM G\AppData\Roaming\icarus-dxdiag.xml
2013-12-30 16:12 - 2013-12-30 16:12 - 00002098 _____ C:\Users\TIM G\Desktop\Fallen Earth.lnk
2013-12-30 16:12 - 2013-12-30 16:12 - 00000000 ____D C:\Program Files (x86)\GamersFirst
2013-12-30 15:50 - 2013-12-30 16:12 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2013-12-30 15:50 - 2013-12-30 16:12 - 00000000 ____D C:\Users\TIM G\AppData\Local\GamersFirst LIVE!
2013-12-30 15:50 - 2013-12-30 15:50 - 00001178 _____ C:\Users\TIM G\Desktop\GamersFirst LIVE!.lnk
2013-12-30 15:50 - 2013-12-30 15:50 - 00000000 ____D C:\Users\TIM G\AppData\Local\GamersFirst
2013-12-30 15:49 - 2013-12-30 15:49 - 12844984 _____ (GamersFirst) C:\Users\TIM G\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2013-12-26 00:12 - 2013-12-26 00:12 - 00000000 ____D C:\thor2
2013-12-22 19:19 - 2013-12-22 19:19 - 00000000 ____D C:\last days on mars
2013-12-22 19:18 - 2013-12-22 19:18 - 00000000 ____D C:\rush
2013-12-22 19:13 - 2013-12-22 19:13 - 00000000 ____D C:\gravity
2013-12-22 19:02 - 2013-12-22 19:02 - 00000000 ____D C:\the family
2013-12-20 11:01 - 2013-12-30 15:06 - 00000000 ____D C:\ProgramData\Tunngle
2013-12-20 11:01 - 2013-12-20 11:03 - 00000000 ____D C:\Program Files (x86)\Tunngle
2013-12-20 11:01 - 2013-12-20 11:01 - 00000957 _____ C:\Users\Public\Desktop\Tunngle beta.lnk
2013-12-20 10:28 - 2013-12-20 10:41 - 00000000 ____D C:\tunngle
2013-12-20 10:19 - 2013-12-20 10:20 - 04029596 _____ (Tunngle.net GmbH                                            ) C:\Users\TIM G\Downloads\Tunngle_Setup_v4.5.1.4.exe
2013-12-19 22:17 - 2013-12-19 22:17 - 00000000 ____D C:\Crash
2013-12-19 20:58 - 2013-12-19 20:58 - 00002492 _____ C:\Users\TIM G\Desktop\PlanetSide 2.lnk
2013-12-19 20:57 - 2013-12-19 20:57 - 20105448 _____ C:\Users\TIM G\Downloads\PS2_setup.exe
2013-12-19 16:28 - 2013-12-19 16:28 - 00001486 _____ C:\Users\TIM G\Desktop\Borderlands2 - Shortcut.lnk
2013-12-19 16:24 - 2013-12-19 16:24 - 20260192 _____ C:\Users\TIM G\Downloads\Tunngle_OfflineSetup_v4.5.1.1.zip
2013-12-19 16:11 - 2013-12-19 16:11 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Borderlands.2.Incl.All.24.DLC.[1.7].W.B.Repack
2013-12-19 13:22 - 2013-12-19 13:22 - 00000000 ____D C:\Program Files(x68)
2013-12-19 12:23 - 2013-12-19 12:23 - 00000000 ____D C:\borderlands2
2013-12-15 12:11 - 2013-12-15 12:11 - 00519632 _____ C:\Users\TIM G\Downloads\Setup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-11 12:53 - 2011-07-29 08:28 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001UA.job
2014-01-11 12:52 - 2014-01-11 12:45 - 00014604 _____ C:\Users\TIM G\Downloads\FRST.txt
2014-01-11 12:48 - 2013-03-24 20:53 - 00000000 ____D C:\Users\TIM G\AppData\Local\PMB Files
2014-01-11 12:44 - 2014-01-11 12:44 - 02076672 _____ (Farbar) C:\Users\TIM G\Downloads\FRST64.exe
2014-01-11 12:44 - 2014-01-11 12:44 - 00000000 ____D C:\FRST
2014-01-11 12:41 - 2012-01-23 10:02 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 12:41 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\tracing
2014-01-11 12:40 - 2011-03-25 11:26 - 00000000 ___HD C:\Users\TIM G\Tracing
2014-01-11 11:54 - 2012-01-23 10:02 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 10:28 - 2010-09-27 06:51 - 01714299 _____ C:\Windows\WindowsUpdate.log
2014-01-11 10:27 - 2012-11-26 18:56 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForTIM G.job
2014-01-11 08:25 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 08:25 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 08:18 - 2012-09-24 14:36 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-11 08:18 - 2010-08-27 16:56 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-11 08:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 08:18 - 2009-07-13 23:51 - 00063390 _____ C:\Windows\setupact.log
2014-01-11 02:53 - 2011-07-29 08:28 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001Core.job
2014-01-11 02:02 - 2014-01-08 21:03 - 00000092 _____ C:\Windows\system32\pghcrnm.hhc
2014-01-10 21:33 - 2014-01-10 18:50 - 00019300 _____ C:\Users\TIM G\Desktop\attach.txt
2014-01-10 21:33 - 2014-01-10 18:50 - 00011539 _____ C:\Users\TIM G\Desktop\dds.txt
2014-01-10 20:50 - 2014-01-10 20:47 - 00006182 _____ C:\Users\TIM G\Desktop\Rkill.txt
2014-01-10 20:47 - 2014-01-10 20:47 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\TIM G\Downloads\rkill.exe
2014-01-10 18:48 - 2014-01-10 18:48 - 00688992 ____R (Swearware) C:\Users\TIM G\Downloads\dds.com
2014-01-10 14:16 - 2013-03-01 17:42 - 00000000 ____D C:\ProgramData\Recovery
2014-01-10 14:11 - 2012-01-05 03:09 - 00007610 ____H C:\Users\TIM G\AppData\Local\Resmon.ResmonCfg
2014-01-10 11:54 - 2014-01-10 11:54 - 01153912 _____ (Emsi Software GmbH) C:\Users\TIM G\Downloads\BlitzBlank.exe
2014-01-10 11:43 - 2009-07-14 00:13 - 00792654 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 10:30 - 2011-03-23 10:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-10 10:30 - 2011-03-23 10:07 - 00000000 ____D C:\ProgramData\Skype
2014-01-09 12:01 - 2010-09-27 06:51 - 00000000 ___HD C:\Windows\SoftwareDistribution1
2014-01-09 11:52 - 2014-01-09 11:51 - 00001272 _____ C:\Users\TIM G\Desktop\shutdown.lnk
2014-01-09 11:34 - 2011-03-23 10:07 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\Skype
2014-01-09 04:40 - 2010-08-27 16:45 - 00364030 _____ C:\Windows\PFRO.log
2014-01-09 02:28 - 2014-01-08 23:42 - 00016895 _____ C:\Windows\IE10_main.log
2014-01-09 02:28 - 2014-01-08 23:42 - 00000134 _____ C:\Users\TIM G\Desktop\Internet Explorer Troubleshooting.url
2014-01-09 02:12 - 2011-09-15 09:15 - 00788632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-09 00:12 - 2014-01-09 00:12 - 00000000 ____D C:\db8c790c6260ae55878ddd74
2014-01-08 23:14 - 2014-01-08 23:10 - 00000000 ____D C:\Windows\system32\MRT
2014-01-08 22:09 - 2014-01-08 22:09 - 00000000 ____D C:\Windows\New folder
2014-01-08 22:04 - 2014-01-08 22:04 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2014-01-08 21:27 - 2014-01-08 21:27 - 00377856 _____ C:\Users\TIM G\Downloads\zjv4csc7.exe
2014-01-08 21:22 - 2014-01-08 21:22 - 00000031 _____ C:\Users\TIM G\Desktop\shutdownaero.bat
2014-01-08 21:22 - 2013-03-02 02:59 - 00002686 _____ C:\pin.txt
2014-01-08 21:14 - 2014-01-08 21:14 - 00037376 _____ C:\Windows\system32\yugsh.fgw
2014-01-08 21:14 - 2014-01-08 21:02 - 00000099 _____ C:\Windows\system32\wejcl.rno
2014-01-08 21:02 - 2014-01-08 21:02 - 00000064 _____ C:\Windows\system32\swhw.cpi
2014-01-08 20:46 - 2014-01-08 20:46 - 00219314 ____S C:\Windows\system32\zytw.gev
2014-01-08 00:28 - 2012-01-23 09:14 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-08 00:27 - 2014-01-08 00:27 - 06934513 _____ C:\Users\TIM G\Downloads\patch_2013_12_25 (1).rar
2014-01-05 10:27 - 2012-11-26 18:56 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTIM G
2014-01-05 10:26 - 2011-10-30 06:48 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-05 10:26 - 2010-12-26 15:01 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-05 10:24 - 2010-12-26 15:00 - 00000000 ___HD C:\Users\TIM G\AppData\Roaming\HpUpdate
2014-01-03 12:45 - 2014-01-03 12:45 - 06934513 _____ C:\Users\TIM G\Downloads\patch_2013_12_25.rar
2014-01-03 12:27 - 2014-01-03 12:27 - 00476552 _____ (SEGA Corporation) C:\Users\TIM G\Downloads\downloader (2).exe
2014-01-03 12:27 - 2014-01-03 12:27 - 00001300 _____ C:\Users\TIM G\Desktop\PHANTASY STAR ONLINE 2.lnk
2014-01-03 12:26 - 2014-01-03 12:26 - 02848256 _____ (SEGA                                                        ) C:\Users\TIM G\Desktop\PSO2_SETUP.exe
2014-01-03 12:26 - 2014-01-03 12:26 - 00476552 _____ (SEGA Corporation) C:\Users\TIM G\Downloads\downloader (1).exe
2014-01-03 12:25 - 2014-01-03 12:25 - 00476552 _____ (SEGA Corporation) C:\Users\TIM G\Downloads\downloader.exe
2014-01-03 12:12 - 2010-12-25 19:39 - 00000000 ____D C:\Users\TIM G
2014-01-03 12:11 - 2013-07-01 18:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-03 12:11 - 2013-03-24 20:53 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-03 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2014-01-03 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-03 11:43 - 2014-01-03 11:43 - 00000064 _____ C:\Windows\system32\cekemmg.zwl
2014-01-03 01:37 - 2014-01-03 01:37 - 00000000 ____D C:\Users\TIM G\Documents\SEGA
2014-01-03 01:37 - 2014-01-03 01:37 - 00000000 ____D C:\Program Files (x86)\SEGA
2014-01-03 01:33 - 2014-01-03 01:33 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\SEGA
2014-01-01 15:57 - 2013-10-19 22:01 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-01 15:57 - 2012-01-14 14:45 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\uTorrent
2014-01-01 15:57 - 2010-12-25 19:44 - 00000000 ___RD C:\Users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-01 15:57 - 2010-08-27 16:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-01 15:57 - 2010-08-27 16:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2014-01-01 15:57 - 2010-08-27 16:43 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-31 22:34 - 2013-12-31 22:34 - 00000000 ____D C:\american hustle
2013-12-31 22:33 - 2013-12-31 22:33 - 00000000 ____D C:\the hobbit smoag
2013-12-31 21:39 - 2013-12-31 21:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-31 21:31 - 2013-12-31 21:31 - 04101441 _____ C:\Users\TIM G\Downloads\tdsskiller.zip
2013-12-31 13:32 - 2013-12-31 13:32 - 00002419 _____ C:\RHDSetup.log
2013-12-31 11:45 - 2013-12-31 11:45 - 00000000 ____D C:\hitmanpro
2013-12-30 17:19 - 2013-12-30 17:19 - 00068496 _____ C:\Users\TIM G\AppData\Roaming\icarus-dxdiag.xml
2013-12-30 16:12 - 2013-12-30 16:12 - 00002098 _____ C:\Users\TIM G\Desktop\Fallen Earth.lnk
2013-12-30 16:12 - 2013-12-30 16:12 - 00000000 ____D C:\Program Files (x86)\GamersFirst
2013-12-30 16:12 - 2013-12-30 15:50 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2013-12-30 16:12 - 2013-12-30 15:50 - 00000000 ____D C:\Users\TIM G\AppData\Local\GamersFirst LIVE!
2013-12-30 15:50 - 2013-12-30 15:50 - 00001178 _____ C:\Users\TIM G\Desktop\GamersFirst LIVE!.lnk
2013-12-30 15:50 - 2013-12-30 15:50 - 00000000 ____D C:\Users\TIM G\AppData\Local\GamersFirst
2013-12-30 15:49 - 2013-12-30 15:49 - 12844984 _____ (GamersFirst) C:\Users\TIM G\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2013-12-30 15:06 - 2013-12-20 11:01 - 00000000 ____D C:\ProgramData\Tunngle
2013-12-26 00:12 - 2013-12-26 00:12 - 00000000 ____D C:\thor2
2013-12-25 14:37 - 2013-03-21 04:21 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-12-22 19:19 - 2013-12-22 19:19 - 00000000 ____D C:\last days on mars
2013-12-22 19:18 - 2013-12-22 19:18 - 00000000 ____D C:\rush
2013-12-22 19:13 - 2013-12-22 19:13 - 00000000 ____D C:\gravity
2013-12-22 19:02 - 2013-12-22 19:02 - 00000000 ____D C:\the family
2013-12-20 11:03 - 2013-12-20 11:01 - 00000000 ____D C:\Program Files (x86)\Tunngle
2013-12-20 11:02 - 2012-10-15 23:23 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\Tunngle
2013-12-20 11:01 - 2013-12-20 11:01 - 00000957 _____ C:\Users\Public\Desktop\Tunngle beta.lnk
2013-12-20 10:41 - 2013-12-20 10:28 - 00000000 ____D C:\tunngle
2013-12-20 10:20 - 2013-12-20 10:19 - 04029596 _____ (Tunngle.net GmbH                                            ) C:\Users\TIM G\Downloads\Tunngle_Setup_v4.5.1.4.exe
2013-12-19 22:17 - 2013-12-19 22:17 - 00000000 ____D C:\Crash
2013-12-19 20:58 - 2013-12-19 20:58 - 00002492 _____ C:\Users\TIM G\Desktop\PlanetSide 2.lnk
2013-12-19 20:58 - 2013-03-05 18:39 - 00002522 _____ C:\Users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
2013-12-19 20:57 - 2013-12-19 20:57 - 20105448 _____ C:\Users\TIM G\Downloads\PS2_setup.exe
2013-12-19 16:28 - 2013-12-19 16:28 - 00001486 _____ C:\Users\TIM G\Desktop\Borderlands2 - Shortcut.lnk
2013-12-19 16:24 - 2013-12-19 16:24 - 20260192 _____ C:\Users\TIM G\Downloads\Tunngle_OfflineSetup_v4.5.1.1.zip
2013-12-19 16:11 - 2013-12-19 16:11 - 00000000 ____D C:\Users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Borderlands.2.Incl.All.24.DLC.[1.7].W.B.Repack
2013-12-19 13:22 - 2013-12-19 13:22 - 00000000 ____D C:\Program Files(x68)
2013-12-19 12:23 - 2013-12-19 12:23 - 00000000 ____D C:\borderlands2
2013-12-15 12:11 - 2013-12-15 12:11 - 00519632 _____ C:\Users\TIM G\Downloads\Setup.exe
ZeroAccess:
C:\Users\TIM G\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2351418227-987604480-1267744043-1001\$16b96affb0b8ca586f39ad6014a35541
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$16b96affb0b8ca586f39ad6014a35541
 
Some content of TEMP:
====================
C:\Users\TIM G\AppData\Local\Temp\bitool.dll
C:\Users\TIM G\AppData\Local\Temp\DeltaTB.exe
C:\Users\TIM G\AppData\Local\Temp\DSETUP.dll
C:\Users\TIM G\AppData\Local\Temp\dsetup32.dll
C:\Users\TIM G\AppData\Local\Temp\DXSETUP.exe
C:\Users\TIM G\AppData\Local\Temp\jna1240869761917902462.dll
C:\Users\TIM G\AppData\Local\Temp\jna1413710933842999495.dll
C:\Users\TIM G\AppData\Local\Temp\jna1509321631050399426.dll
C:\Users\TIM G\AppData\Local\Temp\jna181002884525126382.dll
C:\Users\TIM G\AppData\Local\Temp\jna2056117334270876793.dll
C:\Users\TIM G\AppData\Local\Temp\jna2350457407725985663.dll
C:\Users\TIM G\AppData\Local\Temp\jna2501722774978703767.dll
C:\Users\TIM G\AppData\Local\Temp\jna2507869809656637686.dll
C:\Users\TIM G\AppData\Local\Temp\jna3016435282032593342.dll
C:\Users\TIM G\AppData\Local\Temp\jna3765318346702758685.dll
C:\Users\TIM G\AppData\Local\Temp\jna3776334295820692366.dll
C:\Users\TIM G\AppData\Local\Temp\jna4215179017233479215.dll
C:\Users\TIM G\AppData\Local\Temp\jna4675030473451289967.dll
C:\Users\TIM G\AppData\Local\Temp\jna4747423709425249630.dll
C:\Users\TIM G\AppData\Local\Temp\jna6688887772374505185.dll
C:\Users\TIM G\AppData\Local\Temp\jna69682513162552070.dll
C:\Users\TIM G\AppData\Local\Temp\jna6974172633495998942.dll
C:\Users\TIM G\AppData\Local\Temp\jna7392160597735763930.dll
C:\Users\TIM G\AppData\Local\Temp\jna7451693110206125227.dll
C:\Users\TIM G\AppData\Local\Temp\jna7939061912093714794.dll
C:\Users\TIM G\AppData\Local\Temp\jna8026878449591215467.dll
C:\Users\TIM G\AppData\Local\Temp\jna807005620098060180.dll
C:\Users\TIM G\AppData\Local\Temp\jna8086797959084076185.dll
C:\Users\TIM G\AppData\Local\Temp\jna8328417791982749196.dll
C:\Users\TIM G\AppData\Local\Temp\jna8442728708674495032.dll
C:\Users\TIM G\AppData\Local\Temp\jna8487716000170671869.dll
C:\Users\TIM G\AppData\Local\Temp\jna8671343207087428302.dll
C:\Users\TIM G\AppData\Local\Temp\jna9040494268181963297.dll
C:\Users\TIM G\AppData\Local\Temp\jna9059036087288610248.dll
C:\Users\TIM G\AppData\Local\Temp\jna9187258343988397619.dll
C:\Users\TIM G\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\TIM G\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\TIM G\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\TIM G\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\TIM G\AppData\Local\Temp\nvStInst.exe
C:\Users\TIM G\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-07-07 06:22] - [2010-11-20 08:27] - 0512512 ____A (Microsoft Corporation) F3FB7BB281A6E51B86B82A87829C231E
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-11 07:30
 
==================== End Of Log ============================


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 11 January 2014 - 03:23 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

U3 akdvzogd; No ImagePath
C:\Users\TIM G\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\$Recycle.Bin\S-1-5-21-2351418227-987604480-1267744043-1001\$16b96affb0b8ca586f39ad6014a35541
C:\$Recycle.Bin\S-1-5-18\$16b96affb0b8ca586f39ad6014a35541
C:\Users\TIM G\AppData\Local\Temp\jna1240869761917902462.dll
C:\Users\TIM G\AppData\Local\Temp\jna1413710933842999495.dll
C:\Users\TIM G\AppData\Local\Temp\jna1509321631050399426.dll
C:\Users\TIM G\AppData\Local\Temp\jna181002884525126382.dll
C:\Users\TIM G\AppData\Local\Temp\jna2056117334270876793.dll
C:\Users\TIM G\AppData\Local\Temp\jna2350457407725985663.dll
C:\Users\TIM G\AppData\Local\Temp\jna2501722774978703767.dll
C:\Users\TIM G\AppData\Local\Temp\jna2507869809656637686.dll
C:\Users\TIM G\AppData\Local\Temp\jna3016435282032593342.dll
C:\Users\TIM G\AppData\Local\Temp\jna3765318346702758685.dll
C:\Users\TIM G\AppData\Local\Temp\jna3776334295820692366.dll
C:\Users\TIM G\AppData\Local\Temp\jna4215179017233479215.dll
C:\Users\TIM G\AppData\Local\Temp\jna4675030473451289967.dll
C:\Users\TIM G\AppData\Local\Temp\jna4747423709425249630.dll
C:\Users\TIM G\AppData\Local\Temp\jna6688887772374505185.dll
C:\Users\TIM G\AppData\Local\Temp\jna69682513162552070.dll
C:\Users\TIM G\AppData\Local\Temp\jna6974172633495998942.dll
C:\Users\TIM G\AppData\Local\Temp\jna7392160597735763930.dll
C:\Users\TIM G\AppData\Local\Temp\jna7451693110206125227.dll
C:\Users\TIM G\AppData\Local\Temp\jna7939061912093714794.dll
C:\Users\TIM G\AppData\Local\Temp\jna8026878449591215467.dll
C:\Users\TIM G\AppData\Local\Temp\jna807005620098060180.dll
C:\Users\TIM G\AppData\Local\Temp\jna8086797959084076185.dll
C:\Users\TIM G\AppData\Local\Temp\jna8328417791982749196.dll
C:\Users\TIM G\AppData\Local\Temp\jna8442728708674495032.dll
C:\Users\TIM G\AppData\Local\Temp\jna8487716000170671869.dll
C:\Users\TIM G\AppData\Local\Temp\jna8671343207087428302.dll
C:\Users\TIM G\AppData\Local\Temp\jna9040494268181963297.dll
C:\Users\TIM G\AppData\Local\Temp\jna9059036087288610248.dll
C:\Users\TIM G\AppData\Local\Temp\jna9187258343988397619.dll
Replace: C:\Windows\System32\rpcss.dll C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Bamaman

Bamaman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 11 January 2014 - 04:09 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014 05
Ran by TIM G at 2014-01-11 16:08:08 Run:1
Running from C:\Users\TIM G\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
U3 akdvzogd; No ImagePath
C:\Users\TIM G\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\$Recycle.Bin\S-1-5-21-2351418227-987604480-1267744043-1001\$16b96affb0b8ca586f39ad6014a35541
C:\$Recycle.Bin\S-1-5-18\$16b96affb0b8ca586f39ad6014a35541
C:\Users\TIM G\AppData\Local\Temp\jna1240869761917902462.dll
C:\Users\TIM G\AppData\Local\Temp\jna1413710933842999495.dll
C:\Users\TIM G\AppData\Local\Temp\jna1509321631050399426.dll
C:\Users\TIM G\AppData\Local\Temp\jna181002884525126382.dll
C:\Users\TIM G\AppData\Local\Temp\jna2056117334270876793.dll
C:\Users\TIM G\AppData\Local\Temp\jna2350457407725985663.dll
C:\Users\TIM G\AppData\Local\Temp\jna2501722774978703767.dll
C:\Users\TIM G\AppData\Local\Temp\jna2507869809656637686.dll
C:\Users\TIM G\AppData\Local\Temp\jna3016435282032593342.dll
C:\Users\TIM G\AppData\Local\Temp\jna3765318346702758685.dll
C:\Users\TIM G\AppData\Local\Temp\jna3776334295820692366.dll
C:\Users\TIM G\AppData\Local\Temp\jna4215179017233479215.dll
C:\Users\TIM G\AppData\Local\Temp\jna4675030473451289967.dll
C:\Users\TIM G\AppData\Local\Temp\jna4747423709425249630.dll
C:\Users\TIM G\AppData\Local\Temp\jna6688887772374505185.dll
C:\Users\TIM G\AppData\Local\Temp\jna69682513162552070.dll
C:\Users\TIM G\AppData\Local\Temp\jna6974172633495998942.dll
C:\Users\TIM G\AppData\Local\Temp\jna7392160597735763930.dll
C:\Users\TIM G\AppData\Local\Temp\jna7451693110206125227.dll
C:\Users\TIM G\AppData\Local\Temp\jna7939061912093714794.dll
C:\Users\TIM G\AppData\Local\Temp\jna8026878449591215467.dll
C:\Users\TIM G\AppData\Local\Temp\jna807005620098060180.dll
C:\Users\TIM G\AppData\Local\Temp\jna8086797959084076185.dll
C:\Users\TIM G\AppData\Local\Temp\jna8328417791982749196.dll
C:\Users\TIM G\AppData\Local\Temp\jna8442728708674495032.dll
C:\Users\TIM G\AppData\Local\Temp\jna8487716000170671869.dll
C:\Users\TIM G\AppData\Local\Temp\jna8671343207087428302.dll
C:\Users\TIM G\AppData\Local\Temp\jna9040494268181963297.dll
C:\Users\TIM G\AppData\Local\Temp\jna9059036087288610248.dll
C:\Users\TIM G\AppData\Local\Temp\jna9187258343988397619.dll
Replace: C:\Windows\System32\rpcss.dll C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
*****************
 
akdvzogd => Service not found.
C:\Users\TIM G\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-2351418227-987604480-1267744043-1001\$16b96affb0b8ca586f39ad6014a35541 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$16b96affb0b8ca586f39ad6014a35541 => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna1240869761917902462.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna1413710933842999495.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna1509321631050399426.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna181002884525126382.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna2056117334270876793.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna2350457407725985663.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna2501722774978703767.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna2507869809656637686.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna3016435282032593342.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna3765318346702758685.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna3776334295820692366.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna4215179017233479215.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna4675030473451289967.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna4747423709425249630.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna6688887772374505185.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna69682513162552070.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna6974172633495998942.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna7392160597735763930.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna7451693110206125227.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna7939061912093714794.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna8026878449591215467.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna807005620098060180.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna8086797959084076185.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna8328417791982749196.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna8442728708674495032.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna8487716000170671869.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna8671343207087428302.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna9040494268181963297.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna9059036087288610248.dll => Moved successfully.
C:\Users\TIM G\AppData\Local\Temp\jna9187258343988397619.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll => Moved successfully.
Could not replace C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll.
 
==== End of Fixlog ====


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 11 January 2014 - 05:45 PM

Please do this next:

icon11.gif   Run FRST again.

  • When the tool opens click Yes to disclaimer.
  • Enter the following into the search box:  rpcss.dll
  • Press the Search File(s) button
  • The tool will make another log please post it to your reply.

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Bamaman

Bamaman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 12 January 2014 - 02:33 AM

Farbar Recovery Scan Tool (x64) Version: 11-01-2014 05

Ran by TIM G at 2014-01-12 02:31:56
Running from C:\Users\TIM G\Downloads
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
C:\Windows\System32\rpcss.dll
[2011-07-07 06:22] - [2010-11-20 08:27] - 0512512 ____A (Microsoft Corporation) F3FB7BB281A6E51B86B82A87829C231E
 
C:\FRST\Quarantine\rpcss.dll
[2011-07-07 06:22] - [2010-11-20 08:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
====== End Of Search ======


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 12 January 2014 - 09:47 AM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

Replace: C:\FRST\Quarantine\rpcss.dll C:\Windows\System32\rpcss.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Bamaman

Bamaman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 12 January 2014 - 11:00 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2014
Ran by TIM G at 2014-01-12 10:59:31 Run:2
Running from C:\Users\TIM G\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Replace: C:\FRST\Quarantine\rpcss.dll C:\Windows\System32\rpcss.dll
*****************
 
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\FRST\Quarantine\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
==== End of Fixlog ====


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 12 January 2014 - 11:30 AM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Bamaman

Bamaman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 12 January 2014 - 03:01 PM

I have followed the instructions and downloaded combofix, when i ran combofix the program completed stages up to 48 then stalled. i waited approximately 90 mins before canceling the combofix operation and posting back here. also after running combofix i was forced to restart my system in order to load web pages on any browser. i could not produce any combofix logs at this time.



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 12 January 2014 - 04:09 PM

Please try running ComboFix again, but this time run it from the Safe Mode

Please include the following in your next post:

  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 Bamaman

Bamaman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 12 January 2014 - 04:30 PM

ComboFix 14-01-12.01 - TIM G 01/12/2014  15:58:38.3.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1754 [GMT -5:00]
Running from: c:\users\TIM G\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
c:\windows\_detmp.2
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))
.
.
2014-01-12 21:09 . 2014-01-12 21:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-12 21:09 . 2014-01-12 21:09 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-01-12 21:09 . 2014-01-12 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-12 09:48 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A42C4574-8FC6-4758-91BF-32CE447F2F78}\mpengine.dll
2014-01-11 17:44 . 2014-01-12 15:55 -------- d-----w- C:\FRST
2014-01-09 05:12 . 2014-01-09 05:12 -------- d-----w- C:\db8c790c6260ae55878ddd74
2014-01-09 04:10 . 2014-01-09 04:14 -------- d-----w- c:\windows\system32\MRT
2014-01-09 03:09 . 2014-01-09 03:09 -------- d-----w- c:\windows\New folder
2014-01-03 06:37 . 2014-01-03 06:37 -------- d-----w- c:\program files (x86)\SEGA
2014-01-03 06:33 . 2014-01-03 06:33 -------- d-----w- c:\users\TIM G\AppData\Roaming\SEGA
2014-01-01 03:34 . 2014-01-01 03:34 -------- d-----w- C:\american hustle
2014-01-01 03:33 . 2014-01-01 03:33 -------- d-----w- C:\the hobbit smoag
2014-01-01 02:39 . 2014-01-01 02:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-31 16:45 . 2013-12-31 16:45 -------- d-----w- C:\hitmanpro
2013-12-30 21:12 . 2013-12-30 21:12 -------- d-----w- c:\program files (x86)\GamersFirst
2013-12-30 20:50 . 2013-12-30 21:12 -------- d-----w- c:\users\TIM G\AppData\Local\GamersFirst LIVE!
2013-12-30 20:50 . 2013-12-30 20:50 -------- d-----w- c:\users\TIM G\AppData\Local\GamersFirst
2013-12-26 05:12 . 2013-12-26 05:12 -------- d-----w- C:\thor2
2013-12-23 00:19 . 2013-12-23 00:19 -------- d-----w- C:\last days on mars
2013-12-23 00:18 . 2013-12-23 00:18 -------- d-----w- C:\rush
2013-12-23 00:13 . 2013-12-23 00:13 -------- d-----w- C:\gravity
2013-12-23 00:02 . 2013-12-23 00:02 -------- d-----w- C:\the family
2013-12-20 16:01 . 2013-12-30 20:06 -------- d-----w- c:\programdata\Tunngle
2013-12-20 16:01 . 2013-12-20 16:03 -------- d-----w- c:\program files (x86)\Tunngle
2013-12-20 15:28 . 2013-12-20 15:41 -------- d-----w- C:\tunngle
2013-12-20 03:17 . 2013-12-20 03:17 -------- d-----w- C:\Crash
2013-12-19 18:22 . 2013-12-19 18:22 -------- d-----w- C:\Program Files(x68)
2013-12-19 17:23 . 2013-12-19 17:23 -------- d-----w- C:\borderlands2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 19:42 . 2011-10-25 13:07 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 17:25 . 2010-12-26 00:55 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-06 22:12 . 2011-10-24 18:14 5204224 ----a-w- c:\windows\SysWow64\GameMon.des
2013-10-22 20:13 . 2013-10-22 20:13 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-20 02:40 . 2013-10-20 02:37 1033335 ----a-w- C:\JRT.exe
2012-10-15 21:00 . 2012-10-17 18:34 1606656 ----a-w- c:\program files (x86)\SteamInstall.msi
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . F3FB7BB281A6E51B86B82A87829C231E . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-23 39408]
"cdloader"="c:\users\TIM G\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-25 4270640]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\TIM G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\users\TIM G\AppData\Local\GamersFirst\LIVE!\Live.exe /silent [2013-6-25 2878504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 02:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 15:02]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 15:02]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001Core.job
- c:\users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 13:28]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351418227-987604480-1267744043-1001UA.job
- c:\users\TIM G\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 13:28]
.
2014-01-12 c:\windows\Tasks\HPCeeScheduleForTIM G.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Wow6432Node-HKCU-Run-Driver Manager - c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Dungeon Keeper II - c:\program files (x86)\Bullfrog\Dungeon Keeper 2\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\users\TIM G\AppData\Local\GamersFirst\LIVE!\Live.exe
.
**************************************************************************
.
Completion time: 2014-01-12  16:27:01 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-12 21:26
.
Pre-Run: 30,671,753,216 bytes free
Post-Run: 38,501,134,336 bytes free
.
- - End Of File - - E41D8430C614CBD5C12C0A7CC751AC55
A36C5E4F47E84449FF07ED3517B43A31


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 12 January 2014 - 04:59 PM

Please do this next:

icon11.gif  Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.

Please include the following in your next post:
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 Bamaman

Bamaman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 12 January 2014 - 07:19 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.12.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
TIM G :: TIMG-PC [administrator]
 
1/12/2014 5:10:44 PM
mbam-log-2014-01-12 (17-10-44).txt
 
Scan type: Full scan (C:\|D:\|E:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 585239
Time elapsed: 1 hour(s), 30 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: Search Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data:  -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\TIM G\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
 
Files Detected: 12
C:\FRST\Quarantine\rpcss.dll (Trojan.Patched) -> Quarantined and deleted successfully.
c:\frst\quarantine\install\install\{16b96aff-b0b8-ca58-6f39-ad6014a35541}\   \...\‮ﯹ๛\{16b96aff-b0b8-ca58-6f39-ad6014a35541}\u\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\31.12.2013_21.32.00\susp0000\svc0000\tsk0000.dta (Trojan.Patched) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\31.12.2013_21.32.00\susp0001\svc0000\tsk0000.dta (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Users\TIM G\AppData\Local\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\TIM G\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\176c8519-787c2c8b (Trojan.Agent.AIM) -> Quarantined and deleted successfully.
C:\Users\TIM G\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\3902d8b7-60281867 (Trojan.Dropper.ED) -> Quarantined and deleted successfully.
C:\Users\TIM G\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\TIM G\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab (Adware.ScanQuery) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\upgrade[1].cab (Adware.ScanQuery) -> Quarantined and deleted successfully.
C:\Users\TIM G\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users