Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake app attack crashes browsers


  • This topic is locked This topic is locked
9 replies to this topic

#1 Legosteve

Legosteve

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 03 February 2014 - 03:48 PM

I was at barns and nobles today and started getting a notice from norton that a fake app attack misleading application file download 3 from www.dataukmyscan.info only a couple of minutes will pass before the browser will crash no matter what site I am on.

I am running windows 7 64 bit

Edited by Legosteve, 03 February 2014 - 03:49 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 PM

Posted 03 February 2014 - 09:40 PM





Hello Legosteve

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Legosteve

Legosteve
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 03 February 2014 - 10:56 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by steven.teters (administrator) on SG-1 on 03-02-2014 21:53:31
Running from C:\Users\steven.teters\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wyse Technology Inc.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-11] (IDT, Inc.)
HKLM\...\Run: [PocketCloud Location] - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [935312 2012-11-05] (Wyse Technology Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-06-12] (cyberlink)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2530840 2014-01-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [] - [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Exetender] - C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4989848 2013-12-08] (Exent Technologies Ltd.)
HKU\S-1-5-19\...\Run: [Exetender] - C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4989848 2013-12-08] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] - C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4989848 2013-12-08] (Exent Technologies Ltd.)
HKU\S-1-5-21-1791464088-1935487432-4007452288-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1791464088-1935487432-4007452288-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1791464088-1935487432-4007452288-1001\...\MountPoints2: {101e3bcc-aec6-11e1-81d1-806e6f6e6963} - E:\PC_Clickme.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-09] (NVIDIA Corporation)
AppInit_DLLs: C:\PROGRA~3\WINWEB~1\WINWEB~2.DLL => File Not Found
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [205184 2013-02-09] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\magnipic\sprote~1.dll,c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [205184 2013-02-09] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\winweb~1\winweb~1.dll => File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {6FB42D63-CA3F-4C9E-B6D5-922F2EAB0866} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {6FB42D63-CA3F-4C9E-B6D5-922F2EAB0866} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {91B1EDF9-8F0C-4B05-9251-3542F42518A4} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=113543&tt=3512_5&babsrc=SP_ss&mntrId=b071d31f00000000000008edb9217fab
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {6FB42D63-CA3F-4C9E-B6D5-922F2EAB0866} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {91B1EDF9-8F0C-4B05-9251-3542F42518A4} URL = http://searchab.com/?aff=7&uid=69a361c1-7c6c-11e2-886b-082e5f7481b8&q={searchTerms}
SearchScopes: HKCU - {92A91981-F6A2-46E6-A533-4FE2D09851D7} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=40F1F723-4BD9-4809-BF63-D375804C334E&apn_sauid=167835A9-E9C8-4624-BBE1-494E402FD8EF
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={B9A9F28F-28C8-49F6-8193-7D8D4FE5214B}&mid=0c843f4ed4bc47d09685d9671990684b-be0d3940970f4b6e34bd3185de7c5edb02fd8a26&lang=en&ds=dn011&coid=&cmpid=&pr=sa&d=2013-10-12 19:20:33&v=17.3.2.101&pid=safeguard&sg=6&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AA8CB036-8F90-4C71-842D-48AEB140B798} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\steven.teters\AppData\Roaming\Mozilla\Firefox\Profiles\gkwbxkwt.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=40F1F723-4BD9-4809-BF63-D375804C334E&apn_ptnrs=%5ETV&apn_sauid=167835A9-E9C8-4624-BBE1-494E402FD8EF&apn_dtid=%5EOSJ000%5EYY%5EUS&&q=
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 - C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\steven.teters\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\steven.teters\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.2.101
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.2.101 [2014-01-11]
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta278.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta278\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta278\ff [2014-01-09]
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: ""
CHR Extension: (Entanglement Web App) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-02-03]
CHR Extension: (Docs) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (Audiotool) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2014-02-03]
CHR Extension: (YouTube) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (Google Search) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (AutoCAD 360) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2014-02-03]
CHR Extension: (Pandora) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-02-03]
CHR Extension: (AdBlock) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-03]
CHR Extension: (Website Logon) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-02-03]
CHR Extension: (Google Voice (by Google)) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-02-03]
CHR Extension: (Autodesk Homestyler) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-02-03]
CHR Extension: (Little Alchemy) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-02-03]
CHR Extension: (Until AM Web App) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2014-02-03]
CHR Extension: (Build with Chrome) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-02-03]
CHR Extension: (Planner 5D) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-02-03]
CHR Extension: (Poppit) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-02-03]
CHR Extension: (Norton Identity Protection) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-03]
CHR Extension: (Google Wallet) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Bastion) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2014-02-03]
CHR Extension: (Falling Sand Game) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo [2014-02-03]
CHR Extension: (Psykopaint) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-02-03]
CHR Extension: (Gmail) - C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]
CHR Extension: (ExstrACooupeoNu) - C:\ProgramData\jdcfnfmbohbabhdaohdmlbelaojhgoan [2014-01-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\STEVEN~1.TET\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-21]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\steven.teters\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [giacfgjdclhnmkacnfbaljbmpnelflol] - C:\Program Files (x86)\iVIDI.org plugin\ividiplg.crx [2012-11-05]
CHR HKLM-x32\...\Chrome\Extension: [jjlgdagjedgdjpncjjdjegmkpldciela] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta278\ch\VideoPlayerV3beta278.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.2.101\avg.crx [2014-01-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-01-11] (AVG Secure Search)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.)
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-11] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20140131.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20140202.003\ENG64.SYS [126040 2013-11-12] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20140202.003\EX64.SYS [2099288 2013-11-12] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 rt70x64; C:\Windows\System32\DRIVERS\netr7064.sys [388448 2010-04-27] (Ralink Technology Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-02-03] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56584 2013-07-18] (Exent Technologies Ltd.)
S3 ALSysIO; \??\C:\Users\STEVEN~1.TET\AppData\Local\Temp\ALSysIO64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-03 21:53 - 2014-02-03 21:53 - 02080256 _____ (Farbar) C:\Users\steven.teters\Downloads\FRST64.exe
2014-02-03 21:53 - 2014-02-03 21:53 - 00033666 _____ () C:\Users\steven.teters\Downloads\FRST.txt
2014-02-03 21:53 - 2014-02-03 21:53 - 00000000 ____D () C:\FRST
2014-02-03 21:46 - 2014-02-03 21:46 - 00002198 _____ () C:\Users\steven.teters\Documents\RKreport[0]_D_02032014_143619.txt
2014-02-03 14:36 - 2014-02-03 14:36 - 00002198 _____ () C:\Users\steven.teters\Desktop\RKreport[0]_D_02032014_143619.txt
2014-02-03 14:36 - 2014-02-03 14:36 - 00002145 _____ () C:\Users\steven.teters\Desktop\RKreport[0]_S_02032014_143609.txt
2014-02-03 14:29 - 2014-02-03 14:36 - 00000000 ____D () C:\Users\steven.teters\Desktop\RK_Quarantine
2014-02-03 14:27 - 2014-02-03 14:27 - 04380160 _____ () C:\Users\steven.teters\Downloads\RogueKillerX64.exe
2014-02-03 13:58 - 2014-02-03 13:58 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-02-03 13:58 - 2014-02-03 13:58 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-02-03 13:50 - 2014-02-03 13:50 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\APN
2014-02-03 13:50 - 2014-02-03 13:50 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-02-03 13:44 - 2014-02-03 14:00 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\NPE
2014-02-03 13:43 - 2014-02-03 13:44 - 03053496 ____N (Symantec Corporation) C:\Users\steven.teters\Downloads\NPE.exe
2014-02-03 11:29 - 2014-02-03 11:29 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 11:29 - 2014-02-03 11:29 - 00002259 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-02-03 11:25 - 2014-02-03 11:25 - 00000000 ____D () C:\Program Files (x86)\NewSavver
2014-02-03 11:23 - 2014-02-03 11:23 - 00000000 ____D () C:\Program Files (x86)\ExstrACooupeoNu
2014-02-03 10:08 - 2014-02-03 10:08 - 00421118 _____ () C:\Users\steven.teters\Downloads\Recovered_File_1.pptx
2014-02-03 10:07 - 2014-02-03 10:07 - 00058756 _____ () C:\Users\steven.teters\Downloads\Team_C_-_Module_8_group_project.pptx
2014-02-02 23:41 - 2014-02-02 23:41 - 01693076 _____ () C:\Users\steven.teters\Downloads\Religion_project.pptx
2014-02-02 22:43 - 2014-02-02 22:43 - 00282138 _____ () C:\Users\steven.teters\Downloads\Age_Diversity_P.P (1).pptx
2014-02-02 22:00 - 2014-02-03 11:10 - 00307724 _____ () C:\Users\steven.teters\Downloads\Age_Diversity_P.P.pptx
2014-01-29 23:16 - 2014-02-03 12:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-01-29 23:16 - 2014-02-03 12:16 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-01-27 18:26 - 2014-01-27 18:35 - 00000000 ____D () C:\Users\steven.teters\Documents\Outlook Files
2014-01-27 14:53 - 2014-01-27 14:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-27 14:53 - 2014-01-27 14:53 - 00001783 _____ () C:\ProgramData\Desktop\iTunes.lnk
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\Program Files\iTunes
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\Program Files\iPod
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 23:07 - 2014-01-26 23:07 - 00431616 _____ () C:\Users\steven.teters\Downloads\Chapter_9.ppt
2014-01-26 23:01 - 2014-01-26 23:01 - 00366080 _____ () C:\Users\steven.teters\Downloads\Chapter_10.ppt
2014-01-19 20:54 - 2014-01-19 20:54 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\My Games
2014-01-19 16:29 - 2014-01-19 20:54 - 00000000 ____D () C:\Users\steven.teters\Documents\My Games
2014-01-19 16:26 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-19 16:26 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-19 16:26 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-19 16:26 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-19 16:26 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-19 16:26 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-19 16:26 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-19 16:26 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-19 16:25 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-19 16:25 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-19 16:25 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-19 16:25 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-19 16:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-19 16:25 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-19 16:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-19 16:09 - 2014-01-19 16:09 - 00000222 _____ () C:\Users\steven.teters\Desktop\XCOM Enemy Unknown.url
2014-01-19 16:09 - 2014-01-19 16:09 - 00000220 _____ () C:\Users\steven.teters\Desktop\Sid Meier's Civilization V.url
2014-01-19 16:09 - 2014-01-19 16:09 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-19 15:38 - 2014-01-19 15:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-19 15:38 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 15:38 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 15:38 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 15:38 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-19 15:37 - 2014-01-19 15:38 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 00:51 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 00:51 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 00:51 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 00:51 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 00:51 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 00:51 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 00:51 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 00:51 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 00:51 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-11 12:40 - 2014-01-11 12:40 - 00003739 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-09 22:42 - 2014-01-09 22:42 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3
2014-01-05 14:32 - 2014-01-05 16:26 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Bitcoin
2014-01-05 14:32 - 2014-01-05 14:32 - 11687960 _____ (Bitcoin project) C:\Users\steven.teters\Downloads\bitcoin-0.8.6-win32-setup.exe
2014-01-05 14:32 - 2014-01-05 14:32 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2014-01-05 14:32 - 2014-01-05 14:32 - 00000000 ____D () C:\Program Files (x86)\Bitcoin
2014-01-05 13:37 - 2014-01-05 14:31 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\MultiBit
2014-01-05 13:36 - 2014-01-05 13:36 - 00001817 _____ () C:\Users\Public\Desktop\MultiBit 0.5.16.lnk
2014-01-05 13:36 - 2014-01-05 13:36 - 00001817 _____ () C:\ProgramData\Desktop\MultiBit 0.5.16.lnk
2014-01-05 13:36 - 2014-01-05 13:36 - 00000000 ____D () C:\Program Files (x86)\MultiBit-0.5.16
2014-01-05 13:35 - 2014-01-05 13:35 - 09260760 _____ () C:\Users\steven.teters\Downloads\multibit-0.5.16-windows-setup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-02-03 21:53 - 2014-02-03 21:53 - 02080256 _____ (Farbar) C:\Users\steven.teters\Downloads\FRST64.exe
2014-02-03 21:53 - 2014-02-03 21:53 - 00033666 _____ () C:\Users\steven.teters\Downloads\FRST.txt
2014-02-03 21:53 - 2014-02-03 21:53 - 00000000 ____D () C:\FRST
2014-02-03 21:53 - 2012-06-26 18:15 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\CrashDumps
2014-02-03 21:47 - 2009-07-13 23:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 21:46 - 2014-02-03 21:46 - 00002198 _____ () C:\Users\steven.teters\Documents\RKreport[0]_D_02032014_143619.txt
2014-02-03 21:46 - 2009-07-13 22:51 - 00132999 _____ () C:\Windows\setupact.log
2014-02-03 21:44 - 2013-03-21 22:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 21:44 - 2013-02-21 15:20 - 00000388 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-02-03 21:44 - 2012-10-29 13:39 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791464088-1935487432-4007452288-1001UA.job
2014-02-03 21:44 - 2012-06-11 15:26 - 01589226 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 21:44 - 2012-02-17 17:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 14:44 - 2012-10-29 13:39 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791464088-1935487432-4007452288-1001Core.job
2014-02-03 14:36 - 2014-02-03 14:36 - 00002198 _____ () C:\Users\steven.teters\Desktop\RKreport[0]_D_02032014_143619.txt
2014-02-03 14:36 - 2014-02-03 14:36 - 00002145 _____ () C:\Users\steven.teters\Desktop\RKreport[0]_S_02032014_143609.txt
2014-02-03 14:36 - 2014-02-03 14:29 - 00000000 ____D () C:\Users\steven.teters\Desktop\RK_Quarantine
2014-02-03 14:32 - 2013-10-12 17:00 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\Pokki
2014-02-03 14:31 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 14:31 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 14:27 - 2014-02-03 14:27 - 04380160 _____ () C:\Users\steven.teters\Downloads\RogueKillerX64.exe
2014-02-03 14:03 - 2013-03-21 22:31 - 00000000 ___RD () C:\Users\steven.teters\Google Drive
2014-02-03 14:00 - 2014-02-03 13:44 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\NPE
2014-02-03 13:58 - 2014-02-03 13:58 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-02-03 13:58 - 2014-02-03 13:58 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-02-03 13:58 - 2013-10-12 17:06 - 00000000 ____D () C:\Users\Admin
2014-02-03 13:58 - 2013-03-21 22:30 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 13:58 - 2012-06-26 20:38 - 00000000 ____D () C:\Users\MBC
2014-02-03 13:58 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 13:50 - 2014-02-03 13:50 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\APN
2014-02-03 13:50 - 2014-02-03 13:50 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-02-03 13:45 - 2010-11-20 21:47 - 00826012 _____ () C:\Windows\PFRO.log
2014-02-03 13:44 - 2014-02-03 13:43 - 03053496 ____N (Symantec Corporation) C:\Users\steven.teters\Downloads\NPE.exe
2014-02-03 13:44 - 2012-06-04 21:47 - 00000000 ____D () C:\ProgramData\Norton
2014-02-03 13:25 - 2012-06-11 15:33 - 00109208 _____ () C:\Users\steven.teters\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 13:24 - 2009-07-13 22:45 - 00418600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-03 13:23 - 2014-01-01 00:41 - 00000000 ____D () C:\ProgramData\NewSavver
2014-02-03 13:23 - 2014-01-01 00:41 - 00000000 ____D () C:\ProgramData\ExstrACooupeoNu
2014-02-03 12:16 - 2014-01-29 23:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-03 12:16 - 2014-01-29 23:16 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-03 12:16 - 2013-02-21 15:20 - 00000920 __RSH () C:\Users\steven.teters\ntuser.pol
2014-02-03 12:16 - 2012-06-11 15:26 - 00000000 ____D () C:\Users\steven.teters
2014-02-03 11:29 - 2014-02-03 11:29 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 11:29 - 2014-02-03 11:29 - 00002259 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-02-03 11:26 - 2013-12-21 01:14 - 00000000 ____D () C:\Program Files (x86)\WebexpEnhancedV1
2014-02-03 11:25 - 2014-02-03 11:25 - 00000000 ____D () C:\Program Files (x86)\NewSavver
2014-02-03 11:25 - 2014-01-01 00:41 - 00000000 ____D () C:\ProgramData\fa1b301fa7b39fc5
2014-02-03 11:24 - 2013-02-21 15:20 - 00000000 ____D () C:\ProgramData\MagniPic
2014-02-03 11:24 - 2013-02-21 15:20 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-03 11:23 - 2014-02-03 11:23 - 00000000 ____D () C:\Program Files (x86)\ExstrACooupeoNu
2014-02-03 11:10 - 2014-02-02 22:00 - 00307724 _____ () C:\Users\steven.teters\Downloads\Age_Diversity_P.P.pptx
2014-02-03 10:08 - 2014-02-03 10:08 - 00421118 _____ () C:\Users\steven.teters\Downloads\Recovered_File_1.pptx
2014-02-03 10:07 - 2014-02-03 10:07 - 00058756 _____ () C:\Users\steven.teters\Downloads\Team_C_-_Module_8_group_project.pptx
2014-02-03 10:02 - 2013-10-12 18:20 - 00000000 ____D () C:\ProgramData\MyStart Anti-phishing Domain Advisor
2014-02-03 00:08 - 2012-06-11 15:55 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Skype
2014-02-02 23:41 - 2014-02-02 23:41 - 01693076 _____ () C:\Users\steven.teters\Downloads\Religion_project.pptx
2014-02-02 22:43 - 2014-02-02 22:43 - 00282138 _____ () C:\Users\steven.teters\Downloads\Age_Diversity_P.P (1).pptx
2014-02-02 17:17 - 2012-09-04 15:18 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsteven.teters
2014-02-02 17:17 - 2012-09-04 15:18 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForsteven.teters.job
2014-02-02 00:00 - 2012-06-11 15:55 - 00000000 ____D () C:\Users\steven.teters\Documents\Youcam
2014-01-31 22:03 - 2013-02-21 13:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-31 22:02 - 2012-09-24 17:06 - 00000000 ____D () C:\Users\steven.teters\Documents\College
2014-01-28 23:16 - 2013-04-09 21:26 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-28 23:16 - 2012-06-12 15:13 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-28 14:38 - 2013-10-12 18:20 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-01-28 12:22 - 2012-06-17 07:59 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\vlc
2014-01-28 12:16 - 2012-06-24 08:25 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Apple Computer
2014-01-28 12:16 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-27 18:35 - 2014-01-27 18:26 - 00000000 ____D () C:\Users\steven.teters\Documents\Outlook Files
2014-01-27 18:24 - 2012-06-24 08:25 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\Apple Computer
2014-01-27 14:53 - 2014-01-27 14:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-27 14:53 - 2014-01-27 14:53 - 00001783 _____ () C:\ProgramData\Desktop\iTunes.lnk
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\Program Files\iTunes
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\Program Files\iPod
2014-01-27 14:52 - 2014-01-27 14:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-27 14:50 - 2012-06-24 08:16 - 00000000 ____D () C:\ProgramData\Apple
2014-01-27 14:40 - 2012-02-17 17:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-27 14:40 - 2012-02-17 17:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-27 14:40 - 2012-02-17 17:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-27 14:39 - 2012-06-13 09:36 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\Adobe
2014-01-27 00:05 - 2013-12-21 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-26 23:07 - 2014-01-26 23:07 - 00431616 _____ () C:\Users\steven.teters\Downloads\Chapter_9.ppt
2014-01-26 23:01 - 2014-01-26 23:01 - 00366080 _____ () C:\Users\steven.teters\Downloads\Chapter_10.ppt
2014-01-19 23:24 - 2013-04-29 12:41 - 00000000 ____D () C:\Users\steven.teters\Documents\HS
2014-01-19 20:54 - 2014-01-19 20:54 - 00000000 ____D () C:\Users\steven.teters\AppData\Local\My Games
2014-01-19 20:54 - 2014-01-19 16:29 - 00000000 ____D () C:\Users\steven.teters\Documents\My Games
2014-01-19 20:50 - 2012-02-17 18:04 - 00445159 _____ () C:\Windows\DirectX.log
2014-01-19 16:09 - 2014-01-19 16:09 - 00000222 _____ () C:\Users\steven.teters\Desktop\XCOM Enemy Unknown.url
2014-01-19 16:09 - 2014-01-19 16:09 - 00000220 _____ () C:\Users\steven.teters\Desktop\Sid Meier's Civilization V.url
2014-01-19 16:09 - 2014-01-19 16:09 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-19 15:38 - 2014-01-19 15:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-19 15:38 - 2014-01-19 15:37 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 15:38 - 2012-09-01 09:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 01:22 - 2013-08-15 11:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 01:20 - 2012-07-01 07:55 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 22:03 - 2009-07-13 23:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-11 12:40 - 2014-01-11 12:40 - 00003739 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-11 12:40 - 2013-10-12 18:20 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-01-11 12:40 - 2013-10-12 18:20 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-01-11 12:40 - 2013-10-12 18:20 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-09 22:42 - 2014-01-09 22:42 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3
2014-01-05 16:26 - 2014-01-05 14:32 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Bitcoin
2014-01-05 14:32 - 2014-01-05 14:32 - 11687960 _____ (Bitcoin project) C:\Users\steven.teters\Downloads\bitcoin-0.8.6-win32-setup.exe
2014-01-05 14:32 - 2014-01-05 14:32 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2014-01-05 14:32 - 2014-01-05 14:32 - 00000000 ____D () C:\Program Files (x86)\Bitcoin
2014-01-05 14:31 - 2014-01-05 13:37 - 00000000 ____D () C:\Users\steven.teters\AppData\Roaming\MultiBit
2014-01-05 13:36 - 2014-01-05 13:36 - 00001817 _____ () C:\Users\Public\Desktop\MultiBit 0.5.16.lnk
2014-01-05 13:36 - 2014-01-05 13:36 - 00001817 _____ () C:\ProgramData\Desktop\MultiBit 0.5.16.lnk
2014-01-05 13:36 - 2014-01-05 13:36 - 00000000 ____D () C:\Program Files (x86)\MultiBit-0.5.16
2014-01-05 13:35 - 2014-01-05 13:35 - 09260760 _____ () C:\Users\steven.teters\Downloads\multibit-0.5.16-windows-setup.exe
 
Some content of TEMP:
====================
C:\Users\steven.teters\AppData\Local\Temp\ntdll_dump.dll
C:\Users\steven.teters\AppData\Local\Temp\_is48E2.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-02 18:09
 
==================== End Of Log ============================

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 PM

Posted 03 February 2014 - 11:19 PM



Hello Legosteve

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Legosteve

Legosteve
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 04 February 2014 - 01:47 AM

So far it smeems all is good now! thanks a bunch I have had Chrome open for a while now and it hasnt crashed!!! 

-AdwCleaner-

# AdwCleaner v3.018 - Report created 04/02/2014 at 00:18:51
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : steven.teters - SG-1
# Running from : C:\Users\steven.teters\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\MagniPic
Folder Deleted : C:\ProgramData\ExstrACooupeoNu
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\MagniPic
Folder Deleted : C:\Program Files (x86)\ExstrACooupeoNu
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\steven.teters\AppData\Local\apn
Folder Deleted : C:\Users\steven.teters\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\steven.teters\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\steven.teters\AppData\LocalLow\MagniPic
Folder Deleted : C:\Users\steven.teters\AppData\Roaming\Babylon
Folder Deleted : C:\Users\steven.teters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\Admin\AppData\Roaming\Babylon
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_age-of-mythology_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_age-of-mythology_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\magnipic\sprote~1.dll,c:\windows\syswow64\nvinit.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v25.0 (en-US)
 
[ File : C:\Users\steven.teters\AppData\Roaming\Mozilla\Firefox\Profiles\gkwbxkwt.default\prefs.js ]
 
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=40F1F723-4BD9-4809-BF63-D375804C334E&apn_ptnrs=%5ETV&apn_sauid=167835A9-E9C8-4624-B[...]
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\steven.teters\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [15262 octets] - [04/02/2014 00:18:20]
AdwCleaner[S0].txt - [14439 octets] - [04/02/2014 00:18:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14500 octets] ##########
 
-Junkware-Removal-Tool-
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by steven.teters on Tue 02/04/2014 at  0:27:40.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6FB42D63-CA3F-4C9E-B6D5-922F2EAB0866}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91B1EDF9-8F0C-4B05-9251-3542F42518A4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{92A91981-F6A2-46E6-A533-4FE2D09851D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6FB42D63-CA3F-4C9E-B6D5-922F2EAB0866}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{91B1EDF9-8F0C-4B05-9251-3542F42518A4}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho7A56.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC276.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\Users\steven.teters\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\steven.teters\appdata\local\download beast"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{2FC8DAD0-CE7A-4DC0-8F91-80F0272C1DEF}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{3FB4DD07-2F57-4FC7-9A15-0A019BFEB6BF}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{5F480E90-8227-4CCE-BA20-ADA92664A629}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{71572906-4D5C-4774-8C7F-9A9615A84990}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{7F3EB43F-D770-4A8C-8013-8A9D1FACB486}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{99EA21B9-B307-40CD-893E-FB7AE8960D05}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{9CF4A52E-A608-43D3-83D1-005AAF13B256}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{9DF77F45-201A-44EB-98CC-E2F96CCAB2C4}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{A76F547C-CA70-4432-8D6B-D65D70E88DBA}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{A96DC310-F9AE-40B1-9361-EB03ECAC8002}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{ACEE237A-E797-4DF7-BBAA-DF1910F5822B}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{DC0A22BA-E1B1-42F2-A176-96DC583E9891}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{EC11EB74-4949-4B0D-A05F-032668513E62}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{F01250A9-C875-4249-9900-C8DAC42FAF55}
Successfully deleted: [Empty Folder] C:\Users\steven.teters\appdata\local\{F6231C19-5700-4BA3-8F05-E60CB3D5E18A}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\steven.teters\AppData\Roaming\mozilla\firefox\profiles\gkwbxkwt.default\minidumps [21 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/04/2014 at  0:34:37.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 PM

Posted 04 February 2014 - 03:03 PM


Hello Legosteve

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Legosteve

Legosteve
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 04 February 2014 - 10:17 PM

no browser has crashed since the last two programs i ran do i still need to combofix? 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 PM

Posted 04 February 2014 - 10:55 PM

Yes I would still like you to run it for me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 PM

Posted 10 February 2014 - 01:21 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:18 PM

Posted 16 February 2014 - 11:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users