Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Would appreciate it if someone looked at my HiJackThis log


  • This topic is locked This topic is locked
7 replies to this topic

#1 MaGlCMaN

MaGlCMaN

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 15 February 2014 - 03:18 PM

Hello, I was just wondering if someone wouldn't mind looking at my HiJackThis log. My PC has been running kind of sluggish for a while now and I was hoping that maybe someone could see if I have anything fishy going on. Thanks!
 
 
 
 
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\program files\real\realplayer\update\realsched.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\Synapse\RzSynapse.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Documents and Settings\Trey\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Trey\My Documents\Downloads\HijackThis.exe
C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 79.173.37.17:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P35 "EPSON Stylus CX6600 Series (Copy 1)" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [XMouseButtonControl] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Trey\Application Data\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-21-789336058-343818398-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-789336058-343818398-839522115-500\..\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe" (User 'Administrator')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341284336265
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5864/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E65F2E3C-2C85-48FE-893A-CD8B4619CCDF}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe (file missing)
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (file missing)

Edited by Queen-Evie, 15 February 2014 - 03:22 PM.
moved from XP to the appropriate forum. HJT logs are allowed only in Malware Removal Logs forum


BC AdBot (Login to Remove)

 


#2 MaGlCMaN

MaGlCMaN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 16 February 2014 - 05:18 AM

bump



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 16 February 2014 - 10:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 MaGlCMaN

MaGlCMaN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 16 February 2014 - 03:05 PM

Thanks so much for being willing to help :)
 
AdwCleaner didn't find anything to Clean since I used it recently but here is the report log for it anyway:
 
# AdwCleaner v3.018 - Report created 16/02/2014 at 13:49:26
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Trey - TREY
# Running from : C:\Documents and Settings\Trey\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\a7h8ltiq.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10136 octets] - [08/09/2013 21:20:36]
AdwCleaner[R1].txt - [1182 octets] - [10/09/2013 02:11:28]
AdwCleaner[R2].txt - [4368 octets] - [15/02/2014 12:18:04]
AdwCleaner[R3].txt - [389 octets] - [16/02/2014 13:22:55]
AdwCleaner[R4].txt - [1489 octets] - [16/02/2014 13:24:59]
AdwCleaner[R5].txt - [1549 octets] - [16/02/2014 13:47:01]
AdwCleaner[S0].txt - [10159 octets] - [08/09/2013 21:22:35]
AdwCleaner[S1].txt - [1205 octets] - [10/09/2013 02:13:38]
AdwCleaner[S2].txt - [4294 octets] - [15/02/2014 12:20:09]
AdwCleaner[S3].txt - [1472 octets] - [16/02/2014 13:49:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1532 octets] ##########
 
 
 
 
 
 
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Trey (administrator) on TREY on 16-02-2014 13:40:34
Running from C:\Documents and Settings\Trey\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Razer USA Ltd) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Thisisu) C:\Documents and Settings\Trey\My Documents\Downloads\JRT.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [273544 2011-06-06] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Razer Synapse] - C:\Program Files\Razer\Synapse\RzSynapse.exe [336304 2012-11-15] (Razer USA Ltd)
HKLM\...\Run: [EPSON Stylus CX6600 Series (Copy 1)] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE [98304 2004-03-01] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus CX6600 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE [98304 2004-03-01] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM\...\Run: [XMouseButtonControl] - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [861840 2013-10-06] (Highresolution Enterprises)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\Run: [Google Update] - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-12-03] (Google Inc.)
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\Run: [EasyTether] - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [49960 2013-03-11] (Mobile Stream)
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\Run: [Spotify Web Helper] - C:\Documents and Settings\Trey\Application Data\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-11] (Spotify Ltd)
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\MountPoints2: {33ded892-8cf4-11e2-a250-b22de2d0d9f4} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\MountPoints2: {7be4ced6-8ce3-11e2-a24f-d696ee80c594} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\MountPoints2: {a8e9424c-6ace-11e0-9c5d-002421da476c} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-789336058-343818398-839522115-1003\...\MountPoints2: {c7b9b5fc-714b-11e0-9c62-002421da476c} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-789336058-343818398-839522115-500\...\Run: [EasyTether] - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [49960 2013-03-11] (Mobile Stream)
Lsa: [Notification Packages] :\WINDOWS\syste
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\Documents and Settings\Trey\Start Menu\Programs\Startup\PowerMenu.lnk
ShortcutTarget: PowerMenu.lnk -> C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 79.173.37.17:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{E65F2E3C-2C85-48FE-893A-CD8B4619CCDF}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\a7h8ltiq.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @fileplanet.com/fpdlm - C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @idsoftware.com/QuakeLive - C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin: @raidcall.en/RCplugin - C:\Documents and Settings\Trey\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @rayv.com/rayvplugin - C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Trey\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: DownloadHelper - C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\a7h8ltiq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Bitdefender QuickScan - C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\a7h8ltiq.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012-09-10]
FF Extension: QuickJava - C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\a7h8ltiq.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-03-05]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-09-10]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFF [2014-01-20]
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files\PassShow\154.xpi
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-15]
CHR Extension: (Google Search) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-15]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-02-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-09-10]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-06]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Trey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-07-12] (Hi-Rez Studios)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-01-21] ()
S4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [214488 2010-01-15] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [75496 2010-07-04] (tzuk)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-08-18] (Symantec Corporation)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe [1664744 2011-08-18] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe [280496 2011-08-18] (Symantec Corporation)
S4 ExpatShieldService; C:\Program Files\Expat Shield\bin\openvpnas.exe [X]
S4 ExpatSrv; C:\Program Files\Expat Shield\HssWPR\hsssrv.exe [X]
S4 ExpatTrayService; C:\Program Files\Expat Shield\bin\ExpatTrayService.EXE [X]
S4 ExpatWd; C:\Program Files\Expat Shield\bin\hsswd.exe -product Expat [X]
S2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [X]
S2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R3 ASAPIW2K; C:\WINDOWS\System32\drivers\Asapiw2k.sys [11264 2003-12-04] (Pinnacle Systems GmbH)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-09-08] (AVG Technologies)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys [1098968 2014-01-15] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 easytether; C:\WINDOWS\System32\DRIVERS\easytthr.sys [18248 2013-03-11] (Mobile Stream)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-01-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-01-20] (Symantec Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20140214.001\IDSxpx86.sys [383120 2014-01-15] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
S3 MSICDSetup; D:\CDriver.sys [14848 2009-08-10] (Your Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20140215.007\NAVENG.SYS [93272 2014-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20140215.007\NAVEX15.SYS [1612376 2014-01-20] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-07-31] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-07-31] (NVIDIA Corporation)
R3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S4 RsFx0102; C:\WINDOWS\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland)
R3 rzudd; C:\WINDOWS\System32\DRIVERS\rzudd.sys [94592 2012-10-24] (Razer USA Ltd)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [119016 2010-07-04] (tzuk)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2013-09-11] ()
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS [516216 2011-08-18] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS [50168 2011-08-18] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [23984 2011-08-18] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS [340088 2011-08-18] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS [756856 2011-08-18] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [127096 2014-01-20] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS [136312 2011-08-18] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDI.SYS [369784 2011-08-18] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [92080 2014-01-20] (Symantec Corporation)
R3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)
R3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer.sys [118960 2011-08-18] (Symantec Corporation)
R3 TotRec7; C:\WINDOWS\System32\drivers\TotRec7.sys [127496 2008-10-27] (High Criteria inc.)
R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [121600 2013-01-22] (WinISO.com)
S3 XBCD; C:\WINDOWS\System32\Drivers\xbcd.sys [19212 2005-05-13] (Redcl0ud)
U3 a7u2yrvm; C:\WINDOWS\system32\Drivers\a7u2yrvm.sys [0 ] (Microsoft Corporation)
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S4 IntelIde; No ImagePath
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 4\ProcObsrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-16 13:40 - 2014-02-16 13:40 - 00000000 ____D () C:\FRST
2014-02-16 13:38 - 2014-02-16 13:38 - 00001329 _____ () C:\Documents and Settings\Trey\desktop\reply.txt
2014-02-16 13:37 - 2014-02-16 13:37 - 00001321 _____ () C:\Documents and Settings\Trey\desktop\JRT.txt
2014-02-16 13:28 - 2014-02-16 13:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-15 15:18 - 2014-02-15 15:18 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\Skype
2014-02-15 15:17 - 2014-02-15 15:45 - 00002265 _____ () C:\Documents and Settings\All Users\desktop\Skype.lnk
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ___RD () C:\Program Files\Skype
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-02-15 13:33 - 2014-02-15 14:16 - 00011682 _____ () C:\Documents and Settings\Trey\desktop\hijackthis.log
2014-02-15 12:06 - 2014-02-15 12:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-15 12:06 - 2014-02-15 12:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-15 12:06 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-15 11:55 - 2014-02-15 12:58 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-15 11:55 - 2014-02-15 12:14 - 00000000 ____D () C:\Program Files\SavingsBullFilter
2014-02-10 08:23 - 2014-02-10 08:24 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\Autohotkey help
2014-02-10 07:08 - 2014-02-12 12:13 - 00000895 _____ () C:\Documents and Settings\Trey\desktop\Rust.ahk
2014-02-07 09:06 - 2014-02-15 13:09 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\TS3Client
2014-02-07 09:04 - 2014-02-07 09:04 - 00000837 _____ () C:\Documents and Settings\All Users\desktop\TeamSpeak 3 Client.lnk
2014-02-07 09:04 - 2014-02-07 09:04 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-02-07 09:04 - 2014-02-07 09:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
2014-02-06 01:00 - 2014-02-05 10:40 - 101506313 _____ () C:\Documents and Settings\Trey\desktop\whjghjghjghow.mp4
2014-02-03 06:41 - 2014-02-03 06:42 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\Backup Default2
2014-02-02 05:49 - 2014-02-14 05:31 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\Rust
2014-01-30 23:59 - 2014-01-30 23:59 - 00000076 _____ () C:\Documents and Settings\Trey\desktop\rust settings.txt
2014-01-29 23:59 - 2014-01-29 23:59 - 00000027 _____ () C:\Documents and Settings\Trey\desktop\things to do.txt
2014-01-27 09:53 - 2014-01-27 09:53 - 00000216 _____ () C:\Documents and Settings\Trey\desktop\Rust.url
2014-01-27 09:30 - 2014-02-16 13:24 - 00000000 ____D () C:\Program Files\Steam
2014-01-27 09:30 - 2014-01-27 09:30 - 00000638 _____ () C:\Documents and Settings\All Users\desktop\Steam.lnk
2014-01-27 09:30 - 2014-01-27 09:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Steam
2014-01-25 22:56 - 2014-01-25 22:56 - 00004096 _____ () C:\WINDOWS\system32\crash
2014-01-25 00:30 - 2014-01-25 00:30 - 00260663 _____ () C:\Documents and Settings\Trey\desktop\bookmarks_1_25_14.html
2014-01-24 23:02 - 2014-01-26 08:39 - 00196608 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-24 23:02 - 2014-01-24 23:02 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\ATI
2014-01-24 23:02 - 2014-01-24 23:02 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\ATI
2014-01-24 22:52 - 2014-01-24 22:52 - 00000000 ____D () C:\Program Files\ATI
2014-01-24 22:50 - 2014-01-24 22:50 - 00000000 ____D () C:\AMD
2014-01-24 22:38 - 2014-01-24 22:38 - 00068134 _____ () C:\Documents and Settings\Trey\desktop\DxDiag.txt
2014-01-21 04:16 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-21 04:16 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-21 04:16 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-21 04:16 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-21 04:15 - 2014-01-21 04:16 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-20 11:18 - 2014-01-20 11:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-20 11:18 - 2014-01-20 11:18 - 00127096 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-01-20 11:18 - 2014-01-20 11:18 - 00060872 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL
2014-01-20 11:18 - 2014-01-20 11:18 - 00007510 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2014-01-20 11:18 - 2014-01-20 11:18 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\Symantec
2014-01-20 11:17 - 2014-01-20 11:18 - 00000000 ____D () C:\Program Files\Symantec
2014-01-20 11:17 - 2014-01-20 11:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
2014-01-20 11:17 - 2014-01-20 11:17 - 00374704 _____ (Symantec Corporation) C:\WINDOWS\system32\sysfer.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00240048 _____ (Symantec Corporation) C:\WINDOWS\system32\SymVPN.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00094128 _____ (Symantec Corporation) C:\WINDOWS\system32\FwsVpn.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00092080 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SysPlant.sys
2014-01-20 11:17 - 2014-01-20 11:17 - 00032208 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\WGX.SYS
2014-01-20 11:17 - 2014-01-20 11:17 - 00010672 _____ (Symantec Corporation) C:\WINDOWS\system32\sysferThunk.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\SEP
2014-01-20 11:17 - 2014-01-20 11:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
 
==================== One Month Modified Files and Folders =======
 
2014-02-16 13:40 - 2014-02-16 13:40 - 00000000 ____D () C:\FRST
2014-02-16 13:38 - 2014-02-16 13:38 - 00001329 _____ () C:\Documents and Settings\Trey\desktop\reply.txt
2014-02-16 13:37 - 2014-02-16 13:37 - 00001321 _____ () C:\Documents and Settings\Trey\desktop\JRT.txt
2014-02-16 13:29 - 2011-12-03 08:50 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-343818398-839522115-1003UA.job
2014-02-16 13:28 - 2014-02-16 13:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-16 13:26 - 2013-09-08 20:58 - 00000000 ____D () C:\AdwCleaner
2014-02-16 13:26 - 2011-02-06 15:12 - 00000882 ____H () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 13:24 - 2014-01-27 09:30 - 00000000 ____D () C:\Program Files\Steam
2014-02-16 13:22 - 2011-09-16 14:23 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\Skype
2014-02-16 13:14 - 2013-12-26 09:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-16 10:58 - 2010-01-14 04:58 - 00000472 ____H () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2014-02-16 08:29 - 2011-12-03 08:50 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-343818398-839522115-1003Core.job
2014-02-16 04:58 - 2010-01-14 04:58 - 00000472 ____H () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-02-16 04:58 - 2010-01-14 04:58 - 00000472 ____H () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2014-02-16 04:44 - 2010-01-14 01:41 - 01965914 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-16 02:28 - 2011-02-03 11:29 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-343818398-839522115-1003.job
2014-02-16 02:26 - 2010-01-14 00:56 - 00032398 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-15 22:58 - 2010-01-14 04:58 - 00000472 ____H () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2014-02-15 22:26 - 2011-02-06 15:12 - 00000878 ____H () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 16:58 - 2010-01-14 04:58 - 00000472 ____H () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2014-02-15 15:45 - 2014-02-15 15:17 - 00002265 _____ () C:\Documents and Settings\All Users\desktop\Skype.lnk
2014-02-15 15:41 - 2013-12-29 02:19 - 00000318 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job
2014-02-15 15:40 - 2012-11-07 02:55 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-15 15:40 - 2010-01-20 08:19 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-15 15:39 - 2012-11-07 03:00 - 00000310 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job
2014-02-15 15:39 - 2012-02-01 18:41 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-343818398-839522115-500.job
2014-02-15 15:39 - 2011-02-03 11:29 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-343818398-839522115-1003.job
2014-02-15 15:39 - 2010-01-14 00:48 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-15 15:38 - 2013-10-24 18:51 - 00223136 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-15 15:38 - 2012-12-02 22:45 - 00482846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-343818398-839522115-1003-0.dat
2014-02-15 15:38 - 2012-11-29 05:04 - 00256898 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-02-15 15:38 - 2010-01-14 00:57 - 00000178 ___SH () C:\Documents and Settings\Trey\ntuser.ini
2014-02-15 15:18 - 2014-02-15 15:18 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\Skype
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ___RD () C:\Program Files\Skype
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-02-15 15:17 - 2011-09-16 13:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-02-15 14:16 - 2014-02-15 13:33 - 00011682 _____ () C:\Documents and Settings\Trey\desktop\hijackthis.log
2014-02-15 13:09 - 2014-02-07 09:06 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\TS3Client
2014-02-15 13:09 - 2010-01-24 08:33 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\Media Player Classic
2014-02-15 13:08 - 2010-01-14 01:09 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-15 13:07 - 2010-01-14 00:57 - 00000000 ____D () C:\Documents and Settings\Trey
2014-02-15 13:06 - 2011-12-03 08:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-15 12:58 - 2014-02-15 11:55 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-15 12:58 - 2010-01-14 20:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955069_0$
2014-02-15 12:24 - 2003-07-16 10:46 - 00012598 ____H () C:\WINDOWS\system32\wpa.dbl
2014-02-15 12:14 - 2014-02-15 11:55 - 00000000 ____D () C:\Program Files\SavingsBullFilter
2014-02-15 12:06 - 2014-02-15 12:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-15 12:06 - 2014-02-15 12:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-15 01:42 - 2013-10-10 02:17 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-14 05:31 - 2014-02-02 05:49 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\Rust
2014-02-13 11:27 - 2010-02-21 23:33 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\vlc
2014-02-12 18:41 - 2012-02-01 18:41 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-343818398-839522115-500.job
2014-02-12 12:13 - 2014-02-10 07:08 - 00000895 _____ () C:\Documents and Settings\Trey\desktop\Rust.ahk
2014-02-10 08:24 - 2014-02-10 08:23 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\Autohotkey help
2014-02-07 09:04 - 2014-02-07 09:04 - 00000837 _____ () C:\Documents and Settings\All Users\desktop\TeamSpeak 3 Client.lnk
2014-02-07 09:04 - 2014-02-07 09:04 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-02-07 09:04 - 2014-02-07 09:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
2014-02-05 10:40 - 2014-02-06 01:00 - 101506313 _____ () C:\Documents and Settings\Trey\desktop\whjghjghjghow.mp4
2014-02-05 06:14 - 2013-05-26 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 06:14 - 2012-09-10 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-03 06:42 - 2014-02-03 06:41 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\Backup Default2
2014-01-31 00:44 - 2012-09-27 08:14 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-01-30 23:59 - 2014-01-30 23:59 - 00000076 _____ () C:\Documents and Settings\Trey\desktop\rust settings.txt
2014-01-29 23:59 - 2014-01-29 23:59 - 00000027 _____ () C:\Documents and Settings\Trey\desktop\things to do.txt
2014-01-27 09:53 - 2014-01-27 09:53 - 00000216 _____ () C:\Documents and Settings\Trey\desktop\Rust.url
2014-01-27 09:53 - 2013-03-28 04:39 - 00000000 ____D () C:\Documents and Settings\Trey\Start Menu\Programs\Steam
2014-01-27 09:30 - 2014-01-27 09:30 - 00000638 _____ () C:\Documents and Settings\All Users\desktop\Steam.lnk
2014-01-27 09:30 - 2014-01-27 09:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Steam
2014-01-27 08:17 - 2013-12-04 13:15 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\Battle.net
2014-01-26 09:17 - 2010-01-14 02:16 - 00133120 _____ () C:\Documents and Settings\Trey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-26 08:39 - 2014-01-24 23:02 - 00196608 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-25 23:11 - 2010-06-16 14:18 - 00000229 _____ () C:\WINDOWS\NeroDigital.ini
2014-01-25 22:56 - 2014-01-25 22:56 - 00004096 _____ () C:\WINDOWS\system32\crash
2014-01-25 22:55 - 2011-01-19 15:47 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\need to be converted
2014-01-25 05:49 - 2010-04-30 18:35 - 00002644 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-01-25 00:30 - 2014-01-25 00:30 - 00260663 _____ () C:\Documents and Settings\Trey\desktop\bookmarks_1_25_14.html
2014-01-24 23:02 - 2014-01-24 23:02 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\ATI
2014-01-24 23:02 - 2014-01-24 23:02 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\ATI
2014-01-24 22:55 - 2010-01-14 01:32 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-01-24 22:52 - 2014-01-24 22:52 - 00000000 ____D () C:\Program Files\ATI
2014-01-24 22:50 - 2014-01-24 22:50 - 00000000 ____D () C:\AMD
2014-01-24 22:38 - 2014-01-24 22:38 - 00068134 _____ () C:\Documents and Settings\Trey\desktop\DxDiag.txt
2014-01-24 16:19 - 2012-10-07 22:03 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\Spotify
2014-01-24 16:19 - 2012-10-07 22:02 - 00000000 ____D () C:\Documents and Settings\Trey\Application Data\Spotify
2014-01-24 06:25 - 2010-12-05 20:16 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-01-24 04:57 - 2010-01-14 04:41 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\Adobe
2014-01-22 07:43 - 2010-08-16 19:12 - 00000000 ____D () C:\Program Files\StarCraft II
2014-01-21 04:16 - 2014-01-21 04:15 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-21 04:16 - 2010-04-30 10:16 - 00000000 ____D () C:\Program Files\Java
2014-01-20 11:33 - 2014-01-20 11:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-20 11:18 - 2014-01-20 11:18 - 00127096 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-01-20 11:18 - 2014-01-20 11:18 - 00060872 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL
2014-01-20 11:18 - 2014-01-20 11:18 - 00007510 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2014-01-20 11:18 - 2014-01-20 11:18 - 00000000 ____D () C:\Documents and Settings\Trey\Local Settings\Application Data\Symantec
2014-01-20 11:18 - 2014-01-20 11:17 - 00000000 ____D () C:\Program Files\Symantec
2014-01-20 11:18 - 2014-01-20 11:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
2014-01-20 11:17 - 2014-01-20 11:17 - 00374704 _____ (Symantec Corporation) C:\WINDOWS\system32\sysfer.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00240048 _____ (Symantec Corporation) C:\WINDOWS\system32\SymVPN.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00094128 _____ (Symantec Corporation) C:\WINDOWS\system32\FwsVpn.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00092080 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SysPlant.sys
2014-01-20 11:17 - 2014-01-20 11:17 - 00032208 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\WGX.SYS
2014-01-20 11:17 - 2014-01-20 11:17 - 00010672 _____ (Symantec Corporation) C:\WINDOWS\system32\sysferThunk.dll
2014-01-20 11:17 - 2014-01-20 11:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\SEP
2014-01-20 11:17 - 2014-01-20 11:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-01-20 11:04 - 2010-01-14 08:38 - 00000000 ____D () C:\WINDOWS\security
2014-01-19 01:32 - 2012-09-27 08:15 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-18 17:30 - 2013-12-04 13:31 - 00000000 ____D () C:\Program Files\Hearthstone
2014-01-17 20:23 - 2013-12-04 13:14 - 00000000 ____D () C:\Program Files\Battle.net
2014-01-17 10:28 - 2014-01-15 08:44 - 00000461 _____ () C:\Documents and Settings\Trey\desktop\UNEMPLOYMENT.TXT
2014-01-17 08:43 - 2013-07-25 22:44 - 00000000 ____D () C:\Documents and Settings\Trey\desktop\XS
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator.TREY\Local Settings\Temp\HiPatchSelfUpdateWindow.exe
C:\Documents and Settings\Administrator.TREY\Local Settings\Temp\HiRezLauncherControls.dll
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-822881df.exe
C:\Documents and Settings\Trey\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Trey\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Trey\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Trey\Local Settings\Temp\SpOrder.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
JRT.txt:
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Trey on Sun 02/16/2014 at 13:28:24.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\Trey\Application Data\getrighttogo"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Documents and Settings\Trey\Application Data\mozilla\firefox\profiles\a7h8ltiq.default\extensions\{0113d088-8ed1-468c-b225-585a9c53b5e3}
Emptied folder: C:\Documents and Settings\Trey\Application Data\mozilla\firefox\profiles\a7h8ltiq.default\minidumps [1 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/16/2014 at 13:37:42.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 17 February 2014 - 10:30 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files\PassShow\154.xpi
S2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [X]
S2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]
U3 a7u2yrvm; C:\WINDOWS\system32\Drivers\a7u2yrvm.sys [0 ] (Microsoft Corporation)

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

=================

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 23 February 2014 - 10:20 AM

Are you still with me?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 01 March 2014 - 09:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 01 March 2014 - 09:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users