Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing viruses.


  • This topic is locked This topic is locked
38 replies to this topic

#1 smilam2

smilam2

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 11:51 AM

There is music playing through the speakers.  There are constant popups from norton about mutechrome.dll, chromeautoapprovetb.dll, np-mswmp.dll, tbverifier.dll, tbmessaginghost.exe, nc-cwmp.dll, apisupport.dll, widevinecdm.dll, and conduitchromeapiplugin.dll coming up. 

 

malwarebytes keeps picking up viruses, when i try to do the scan, the popups fly and the viruses keep copying themselves, and it never lets malwarebytes remove anything.  it always stops responding.  tried several of the removal tools from a thread i seen here from the end of last month.  either they dont remove all of them, none of them, or they cannot complete much like the malwarebytes cannot.

 

 



BC AdBot (Login to Remove)

 


#2 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 12:06 PM

Also, its not showing any programs running on the task manager when i am getting all the popups.  Nor did i see any unknown programs on the programs list to uninstall.



#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 PM

Posted 04 March 2014 - 12:08 PM

Hello,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#4 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 12:20 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 01
Ran by derrick (administrator) on DERRICK-PC on 04-03-2014 11:18:21
Running from C:\Users\derrick\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
() C:\Users\derrick\AppData\Local\GCC\Controller.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Users\derrick\AppData\Local\GCC\Controller.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Google Inc.) C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( )
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-08-07] (Google)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1334621236-1714901632-2870403291-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-07] (Google Inc.)
HKU\S-1-5-21-1334621236-1714901632-2870403291-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {2F2F93BD-750D-4DCE-A70B-E42EDE8233AD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN21792443920644219&UM=2
SearchScopes: HKCU - {2F2F93BD-750D-4DCE-A70B-E42EDE8233AD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN21792443920644219&UM=2
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-03]
CHR Extension: (Google Drive) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-03]
CHR Extension: (YouTube) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-03]
CHR Extension: (Google Search) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-03]
CHR Extension: (Norton Identity Protection) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-03]
CHR Extension: (Google Wallet) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-03]
CHR Extension: (MixiDJ) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb [2013-02-14]
CHR Extension: (Gmail) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-31]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-07-27]
CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\derrick\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\derrick\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]

========================== Services (Whitelisted) =================

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-08-07] (Google)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-20] (Symantec Corporation)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20140303.001\IDSvix86.sys [394456 2014-01-20] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140303.034\NAVENG.SYS [93272 2013-10-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20140303.034\NAVEX15.SYS [1612376 2013-10-30] (Symantec Corporation)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Advanced Micro Devices, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\system32\drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-03-03] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\derrick\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-04 10:23 - 2014-03-04 10:27 - 00000242 _____ () C:\Users\derrick\Downloads\Search.txt
2014-03-04 10:21 - 2014-03-04 10:21 - 00041897 _____ () C:\Users\derrick\Desktop\FRST.txt
2014-03-04 10:16 - 2014-03-04 10:17 - 00025561 _____ () C:\Users\derrick\Downloads\Addition.txt
2014-03-04 10:09 - 2014-03-04 11:18 - 00011935 _____ () C:\Users\derrick\Downloads\FRST.txt
2014-03-04 10:09 - 2014-03-04 11:18 - 00000000 ____D () C:\FRST
2014-03-04 10:06 - 2014-03-04 10:06 - 01145344 _____ (Farbar) C:\Users\derrick\Downloads\FRST.exe
2014-03-04 10:04 - 2014-03-04 10:15 - 00003482 _____ () C:\Users\derrick\Downloads\SystemLook.txt
2014-03-04 10:03 - 2014-03-04 10:03 - 00139264 _____ () C:\Users\derrick\Downloads\SystemLook.exe
2014-03-04 10:02 - 2014-03-04 10:02 - 00165376 _____ () C:\Users\derrick\Downloads\SystemLook_x64.exe
2014-03-04 09:41 - 2014-03-04 09:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-04 09:36 - 2014-03-04 09:36 - 00008174 _____ () C:\ComboFix.txt
2014-03-03 12:36 - 2014-03-03 12:36 - 00002760 _____ () C:\{DB4CF3CB-439E-438B-8F5D-6DBE9BD199BF}
2014-03-03 12:32 - 2014-03-03 12:32 - 00002592 _____ () C:\{914F0108-42A3-4672-825A-EC16BF3E24AF}
2014-03-03 12:18 - 2014-03-03 12:18 - 00000168 _____ () C:\Users\derrick\AppData\Roaming\mbam.context.scan
2014-03-03 11:03 - 2014-03-03 11:03 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 10:54 - 2014-03-04 09:38 - 00000000 ____D () C:\AdwCleaner
2014-03-03 10:36 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-03 10:36 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-03 10:36 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-03 10:36 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-03 10:36 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-03 10:36 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-03 10:36 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-03 10:36 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-03 10:35 - 2014-03-04 09:36 - 00000000 ____D () C:\Qoobox
2014-03-03 10:35 - 2014-03-03 10:49 - 00000000 ____D () C:\Windows\erdnt
2014-03-03 10:16 - 2014-03-03 10:16 - 00013802 _____ () C:\Users\derrick\Desktop\RKreport[0]_S_03032014_101617.txt
2014-03-03 10:07 - 2014-03-03 10:16 - 00000000 ____D () C:\Users\derrick\Desktop\RK_Quarantine
2014-03-03 10:07 - 2014-03-03 10:07 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Babylon
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Apps\2.0
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Akamai
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Adobe
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Activision
2014-03-03 09:53 - 2014-03-03 09:53 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Nem's Tools
2014-03-03 09:53 - 2014-03-03 09:53 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Mozilla
2014-03-03 09:53 - 2014-03-03 09:53 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Google
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Babylon
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Adobe
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Activision
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\.techniclauncher
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\.minecraft - Copy
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\.minecraft
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\WeatherBug
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\VirtualStore
2014-03-03 09:51 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Left 4 Dead
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\Desktop\bin 1.8.1 fresh
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Yahoo!
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\uTorrent
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Skype
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Mozilla-Cache
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Mozilla
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\MoreTerra
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\McAfee
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Malwarebytes
2014-03-03 09:50 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\Desktop\IMAGES FOLDER
2014-03-03 09:50 - 2014-03-03 09:50 - 00000000 ____D () C:\Users\sharonrose\Desktop\Left 4 Dead 2
2014-03-03 09:49 - 2014-03-03 09:50 - 00000000 ____D () C:\Users\sharonrose\Desktop\Left 4 Dead
2014-03-03 09:49 - 2014-03-03 09:49 - 00000000 ____D () C:\Users\sharonrose\Desktop\MCnastalia
2014-03-03 09:48 - 2014-03-03 10:47 - 00000000 ____D () C:\Users\sharonrose
2014-03-03 09:48 - 2014-03-03 09:49 - 00000000 ____D () C:\Users\sharonrose\Desktop\MINECRAFT ALL FOLDERS
2014-03-03 09:48 - 2014-03-03 09:48 - 02098975 _____ () C:\Users\sharonrose\Downloads\game.dcr
2014-03-03 09:48 - 2014-03-03 09:48 - 00002535 _____ () C:\Users\sharonrose\Desktop\RadialMenu.txt
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\SCRABBLE
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\New Folder
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Downloads\PC » LEFT 4 DEAD 2 Full Game directplay by globe@
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Documents\Symantec
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Documents\RaiderPoker
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Documents\OneNote Notebooks
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\texturepacks
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\Terraria 1.0.5 With GameRanger
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\T1.1.2
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\new folder
2014-03-03 07:19 - 2014-03-03 07:19 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 07:18 - 2014-03-03 07:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 07:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 03:27 - 2014-03-03 03:27 - 00003432 _____ () C:\{9041C36B-8D14-4A7D-90B6-4F6C8E8E8F20}
2014-03-03 03:25 - 2014-03-03 03:25 - 00002432 _____ () C:\{1CDCC48F-251C-46B0-BDFF-5038B764A7A0}
2014-03-03 03:23 - 2014-03-03 03:23 - 00002336 _____ () C:\{5DD87BB8-D60E-497E-9960-DA429B2EE79F}
2014-03-03 03:21 - 2014-03-03 03:21 - 00002328 _____ () C:\{434615A0-D5C6-4145-8DBB-E88760E72488}
2014-03-03 03:18 - 2014-03-03 03:18 - 00003640 _____ () C:\{80318985-8767-430B-8949-67B45F172301}
2014-03-03 03:17 - 2014-03-03 03:17 - 00002808 _____ () C:\{F7C495E9-EEE3-4180-9284-3FFCA1BA7661}
2014-03-03 03:07 - 2014-03-03 03:07 - 00002656 _____ () C:\{515E7716-ECF9-449B-8199-0EECE93BE6BF}
2014-03-02 20:06 - 2014-03-02 20:06 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi(1)
2014-03-02 19:47 - 2014-03-02 19:47 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-02 19:47 - 2014-03-02 19:47 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-02 19:42 - 2014-03-03 02:45 - 00000000 ____D () C:\Users\derrick\AppData\Local\GCC
2014-03-02 19:35 - 2014-03-02 19:35 - 00000000 _____ () C:\Users\derrick\Downloads\World of Warcraft Client 3.3.5a - Ready to Play (1).exe
2014-03-02 19:33 - 2014-03-02 19:33 - 00000000 _____ () C:\Users\derrick\Downloads\World of Warcraft Client 3.3.5a - Ready to Play.exe
2014-03-02 08:43 - 2014-03-02 08:43 - 00000000 ____D () C:\Users\derrick\AppData\Local\HemiSoft
2014-03-02 08:42 - 2014-03-03 00:05 - 00000000 ____D () C:\Program Files\HemiSoft
2014-03-02 08:42 - 2014-03-02 08:42 - 00001093 _____ () C:\Users\Public\Desktop\HeroesWoW Launcher.lnk
2014-03-02 08:40 - 2014-01-06 20:48 - 03872768 _____ () C:\Users\derrick\Desktop\setup.msi
2014-03-02 08:40 - 2013-10-28 07:26 - 07704216 _____ (Blizzard Entertainment) C:\Users\derrick\Desktop\Wow.exe
2014-03-02 08:33 - 2014-03-02 08:32 - 07000683 _____ () C:\Users\derrick\Desktop\Heroes-WoW+Launcher.zip
2014-03-02 08:31 - 2014-03-02 08:32 - 07000683 _____ () C:\Users\derrick\Downloads\Heroes-WoW+Launcher.zip
2014-03-01 15:45 - 2014-03-01 15:49 - 193008717 _____ () C:\Users\derrick\Downloads\64px_[mc1.7.4]_Resident_Evi_Pack.7z
2014-03-01 11:58 - 2014-03-03 00:07 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Battle.net
2014-03-01 11:58 - 2014-03-02 19:57 - 00000000 ____D () C:\Users\derrick\AppData\Local\Battle.net
2014-03-01 11:58 - 2014-03-01 11:58 - 00000945 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-01 11:58 - 2014-03-01 11:58 - 00000000 ____D () C:\Program Files\Battle.net
2014-03-01 11:56 - 2014-03-01 11:56 - 05748928 _____ (Blizzard Entertainment) C:\Users\derrick\Desktop\Battle.net-Beta-Setup-enUS.exe
2014-03-01 11:55 - 2014-03-01 11:56 - 05748928 _____ (Blizzard Entertainment) C:\Users\derrick\Downloads\Battle.net-Beta-Setup-enUS.exe
2014-02-23 11:14 - 2014-02-23 11:15 - 00016508 _____ () C:\Users\derrick\Desktop\Red Panda...txt
2014-02-18 19:18 - 2014-02-19 06:41 - 00044219 _____ () C:\Users\derrick\Desktop\Summer.txt
2014-02-13 03:04 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:04 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:04 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 03:04 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:04 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 03:04 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:04 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:04 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:04 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:04 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:04 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 03:04 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:03 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:03 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:03 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:03 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:22 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-05 10:22 - 2014-02-23 11:14 - 00047448 _____ () C:\Users\derrick\Desktop\liancakd.txt

==================== One Month Modified Files and Folders =======

2014-03-04 11:18 - 2014-03-04 10:09 - 00011935 _____ () C:\Users\derrick\Downloads\FRST.txt
2014-03-04 11:18 - 2014-03-04 10:09 - 00000000 ____D () C:\FRST
2014-03-04 10:37 - 2012-12-31 19:59 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-04 10:27 - 2014-03-04 10:23 - 00000242 _____ () C:\Users\derrick\Downloads\Search.txt
2014-03-04 10:21 - 2014-03-04 10:21 - 00041897 _____ () C:\Users\derrick\Desktop\FRST.txt
2014-03-04 10:17 - 2014-03-04 10:16 - 00025561 _____ () C:\Users\derrick\Downloads\Addition.txt
2014-03-04 10:15 - 2014-03-04 10:04 - 00003482 _____ () C:\Users\derrick\Downloads\SystemLook.txt
2014-03-04 10:06 - 2014-03-04 10:06 - 01145344 _____ (Farbar) C:\Users\derrick\Downloads\FRST.exe
2014-03-04 10:03 - 2014-03-04 10:03 - 00139264 _____ () C:\Users\derrick\Downloads\SystemLook.exe
2014-03-04 10:02 - 2014-03-04 10:02 - 00165376 _____ () C:\Users\derrick\Downloads\SystemLook_x64.exe
2014-03-04 09:44 - 2008-08-07 02:23 - 01054865 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 09:41 - 2014-03-04 09:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-04 09:40 - 2013-10-24 20:40 - 00007268 _____ () C:\Users\derrick\AppData\Local\d3d9caps.dat
2014-03-04 09:40 - 2012-12-31 19:59 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 09:40 - 2008-08-07 07:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-03-04 09:40 - 2006-11-02 06:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 09:40 - 2006-11-02 06:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 09:40 - 2006-11-02 06:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 09:39 - 2008-01-20 21:02 - 00306640 _____ () C:\Windows\PFRO.log
2014-03-04 09:39 - 2006-11-02 06:58 - 00032524 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-04 09:38 - 2014-03-03 10:54 - 00000000 ____D () C:\AdwCleaner
2014-03-04 09:36 - 2014-03-04 09:36 - 00008174 _____ () C:\ComboFix.txt
2014-03-04 09:36 - 2014-03-03 10:35 - 00000000 ____D () C:\Qoobox
2014-03-04 09:36 - 2013-09-05 16:33 - 00000000 ____D () C:\Users\derrick\AppData\Local\Apps\2.0
2014-03-04 09:34 - 2006-11-02 04:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-03 14:24 - 2012-12-31 20:07 - 00000000 ____D () C:\Program Files\Steam
2014-03-03 12:36 - 2014-03-03 12:36 - 00002760 _____ () C:\{DB4CF3CB-439E-438B-8F5D-6DBE9BD199BF}
2014-03-03 12:32 - 2014-03-03 12:32 - 00002592 _____ () C:\{914F0108-42A3-4672-825A-EC16BF3E24AF}
2014-03-03 12:18 - 2014-03-03 12:18 - 00000168 _____ () C:\Users\derrick\AppData\Roaming\mbam.context.scan
2014-03-03 11:03 - 2014-03-03 11:03 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 10:56 - 2013-03-08 17:27 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-03-03 10:50 - 2006-11-02 05:18 - 00000000 __RHD () C:\Users\Default
2014-03-03 10:50 - 2006-11-02 05:18 - 00000000 ___RD () C:\Users\Public
2014-03-03 10:49 - 2014-03-03 10:35 - 00000000 ____D () C:\Windows\erdnt
2014-03-03 10:47 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose
2014-03-03 10:16 - 2014-03-03 10:16 - 00013802 _____ () C:\Users\derrick\Desktop\RKreport[0]_S_03032014_101617.txt
2014-03-03 10:16 - 2014-03-03 10:07 - 00000000 ____D () C:\Users\derrick\Desktop\RK_Quarantine
2014-03-03 10:07 - 2014-03-03 10:07 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
2014-03-03 09:58 - 2012-12-31 19:49 - 00000000 ____D () C:\Users\derrick\AppData\Local\Google
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Babylon
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Apps\2.0
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Akamai
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Adobe
2014-03-03 09:54 - 2014-03-03 09:54 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Activision
2014-03-03 09:53 - 2014-03-03 09:53 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Nem's Tools
2014-03-03 09:53 - 2014-03-03 09:53 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Mozilla
2014-03-03 09:53 - 2014-03-03 09:53 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\Google
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Babylon
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Adobe
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Activision
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\.techniclauncher
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\.minecraft - Copy
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\.minecraft
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\WeatherBug
2014-03-03 09:52 - 2014-03-03 09:52 - 00000000 ____D () C:\Users\sharonrose\AppData\Local\VirtualStore
2014-03-03 09:52 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Left 4 Dead
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\Desktop\bin 1.8.1 fresh
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Yahoo!
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\uTorrent
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Skype
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Mozilla-Cache
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Mozilla
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\MoreTerra
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\McAfee
2014-03-03 09:51 - 2014-03-03 09:51 - 00000000 ____D () C:\Users\sharonrose\AppData\Roaming\Malwarebytes
2014-03-03 09:51 - 2014-03-03 09:50 - 00000000 ____D () C:\Users\sharonrose\Desktop\IMAGES FOLDER
2014-03-03 09:50 - 2014-03-03 09:50 - 00000000 ____D () C:\Users\sharonrose\Desktop\Left 4 Dead 2
2014-03-03 09:50 - 2014-03-03 09:49 - 00000000 ____D () C:\Users\sharonrose\Desktop\Left 4 Dead
2014-03-03 09:49 - 2014-03-03 09:49 - 00000000 ____D () C:\Users\sharonrose\Desktop\MCnastalia
2014-03-03 09:49 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\MINECRAFT ALL FOLDERS
2014-03-03 09:48 - 2014-03-03 09:48 - 02098975 _____ () C:\Users\sharonrose\Downloads\game.dcr
2014-03-03 09:48 - 2014-03-03 09:48 - 00002535 _____ () C:\Users\sharonrose\Desktop\RadialMenu.txt
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\SCRABBLE
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\New Folder
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Downloads\PC » LEFT 4 DEAD 2 Full Game directplay by globe@
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Documents\Symantec
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Documents\RaiderPoker
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Documents\OneNote Notebooks
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\texturepacks
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\Terraria 1.0.5 With GameRanger
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\T1.1.2
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\Users\sharonrose\Desktop\new folder
2014-03-03 09:15 - 2013-09-05 16:33 - 00000000 ____D () C:\Users\derrick\AppData\Local\Deployment
2014-03-03 09:10 - 2013-12-27 17:23 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-03-03 09:10 - 2013-10-14 17:34 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Skype
2014-03-03 09:10 - 2013-09-05 16:35 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-03-03 09:10 - 2013-08-28 16:59 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Ventrilo
2014-03-03 09:10 - 2013-08-23 19:09 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2014-03-03 09:10 - 2013-07-02 15:32 - 00000000 ____D () C:\Users\derrick\Desktop\StarMade
2014-03-03 09:10 - 2013-04-09 22:02 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-03-03 09:10 - 2013-03-17 15:51 - 00000000 ____D () C:\Users\derrick\Desktop\DESKTOP CLEANUP
2014-03-03 09:10 - 2013-02-16 20:11 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-03 09:10 - 2012-12-31 20:21 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-03 09:10 - 2012-12-31 20:07 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-03 09:10 - 2012-12-31 19:47 - 00000000 ___RD () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-03 09:10 - 2012-12-31 19:47 - 00000000 ____D () C:\Users\derrick
2014-03-03 09:10 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-03 09:09 - 2013-12-27 17:23 - 00000000 ____D () C:\Users\derrick\AppData\Local\TeamSpeak 3 Client
2014-03-03 09:09 - 2013-03-17 15:54 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\.minecraft
2014-03-03 09:09 - 2012-12-31 19:47 - 00000000 ___RD () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-03 09:09 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\registration
2014-03-03 08:58 - 2012-12-31 19:48 - 00000951 _____ () C:\Users\derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-03 07:19 - 2014-03-03 07:19 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 07:19 - 2014-03-03 07:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 03:27 - 2014-03-03 03:27 - 00003432 _____ () C:\{9041C36B-8D14-4A7D-90B6-4F6C8E8E8F20}
2014-03-03 03:25 - 2014-03-03 03:25 - 00002432 _____ () C:\{1CDCC48F-251C-46B0-BDFF-5038B764A7A0}
2014-03-03 03:23 - 2014-03-03 03:23 - 00002336 _____ () C:\{5DD87BB8-D60E-497E-9960-DA429B2EE79F}
2014-03-03 03:21 - 2014-03-03 03:21 - 00002328 _____ () C:\{434615A0-D5C6-4145-8DBB-E88760E72488}
2014-03-03 03:18 - 2014-03-03 03:18 - 00003640 _____ () C:\{80318985-8767-430B-8949-67B45F172301}
2014-03-03 03:17 - 2014-03-03 03:17 - 00002808 _____ () C:\{F7C495E9-EEE3-4180-9284-3FFCA1BA7661}
2014-03-03 03:07 - 2014-03-03 03:07 - 00002656 _____ () C:\{515E7716-ECF9-449B-8199-0EECE93BE6BF}
2014-03-03 02:45 - 2014-03-02 19:42 - 00000000 ____D () C:\Users\derrick\AppData\Local\GCC
2014-03-03 00:08 - 2006-11-02 04:22 - 35389440 _____ () C:\Windows\system32\config\software_previous
2014-03-03 00:08 - 2006-11-02 04:22 - 16777216 _____ () C:\Windows\system32\config\system_previous
2014-03-03 00:07 - 2014-03-01 11:58 - 00000000 ____D () C:\Users\derrick\AppData\Roaming\Battle.net
2014-03-03 00:07 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-03 00:05 - 2014-03-02 08:42 - 00000000 ____D () C:\Program Files\HemiSoft
2014-03-03 00:02 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-03-03 00:02 - 2006-11-02 04:22 - 39321600 _____ () C:\Windows\system32\config\components_previous
2014-03-03 00:02 - 2006-11-02 04:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-03-02 21:57 - 2006-11-02 04:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-03-02 21:56 - 2006-11-02 04:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-02 21:47 - 2013-10-04 14:48 - 00000000 ____D () C:\Users\derrick\AppData\Local\CrashDumps
2014-03-02 20:06 - 2014-03-02 20:06 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi(1)
2014-03-02 19:57 - 2014-03-01 11:58 - 00000000 ____D () C:\Users\derrick\AppData\Local\Battle.net
2014-03-02 19:47 - 2014-03-02 19:47 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-02 19:47 - 2014-03-02 19:47 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-02 19:35 - 2014-03-02 19:35 - 00000000 _____ () C:\Users\derrick\Downloads\World of Warcraft Client 3.3.5a - Ready to Play (1).exe
2014-03-02 19:33 - 2014-03-02 19:33 - 00000000 _____ () C:\Users\derrick\Downloads\World of Warcraft Client 3.3.5a - Ready to Play.exe
2014-03-02 08:43 - 2014-03-02 08:43 - 00000000 ____D () C:\Users\derrick\AppData\Local\HemiSoft
2014-03-02 08:42 - 2014-03-02 08:42 - 00001093 _____ () C:\Users\Public\Desktop\HeroesWoW Launcher.lnk
2014-03-02 08:32 - 2014-03-02 08:33 - 07000683 _____ () C:\Users\derrick\Desktop\Heroes-WoW+Launcher.zip
2014-03-02 08:32 - 2014-03-02 08:31 - 07000683 _____ () C:\Users\derrick\Downloads\Heroes-WoW+Launcher.zip
2014-03-01 15:49 - 2014-03-01 15:45 - 193008717 _____ () C:\Users\derrick\Downloads\64px_[mc1.7.4]_Resident_Evi_Pack.7z
2014-03-01 11:58 - 2014-03-01 11:58 - 00000945 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-01 11:58 - 2014-03-01 11:58 - 00000000 ____D () C:\Program Files\Battle.net
2014-03-01 11:58 - 2013-04-06 15:27 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-03-01 11:56 - 2014-03-01 11:56 - 05748928 _____ (Blizzard Entertainment) C:\Users\derrick\Desktop\Battle.net-Beta-Setup-enUS.exe
2014-03-01 11:56 - 2014-03-01 11:55 - 05748928 _____ (Blizzard Entertainment) C:\Users\derrick\Downloads\Battle.net-Beta-Setup-enUS.exe
2014-02-27 15:58 - 2013-10-14 17:34 - 00002377 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-23 17:31 - 2013-02-09 15:39 - 00000214 _____ () C:\Users\derrick\Desktop\Borderlands.url
2014-02-23 11:15 - 2014-02-23 11:14 - 00016508 _____ () C:\Users\derrick\Desktop\Red Panda...txt
2014-02-23 11:14 - 2014-02-05 10:22 - 00047448 _____ () C:\Users\derrick\Desktop\liancakd.txt
2014-02-19 06:41 - 2014-02-18 19:18 - 00044219 _____ () C:\Users\derrick\Desktop\Summer.txt
2014-02-13 03:52 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 03:22 - 2013-07-13 23:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 03:17 - 2006-11-02 04:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-13 03:10 - 2006-11-02 04:33 - 00752854 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 02:58 - 2014-02-13 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 02:56 - 2014-02-13 03:04 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 02:53 - 2014-02-13 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 02:51 - 2014-02-13 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 02:50 - 2014-02-13 03:04 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 02:49 - 2014-02-13 03:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 02:49 - 2014-02-13 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 02:48 - 2014-02-13 03:04 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 02:48 - 2014-02-13 03:04 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 02:48 - 2014-02-13 03:04 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 02:48 - 2014-02-13 03:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 02:48 - 2014-02-13 03:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 02:47 - 2014-02-13 03:04 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 02:47 - 2014-02-13 03:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 02:47 - 2014-02-13 03:04 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:46 - 2014-02-13 03:04 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 19:49 - 2013-01-03 15:29 - 00281688 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-02-02 19:45 - 2013-01-03 15:07 - 00281688 _____ () C:\Windows\system32\PnkBstrB.ex0

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\derrick\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-04 09:54

==================== End Of Log ============================



#5 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 12:23 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2014 01
Ran by derrick at 2014-03-04 11:18:49
Running from C:\Users\derrick\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - )
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve )
Dungeon Defenders Demo (HKLM\...\Steam App 201680) (Version:  - )
Dwarfs F2P (HKLM\...\Steam App 213650) (Version:  - )
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Evoland (HKLM\...\Steam App 233470) (Version:  - )
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft)
Fuze Zip (HKCU\...\FuzeZip) (Version: 1.0.0.131625 - Koyote Soft)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
HeroesWoW Launcher (HKLM\...\{0AED5A00-F8FA-45EA-AE25-BFC914F87574}) (Version: 1.0.0 - HemiSoft)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Norton 360 (HKLM\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
NVIDIA PhysX v8.10.29 (HKLM\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Crate Box (HKLM\...\Steam App 212800) (Version:  - )
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

22-02-2014 07:56:35 Scheduled Checkpoint
23-02-2014 06:00:05 Scheduled Checkpoint
24-02-2014 05:51:43 Scheduled Checkpoint
25-02-2014 06:00:04 Scheduled Checkpoint
26-02-2014 13:00:50 Scheduled Checkpoint
27-02-2014 10:43:39 Scheduled Checkpoint
01-03-2014 04:11:29 Scheduled Checkpoint
02-03-2014 14:41:09 Installed HeroesWoW Launcher
03-03-2014 01:45:18 Removed HeroesWoW Launcher
03-03-2014 13:07:59 Removed LogMeIn Hamachi
03-03-2014 14:07:40 Restore Operation
03-03-2014 14:59:04 Restore Operation

==================== Hosts content: ==========================

2006-11-02 04:23 - 2014-03-04 09:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01A1D202-4F70-48FE-B3D7-6530DE5BF156} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {198E7293-8DB9-43A8-A84C-61C6010CF6F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-31] (Google Inc.)
Task: {2C11B6A0-9AA5-48FF-9984-A80AFD97B75D} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\derrick\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {5EF3A97E-E67F-4FAD-96F6-DF8C5F4599F5} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {5FA74FC1-2541-4E06-8334-0C0798662EC7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {603B2240-9FD6-4CBF-AF31-4DD34829CC82} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {9FC722BC-DB65-4F80-82FD-0EB43B19D21C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {A58C9E9F-9500-4E6F-AD43-80E17FA133E3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B63461D8-B824-4F04-BE2A-905758AE7220} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-31] (Google Inc.)
Task: {CA770545-B56B-4E34-A6A6-2F580E05A2B0} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {DEBF5732-6878-4FC5-923A-C54C296AEAF4} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)
Task: {EBD23038-0494-44E3-A6D6-01242C994179} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {EE13BCF7-A6C2-4DF6-B2A6-3FF024B52809} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe

==================== Loaded Modules (whitelisted) =============

2011-11-10 01:11 - 2011-11-10 01:11 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2014-02-05 09:30 - 2014-02-05 09:30 - 00475648 _____ () C:\Users\derrick\AppData\Local\GCC\Controller.exe
2014-02-13 03:48 - 2014-02-13 03:48 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\a47b676d7894369497373cf74ff2d2fb\VistaBridgeLibrary.ni.dll
2013-07-27 13:48 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
2014-03-04 11:17 - 2014-03-04 11:17 - 00070144 _____ () C:\Users\derrick\AppData\Local\Temp\GC\Profiles\{99FAAD8D-237C-4E6B-98AF-BB8D74AB86E4}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll
2014-03-02 22:40 - 2013-12-03 20:48 - 04055504 _____ () C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\pdf.dll
2014-03-02 22:43 - 2013-12-03 20:48 - 00399312 _____ () C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll
2014-03-02 22:40 - 2013-12-03 20:47 - 01619408 _____ () C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll
2013-08-13 06:15 - 2013-08-13 06:15 - 00206336 _____ () C:\Users\derrick\AppData\Local\Temp\GC\Profiles\{99FAAD8D-237C-4E6B-98AF-BB8D74AB86E4}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
2014-03-02 22:41 - 2013-12-03 20:48 - 13586896 _____ () C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2014 10:54:39 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e0c
Start Time: 01cf37c03124485d
Termination Time: 9

Error: (03/04/2014 09:41:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 09:15:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 08:35:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 06:06:06 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOOGLE CHROME> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/03/2014 06:06:06 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOOGLE CHROME> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/03/2014 05:35:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 05:32:40 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 14a8
Start Time: 01cf372f5dbf1308
Termination Time: 31

Error: (03/03/2014 04:24:26 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cf8
Start Time: 01cf37269b33d3a8
Termination Time: 18

Error: (03/03/2014 03:21:52 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1014
Start Time: 01cf3720da3caa08
Termination Time: 5

System errors:
=============
Error: (03/04/2014 09:34:23 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/04/2014 09:30:31 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/04/2014 09:24:39 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JAIME-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C1FA7964-FB7C-4525-9D24-E8B1BAF4D.
The master browser is stopping or an election is being forced.

Error: (03/04/2014 09:21:39 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/04/2014 09:20:56 AM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Error: (03/04/2014 09:02:21 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/04/2014 08:56:05 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/04/2014 08:48:37 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JAIME-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C1FA7964-FB7C-4525-9D24-E8B1BAF4D.
The master browser is stopping or an election is being forced.

Error: (03/04/2014 08:46:21 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (03/04/2014 08:45:34 AM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-04 11:18:26.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 11:18:26.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 11:18:26.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 11:18:25.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 10:30:17.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 10:30:17.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 10:30:17.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 10:30:17.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 10:11:54.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-04 10:11:54.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3069.46 MB
Available physical RAM: 1373.54 MB
Total Pagefile: 6359.19 MB
Available Pagefile: 4582.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.19 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:217.78 GB) (Free:43.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 PM

Posted 04 March 2014 - 12:51 PM

Hello,

I see that you've already run Combofix and Roguekiller. Can you please post up the two log files of these runs. You find them at C:\ComboFix.txt and C:\Users\derrick\Desktop\RKreport[0]_S_03032014_101617.txt.


Step 1

Please visit VirusTotal and scan a file as follows:

  • Click on Choose File.
  • Copy and paste the following into the file name textbox:
    C:\{DB4CF3CB-439E-438B-8F5D-6DBE9BD199BF}
    and click Open.
  • Now hit the Scan it! button on the website to scan the selected file.
  • If you get the message

    File already analysed - This file was last analyse by VirusTotal on ....

    then click on Reanalyse!
  • Wait until the scan has finished.
  • Copy the URL from your browsers address bar and paste it in your next reply.

 

 

 

Step 2

Please download this attached Attached File  fixlist.txt   1.68KB   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 12:55 PM

ComboFix 14-03-04.01 - derrick 03/04/2014   9:22.3.2 - x86
Running from: c:\users\derrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK52YVH2\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\derrick\AppData\Local\Temp\GC\Profiles\{18E6D755-32A2-465E-9DB8-C7B2BC2506DF}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\derrick\AppData\Local\Temp\GC\Profiles\{18E6D755-32A2-465E-9DB8-C7B2BC2506DF}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-04 to 2014-03-04  )))))))))))))))))))))))))))))))
.
.
2014-03-04 15:34 . 2014-03-04 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-03 16:54 . 2014-03-04 15:13 -------- d-----w- C:\AdwCleaner
2014-03-03 16:07 . 2014-03-03 16:07 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-03-03 15:48 . 2014-03-03 16:47 -------- d-----w- c:\users\sharonrose
2014-03-03 13:18 . 2014-03-03 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-03 13:18 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-03 02:06 . 2014-03-03 02:06 -------- d-----w- c:\program files\LogMeIn Hamachi(1)
2014-03-03 01:47 . 2014-03-03 01:47 -------- d-----w- c:\users\Default\AppData\Local\Google
2014-03-03 01:42 . 2014-03-03 08:45 -------- d-----w- c:\users\derrick\AppData\Local\GCC
2014-03-02 14:43 . 2014-03-02 14:43 -------- d-----w- c:\users\derrick\AppData\Local\HemiSoft
2014-03-02 14:42 . 2014-03-03 06:05 -------- d-----w- c:\program files\HemiSoft
2014-03-01 17:58 . 2014-03-03 06:07 -------- d-----w- c:\users\derrick\AppData\Roaming\Battle.net
2014-03-01 17:58 . 2014-03-03 01:57 -------- d-----w- c:\users\derrick\AppData\Local\Battle.net
2014-03-01 17:58 . 2014-03-01 17:58 -------- d-----w- c:\program files\Battle.net
2014-02-13 09:03 . 2014-02-05 08:50 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-02-13 09:03 . 2014-02-05 08:50 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2014-02-13 09:03 . 2014-02-05 08:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-12 21:22 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-03 01:49 . 2013-01-03 21:29 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-02-03 01:45 . 2013-01-03 21:07 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-07 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-07 13:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-02-25 21:57 1821888 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-03 17:03 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-01 01:58]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-01 01:58]
.
2014-03-04 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-07 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-04 09:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-03-04  09:36:46
ComboFix-quarantined-files.txt  2014-03-04 15:36
ComboFix2.txt  2014-03-04 15:05
ComboFix3.txt  2014-03-03 16:50
.
Pre-Run: 47,820,419,072 bytes free
Post-Run: 47,786,663,936 bytes free
.
- - End Of File - - 4A5F92534C5C5661058A756876244CD6
5C616939100B85E558DA92B899A0FC36
 


RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : derrick [Admin rights]
Mode : Scan -- Date : 03/03/2014 10:16:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Controller.exe -- C:\Users\derrick\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
[SUSP PATH] Controller.exe -- C:\Users\derrick\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V2][SUSP PATH] EPUpdater : C:\Users\derrick\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND
[V2][SUSP PATH] FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl : C:\Users\derrick\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe - /now /chrome /imbar /cmd='--app=hxxp://www.iminent.com/front/activation?refid=1 --app-window=640,480'  /extid=igdhbblpcellaljokkpfhcjlagemhgjl   /delay=5 [x] -> FOUND
[V2][SUSP PATH] GC_Informer : "%LOCALAPPDATA%\GCC\Controller.exe" - --Informer [x] -> FOUND
[V2][SUSP PATH] GC_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" [x] -> FOUND
[V2][SUSP PATH] UP_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" - --Update [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x81EA9823 -> HOOKED (Unknown @ 0x87E5A358)
[Address] SSDT[14] : NtAlertThread @ 0x81E2234F -> HOOKED (Unknown @ 0x87E5A3F0)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x81E5E69D -> HOOKED (Unknown @ 0x882C50A0)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x81E008A7 -> HOOKED (Unknown @ 0x87A880A8)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x81DD3B32 -> HOOKED (Unknown @ 0x8814BCF0)
[Address] SSDT[67] : NtCreateMutant @ 0x81E36993 -> HOOKED (Unknown @ 0x87E5A180)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x81DD6349 -> HOOKED (Unknown @ 0x8814BAE8)
[Address] SSDT[78] : NtCreateThread @ 0x81EA7E40 -> HOOKED (Unknown @ 0x87BDBBA0)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x81E7AED4 -> HOOKED (Unknown @ 0x8814BD88)
[Address] SSDT[129] : NtDuplicateObject @ 0x81E0E579 -> HOOKED (Unknown @ 0x880CA260)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x81C9AE75 -> HOOKED (Unknown @ 0x87FC82F8)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x81DD0F3F -> HOOKED (Unknown @ 0x87E5A228)
[Address] SSDT[158] : NtImpersonateThread @ 0x81DE6589 -> HOOKED (Unknown @ 0x87E5A2C0)
[Address] SSDT[165] : NtLoadDriver @ 0x81D81E12 -> HOOKED (Unknown @ 0x87A88030)
[Address] SSDT[177] : NtMapViewOfSection @ 0x81E26994 -> HOOKED (Unknown @ 0x87FC8240)
[Address] SSDT[184] : NtOpenEvent @ 0x81E0FDF7 -> HOOKED (Unknown @ 0x87E5A0E8)
[Address] SSDT[194] : NtOpenProcess @ 0x81E3712F -> HOOKED (Unknown @ 0x87F47C88)
[Address] SSDT[195] : NtOpenProcessToken @ 0x81E17A58 -> HOOKED (Unknown @ 0x87BDBAD0)
[Address] SSDT[197] : NtOpenSection @ 0x81E2778C -> HOOKED (Unknown @ 0x8814BED8)
[Address] SSDT[201] : NtOpenThread @ 0x81E3262B -> HOOKED (Unknown @ 0x881EADF0)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x81E303E2 -> HOOKED (Unknown @ 0x8814BC48)
[Address] SSDT[282] : NtResumeThread @ 0x81E31C4A -> HOOKED (Unknown @ 0x87E5A488)
[Address] SSDT[289] : NtSetContextThread @ 0x81EA92CF -> HOOKED (Unknown @ 0x87E5A650)
[Address] SSDT[305] : NtSetInformationProcess @ 0x81E2A9E6 -> HOOKED (Unknown @ 0x87E5A6E8)
[Address] SSDT[317] : NtSetSystemInformation @ 0x81DFCF1E -> HOOKED (Unknown @ 0x8814BE20)
[Address] SSDT[330] : NtSuspendProcess @ 0x81EA975F -> HOOKED (Unknown @ 0x8814BF70)
[Address] SSDT[331] : NtSuspendThread @ 0x81DB0945 -> HOOKED (Unknown @ 0x87E5A520)
[Address] SSDT[334] : NtTerminateProcess @ 0x81E0716B -> HOOKED (Unknown @ 0x87BDB078)
[Address] SSDT[335] : unknown @ 0x81E32660 -> HOOKED (Unknown @ 0x87E5A5B8)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x81E26C57 -> HOOKED (Unknown @ 0x87E5A790)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x81E23A27 -> HOOKED (Unknown @ 0x87FC83A0)
[Address] SSDT[382] : NtCreateThreadEx @ 0x81E32115 -> HOOKED (Unknown @ 0x8814BB90)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87E1A260)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x864ECDA8)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x87E1A470)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87E1ABB0)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87DD58E0)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x87DD5688)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x87DD5798)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87DD5710)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87DD5B90)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x87E13568)
[Inline] IAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647D2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647BFA79)
[Inline] EAT @iexplore.exe (RegSetValueExA) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C510)
[Inline] EAT @iexplore.exe (MessageBoxA) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF20)
[Inline] EAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x062EFD70)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x062EFEA0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x062F1800)
[Inline] IAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647D2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647BFA79)
[Inline] EAT @iexplore.exe (RegSetValueExA) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C510)
[Inline] EAT @iexplore.exe (MessageBoxA) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF20)
[Inline] EAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x066AFD70)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x066AFEA0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x066B1800)
[Inline] IAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647D2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647BFA79)
[Inline] EAT @iexplore.exe (RegSetValueExA) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C510)
[Inline] EAT @iexplore.exe (MessageBoxA) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF20)
[Inline] EAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x065BFD70)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x065BFEA0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x065C1800)
[Inline] IAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647B4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647D2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x647BFA79)
[Inline] EAT @iexplore.exe (RegSetValueExA) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : ADVAPI32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1C510)
[Inline] EAT @iexplore.exe (MessageBoxA) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF20)
[Inline] EAT @iexplore.exe (MessageBoxW) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\hktbKey0.dll @ 0x62B1CF80)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x064EFD70)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : USER32.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x064EFEA0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\derrick\AppData\LocalLow\KeyBar_1.12\tbKey0.dll @ 0x064F1800)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDP725025GLA380 ATA Device +++++
--- User ---
[MBR] 29f546ddc68dd87d3976c011a0a202af
[BSP] 143500e28e0f7628a019343ed6099823 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31555584 | Size: 223009 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03032014_101617.txt >>

 

 



#8 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 12:58 PM

https://www.virustotal.com/en/file/21ebcbf6835621bcec37f7f643dc03df28f94707ca2361e5625a9540bca40154/analysis/1393955799/



#9 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 01:10 PM

on step2 of fixlist stuff, i got about a hundred popups fly up, and farbar went to nonresponsive, and has not became responsive as of yet.

#10 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 01:26 PM

its responding every so often when the popups are not going. this must be a long fix though from the time.

#11 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 02:07 PM

fixlog is complete, when i try to paste on here it will not. keeps saying this site is not responsive on all browsers.

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 PM

Posted 04 March 2014 - 02:10 PM

Please reboot your computer and try again. :)

#13 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 02:12 PM

is it possible its too big to post on here? it seems to post smaller files no problem, just not this one. will reboot and try though.

#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 PM

Posted 04 March 2014 - 02:16 PM

If it still doesn't work then you can try to split the log up in smaller pieces and post them one-by-one.

Edited by aharonov, 04 March 2014 - 02:17 PM.


#15 smilam2

smilam2
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 March 2014 - 02:28 PM

==============================================

Content of fixlist:
*****************
() C:\Users\derrick\AppData\Local\GCC\Controller.exe
(Google Inc.) C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe
C:\Users\derrick\AppData\Local\GCC
SearchScopes: HKCU - DefaultScope {2F2F93BD-750D-4DCE-A70B-E42EDE8233AD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN21792443920644219&UM=2
SearchScopes: HKCU - {2F2F93BD-750D-4DCE-A70B-E42EDE8233AD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN21792443920644219&UM=2
CHR Extension: (MixiDJ) - C:\Users\derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb [2013-02-14]
CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\derrick\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\derrick\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
Task: {5EF3A97E-E67F-4FAD-96F6-DF8C5F4599F5} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {2C11B6A0-9AA5-48FF-9984-A80AFD97B75D} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\derrick\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
C:\Users\derrick\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Task: {CA770545-B56B-4E34-A6A6-2F580E05A2B0} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {EE13BCF7-A6C2-4DF6-B2A6-3FF024B52809} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
C:\Users\derrick\AppData\Local\Temp\GC
Reboot:
*****************

[3108] C:\Users\derrick\AppData\Local\GCC\Controller.exe => Process closed successfully.
[6104] C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe => Process closed successfully.

"C:\Users\derrick\AppData\Local\GCC" directory move:

C:\Users\derrick\AppData\Local\GCC\Controller.exe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\GccProfiler.exe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Modules\InSes.dll => Moved successfully.
Could not move "C:\Users\derrick\AppData\Local\GCC\Chrome-bin\chrome.exe" => Scheduled to move on reboot.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\debug.log => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\First Run => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\wow_helper.exe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome.dll => Moved successfully.
Could not move "C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_100_percent.pak" => Scheduled to move on reboot.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_child.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_frame_helper.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_frame_helper.exe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_launcher.exe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_touch_100_percent.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\d3dcompiler_43.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\d3dcompiler_46.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\delegate_execute.exe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\icudt.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\libegl.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\libglesv2.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\libpeerconnection.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\metro_driver.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\nacl64.exe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\nacl_irt_x86_32.nexe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\nacl_irt_x86_64.nexe => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\npchrome_frame.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\pdf.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll => Moved successfully.
Could not move "C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\resources.pak" => Scheduled to move on reboot.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\secondarytile.png => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\widevinecdmadapter.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\xinput1_3.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\VisualElements\logo.png => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\VisualElements\smalllogo.png => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\VisualElements\splash-620x300.png => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\PepperFlash\manifest.json => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\am.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\am.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ar.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ar.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bg.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bg.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bn.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bn.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ca.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ca.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\cs.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\cs.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\da.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\da.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\de.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\de.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\el.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\el.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-GB.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-GB.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-US.dll => Moved successfully.
Could not move "C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-US.pak" => Scheduled to move on reboot.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es-419.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es-419.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\et.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\et.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fa.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fa.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fi.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fi.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fil.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fil.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fr.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fr.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\gu.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\gu.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\he.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\he.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hi.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hi.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hr.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hr.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hu.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hu.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\id.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\id.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\it.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\it.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ja.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ja.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\kn.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\kn.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ko.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ko.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lt.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lt.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lv.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lv.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ml.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ml.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\mr.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\mr.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ms.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ms.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nb.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nb.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nl.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nl.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pl.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pl.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-BR.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-BR.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-PT.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-PT.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ro.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ro.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ru.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ru.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sk.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sk.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sl.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sl.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sr.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sr.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sv.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sv.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sw.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sw.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ta.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ta.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\te.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\te.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\th.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\th.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\tr.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\tr.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\uk.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\uk.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\vi.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\vi.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-CN.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-CN.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-TW.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-TW.pak => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Extensions\external_extensions.json => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\docs.crx => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\drive.crx => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\external_extensions.json => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\gmail.crx => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\search.crx => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\youtube.crx => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Bin\7z.dll => Moved successfully.
C:\Users\derrick\AppData\Local\GCC\Bin\7z.exe => Moved successfully.
Could not move "C:\Users\derrick\AppData\Local\GCC" directory. => Scheduled to move on reboot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users