Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Can't run MBAM or AVG


  • Please log in to reply
10 replies to this topic

#1 ZoeMeow

ZoeMeow

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 09 March 2014 - 04:59 PM

So first thing I noticed was really slow start up speed when I reboot my computer. Then chrome crashed and I could not reopen it, nothing would happen when I clicked it. And a lot of programs get the not responding thing while i'm going about my daily activities. And then I ran Norton a full scan and power eraser came up clean, so then I went manually through my programs folder and had a friend check everything I didn't recognize we found 2 viruses I deleted  them. Still couldn't run MBAM, even in safe mode I couldn't, so I downloaded JRT (Junk Removal Tool) and ran it in safe mode and it found some stuff but I don't have the logs anymore. And then I could run MBAM in safe mode I ran a full scan found nothing. Then I rebooted into normal mode and still couldn't run it. Had to reboot back into safe mode couldn't run it there again either ran JRT again and it found nothing but I could then run MBAM (oddly enough). Here's a list of things i've tried/checked:

Tried reinstalling MBAM in safe mode

Tried Chameleon all of them get stuck at updating (let it run while it was "updating" for over an hour)

Tried renaming MBAM.exe 

Tried full scans with Norton and the power eraser

Tried downloading and using AVG but when the UI comes up it stops responding.

Tried checking my processes in Task Manager nothing was abnormal 

Tried using Revo uninstaller to uninstall MBAM and reinstall it

Tried a full scan when I could get MBAM to run and it came up clean (in safe mode)

Tried running JRT outside of safe mode it won't run

 

All of this just seems too fishy something has to be going on with my computer.

 

I'm on windows 7 and reformatting my hard drive isn't an option. I bought this laptop used with a clean windows 7 install and no longer have the serial code for it. I cannot upload the DDS file every time I use either uploader chrome stops responding.

 

And if this helps windows did some scan for problems and this came up

 
   Windows
Problem: Shut down unexpectedly
Files that help describe the problem:
010314-28438-01.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
   Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20140307-2030.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 


BC AdBot (Login to Remove)

 


#2 ZoeMeow

ZoeMeow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 09 March 2014 - 08:29 PM

So while digging through my folders I went Programs < Common Files < Tencent

Found one named tencent which from googling i'm guessing is a virus but how can I make sure I remove all of it if none of my virus scanners have caught it?


Edited by ZoeMeow, 09 March 2014 - 08:29 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 11 March 2014 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 ZoeMeow

ZoeMeow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 11 March 2014 - 04:47 PM

AdwCleaner

# AdwCleaner v3.020 - Report created 09/03/2014 at 18:57:04
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : newuser - 6930P-H
# Running from : C:\Users\newuser\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\TENCENT
Key Found : HKCU\Software\TENCENT
Key Found : [x64] HKCU\Software\TENCENT
Key Found : HKLM\Software\caphyon
Key Found : HKLM\Software\TENCENT
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Zoe2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [992 octets] - [09/03/2014 18:57:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1051 octets] ##########
 
 
JRT 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by newuser on Tue 03/11/2014 at 14:48:30.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/11/2014 at 14:58:31.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by newuser (administrator) on 6930P-H on 11-03-2014 15:01:03
Running from C:\Users\newuser\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(McAfee, Inc.) C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Bioscrypt Inc.) C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
() C:\Program Files (x86)\puush\puush.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-18] (Synaptics Incorporated)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [PTHOSTTR] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [358456 2010-04-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CognizanceTS] - rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3944438322-2681744179-2072768690-1001\...\Run: [puush] - C:\Program Files (x86)\puush\puush.exe [567880 2014-02-03] ()
HKU\S-1-5-21-3944438322-2681744179-2072768690-1001\...\MountPoints2: {9a37bd01-7811-11e3-8a4b-00247e4aeff0} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3944438322-2681744179-2072768690-1001\...\MountPoints2: {bc021ec5-7e36-11e3-97f1-00247e4aeff0} - F:\autorun.exe
HKU\S-1-5-21-3944438322-2681744179-2072768690-1001\...\MountPoints2: {ced8ec6a-71cc-11e3-bcaa-00247e4aeff0} - E:\autorun.exe
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll [382208 2010-01-18] (Bioscrypt Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook.dll [89856 2010-01-18] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASCredProv64
Startup: C:\Users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
BHO: Credential Manager for HP ProtectTools - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\ItIEAddIn64.dll (Bioscrypt Inc.)
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: Sense - {11111111-1111-1111-1111-110411821192} - C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-13]
CHR Extension: (Google Drive) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (YouTube) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Adblock Plus) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-31]
CHR Extension: (Google Search) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (iMacros for Chrome) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2014-01-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-09-13]
CHR Extension: (Norton Identity Protection) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-05]
CHR Extension: (Google Wallet) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Bitdefender QuickScan) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-03-10]
CHR Extension: (Gmail) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-21]
 
==================== Services (Whitelisted) =================
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192768 2010-01-18] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll [150272 2010-01-18] (Bioscrypt Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] ()
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2010-04-13] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256616 2010-03-05] (McAfee, Inc.)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] ()
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-15] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-04] (Symantec Corporation)
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140307.001\IDSvia64.sys [524504 2014-03-07] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140307.023\ENG64.SYS [126040 2014-03-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140307.023\EX64.SYS [2099288 2014-03-07] (Symantec Corporation)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [14952 2010-03-05] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [55912 2010-03-05] ()
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2007-07-16] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15464 2010-03-05] (SafeBoot International)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2014-02-04] (TENCENT)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-11 15:01 - 2014-03-11 15:01 - 00020685 _____ () C:\Users\newuser\Downloads\FRST.txt
2014-03-11 15:00 - 2014-03-11 15:01 - 00000000 ____D () C:\FRST
2014-03-11 15:00 - 2014-03-11 15:00 - 02157056 _____ (Farbar) C:\Users\newuser\Downloads\FRST64.exe
2014-03-11 15:00 - 2014-03-11 15:00 - 01145856 _____ (Farbar) C:\Users\newuser\Downloads\FRST.exe
2014-03-11 14:58 - 2014-03-11 14:58 - 00000635 _____ () C:\Users\newuser\Desktop\JRT.txt
2014-03-11 14:58 - 2014-03-11 14:58 - 00000000 ____D () C:\Users\newuser\Desktop\Virus stuffs
2014-03-11 14:47 - 2014-03-11 14:47 - 01037734 _____ (Thisisu) C:\Users\newuser\Downloads\JRT (1).exe
2014-03-10 18:02 - 2014-03-10 18:02 - 00925800 _____ () C:\Users\newuser\Downloads\96AA.tmp
2014-03-10 18:00 - 2014-03-10 18:00 - 00008313 _____ () C:\Users\newuser\Downloads\8ACB.tmp
2014-03-10 17:45 - 2014-03-10 17:45 - 00925800 _____ () C:\Users\newuser\Downloads\9612.tmp
2014-03-10 17:41 - 2014-03-10 17:41 - 00925800 _____ () C:\Users\newuser\Downloads\7A87.tmp
2014-03-10 00:42 - 2014-03-10 00:42 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\QuickScan
2014-03-09 19:25 - 2014-03-09 19:25 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\HD Tune Pro
2014-03-09 19:24 - 2014-03-09 19:24 - 00001037 _____ () C:\Users\newuser\Desktop\HD Tune Pro.lnk
2014-03-09 19:24 - 2014-03-09 19:24 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-03-09 19:23 - 2014-03-09 19:23 - 02195900 _____ (EFD Software ) C:\Users\newuser\Downloads\hdtunepro_550_trial.exe
2014-03-09 19:18 - 2014-03-09 19:18 - 00001190 _____ () C:\Users\newuser\Desktop\CrystalDiskInfo.lnk
2014-03-09 19:18 - 2014-03-09 19:18 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-03-09 19:17 - 2014-03-09 19:17 - 02773368 _____ (Crystal Dew World ) C:\Users\newuser\Downloads\CrystalDiskInfo6_1_9a-en.exe
2014-03-09 18:57 - 2014-03-09 20:44 - 00000000 ____D () C:\AdwCleaner
2014-03-09 18:54 - 2014-03-09 18:55 - 00982016 _____ (Farbar) C:\Users\newuser\Downloads\MiniToolBox (2).exe
2014-03-09 18:52 - 2014-03-09 18:52 - 00982016 _____ (Farbar) C:\Users\newuser\Downloads\MiniToolBox (1).exe
2014-03-09 18:19 - 2014-03-09 18:20 - 103696656 _____ (Microsoft Corporation) C:\Users\newuser\Downloads\msert (1).exe
2014-03-09 18:18 - 2014-03-09 18:19 - 101033232 _____ (Microsoft Corporation) C:\Users\newuser\Downloads\msert.exe
2014-03-09 18:08 - 2014-03-09 18:46 - 00028445 _____ () C:\Users\newuser\Downloads\Result.txt
2014-03-09 17:57 - 2014-03-09 17:57 - 00002964 _____ () C:\Windows\System32\Tasks\{2B84A9FC-4088-43BF-8A27-C3492A775B38}
2014-03-09 16:10 - 2014-03-09 16:10 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-03-09 16:10 - 2014-03-09 16:10 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-03-09 16:09 - 2014-03-09 16:09 - 03185096 _____ () C:\Users\newuser\Downloads\advisorinstaller.exe
2014-03-09 15:57 - 2014-03-09 15:58 - 11687960 _____ (Bitcoin project) C:\Users\newuser\Downloads\bitcoin-0.8.6-win32-setup.exe
2014-03-09 15:51 - 2014-03-09 15:51 - 68088313 _____ (butterflylabs) C:\Users\newuser\Downloads\easyminer.exe
2014-03-09 15:40 - 2014-03-09 15:40 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-09 15:40 - 2014-03-09 15:40 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\Malwarebytes
2014-03-09 15:40 - 2014-03-09 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-09 15:40 - 2014-03-09 15:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 15:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-09 15:40 - 2012-12-03 15:41 - 00000000 ____D () C:\Users\newuser\Desktop\guiminer
2014-03-09 15:39 - 2014-03-09 15:39 - 07731626 _____ (Igor Pavlov) C:\Users\newuser\Downloads\guiminer-20121203.exe
2014-03-09 15:33 - 2014-03-09 15:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\newuser\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-09 15:00 - 2014-03-09 15:00 - 00080456 _____ (Malwarebytes Corporation) C:\Users\newuser\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-09 14:48 - 2014-03-09 14:48 - 00001668 _____ () C:\Users\newuser\Desktop\attach.zip
2014-03-09 14:26 - 2014-03-09 14:26 - 00688992 ____R (Swearware) C:\Users\newuser\Downloads\dds.com
2014-03-09 14:21 - 2014-03-09 14:21 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-09 14:21 - 2014-03-09 14:21 - 00000000 ____D () C:\Users\newuser\AppData\Local\VS Revo Group
2014-03-09 14:21 - 2014-03-09 14:21 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-09 14:21 - 2014-03-09 14:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-09 14:21 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-03-08 10:44 - 2014-03-08 10:44 - 00000632 _____ () C:\Users\Zoe2\Desktop\JRT.txt
2014-03-08 10:41 - 2014-03-08 10:41 - 01037734 _____ (Thisisu) C:\Users\Zoe2\Downloads\JRT.exe
2014-03-08 10:37 - 2014-03-08 10:37 - 00000000 ____D () C:\Users\Zoe2\AppData\Roaming\Malwarebytes
2014-03-08 10:36 - 2014-03-08 10:36 - 00667272 _____ ( ) C:\Users\Zoe2\Downloads\ZipSetup.exe
2014-03-08 00:45 - 2014-03-09 15:05 - 00045430 _____ () C:\Windows\PFRO.log
2014-03-07 23:53 - 2014-03-07 23:53 - 00000000 ____D () C:\Windows\ERUNT
2014-03-07 23:01 - 2014-03-07 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 22:58 - 2014-03-07 22:58 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-03-07 22:57 - 2014-03-07 23:39 - 00000000 ____D () C:\Users\newuser\Desktop\mbar
2014-03-07 22:03 - 2014-03-09 20:46 - 00000560 _____ () C:\Windows\setupact.log
2014-03-07 22:03 - 2014-03-07 22:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 21:04 - 2014-03-07 21:04 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-07 21:04 - 2014-03-07 21:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-07 21:04 - 2014-03-07 21:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-07 21:03 - 2014-03-07 21:03 - 04765152 _____ (Piriform Ltd) C:\Users\newuser\Downloads\ccsetup411.exe
2014-03-07 20:41 - 2014-03-07 23:49 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-07 20:41 - 2014-03-07 20:41 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\TuneUp Software
2014-03-07 20:41 - 2014-03-07 20:41 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\AVG2014
2014-03-07 20:39 - 2014-03-08 00:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-07 20:39 - 2014-03-07 23:52 - 00000000 ____D () C:\Users\newuser\AppData\Local\Avg2014
2014-03-07 20:39 - 2014-03-07 20:39 - 04462384 _____ (AVG Technologies) C:\Users\newuser\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-07 20:39 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\newuser\AppData\Local\MFAData
2014-02-23 20:51 - 2014-03-11 02:53 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-02-23 20:51 - 2014-03-02 12:59 - 00001905 _____ () C:\Users\Public\Desktop\LOL Recorder.lnk
2014-02-23 20:51 - 2014-02-24 13:47 - 00000000 ____D () C:\Users\newuser\Documents\LOLReplay
2014-02-14 04:03 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 04:03 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 04:02 - 2014-02-06 05:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 04:02 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 04:02 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 04:02 - 2014-02-06 04:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 04:02 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 04:02 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 04:02 - 2014-02-06 03:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 04:02 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 04:02 - 2014-02-06 03:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 04:02 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 04:02 - 2014-02-06 03:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 04:02 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 04:02 - 2014-02-06 03:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 04:02 - 2014-02-06 03:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 04:02 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 04:02 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 04:02 - 2014-02-06 03:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 04:02 - 2014-02-06 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 04:02 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 04:02 - 2014-02-06 02:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 04:02 - 2014-02-06 02:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 04:02 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 04:02 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 04:02 - 2014-02-06 02:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 04:02 - 2014-02-06 02:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 04:02 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 04:02 - 2014-02-06 02:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 04:02 - 2014-02-06 02:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 04:02 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 04:02 - 2014-02-06 02:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 04:02 - 2014-02-06 02:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 04:02 - 2014-02-06 02:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 04:02 - 2014-02-06 02:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 04:02 - 2014-02-06 02:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 04:02 - 2014-02-06 01:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 04:02 - 2014-02-06 01:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 04:02 - 2014-02-06 01:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 04:02 - 2014-02-06 01:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 04:02 - 2014-02-06 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 00:34 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 00:34 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 00:34 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 00:34 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 00:34 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 00:34 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 00:34 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 00:34 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 00:34 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 00:34 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 00:34 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 00:34 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 00:34 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 00:34 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 00:34 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 00:34 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 00:34 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 00:34 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 00:34 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 00:34 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 00:34 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 00:34 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 00:34 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 00:34 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 00:34 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 00:34 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 00:34 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 00:34 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 19:58 - 2014-02-11 19:58 - 00000000 ____D () C:\Program Files (x86)\AirPort
2014-02-11 17:11 - 2013-11-08 18:54 - 00004195 _____ () C:\Users\newuser\Desktop\NA_Network_Diagnostic_Test_v3.bat
 
==================== One Month Modified Files and Folders =======
 
2014-03-11 15:01 - 2014-03-11 15:01 - 00020685 _____ () C:\Users\newuser\Downloads\FRST.txt
2014-03-11 15:01 - 2014-03-11 15:00 - 00000000 ____D () C:\FRST
2014-03-11 15:00 - 2014-03-11 15:00 - 02157056 _____ (Farbar) C:\Users\newuser\Downloads\FRST64.exe
2014-03-11 15:00 - 2014-03-11 15:00 - 01145856 _____ (Farbar) C:\Users\newuser\Downloads\FRST.exe
2014-03-11 14:58 - 2014-03-11 14:58 - 00000635 _____ () C:\Users\newuser\Desktop\JRT.txt
2014-03-11 14:58 - 2014-03-11 14:58 - 00000000 ____D () C:\Users\newuser\Desktop\Virus stuffs
2014-03-11 14:47 - 2014-03-11 14:47 - 01037734 _____ (Thisisu) C:\Users\newuser\Downloads\JRT (1).exe
2014-03-11 14:47 - 2013-09-13 21:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 14:29 - 2013-09-07 03:45 - 02028911 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 14:07 - 2013-09-13 21:05 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 12:47 - 2013-09-13 21:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 12:47 - 2013-09-13 21:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 12:47 - 2013-09-13 21:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 09:32 - 2014-01-26 00:00 - 00000000 ____D () C:\Users\newuser\AppData\Local\CrashDumps
2014-03-11 06:07 - 2013-09-13 21:05 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 02:53 - 2014-02-23 20:51 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-03-11 02:53 - 2014-02-03 19:14 - 00000000 ____D () C:\Program Files (x86)\puush
2014-03-10 18:02 - 2014-03-10 18:02 - 00925800 _____ () C:\Users\newuser\Downloads\96AA.tmp
2014-03-10 18:00 - 2014-03-10 18:00 - 00008313 _____ () C:\Users\newuser\Downloads\8ACB.tmp
2014-03-10 17:45 - 2014-03-10 17:45 - 00925800 _____ () C:\Users\newuser\Downloads\9612.tmp
2014-03-10 17:41 - 2014-03-10 17:41 - 00925800 _____ () C:\Users\newuser\Downloads\7A87.tmp
2014-03-10 00:42 - 2014-03-10 00:42 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\QuickScan
2014-03-09 20:53 - 2009-07-13 21:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 20:53 - 2009-07-13 21:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 20:46 - 2014-03-07 22:03 - 00000560 _____ () C:\Windows\setupact.log
2014-03-09 20:46 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 20:44 - 2014-03-09 18:57 - 00000000 ____D () C:\AdwCleaner
2014-03-09 19:25 - 2014-03-09 19:25 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\HD Tune Pro
2014-03-09 19:24 - 2014-03-09 19:24 - 00001037 _____ () C:\Users\newuser\Desktop\HD Tune Pro.lnk
2014-03-09 19:24 - 2014-03-09 19:24 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-03-09 19:23 - 2014-03-09 19:23 - 02195900 _____ (EFD Software ) C:\Users\newuser\Downloads\hdtunepro_550_trial.exe
2014-03-09 19:18 - 2014-03-09 19:18 - 00001190 _____ () C:\Users\newuser\Desktop\CrystalDiskInfo.lnk
2014-03-09 19:18 - 2014-03-09 19:18 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-03-09 19:17 - 2014-03-09 19:17 - 02773368 _____ (Crystal Dew World ) C:\Users\newuser\Downloads\CrystalDiskInfo6_1_9a-en.exe
2014-03-09 18:55 - 2014-03-09 18:54 - 00982016 _____ (Farbar) C:\Users\newuser\Downloads\MiniToolBox (2).exe
2014-03-09 18:52 - 2014-03-09 18:52 - 00982016 _____ (Farbar) C:\Users\newuser\Downloads\MiniToolBox (1).exe
2014-03-09 18:46 - 2014-03-09 18:08 - 00028445 _____ () C:\Users\newuser\Downloads\Result.txt
2014-03-09 18:46 - 2009-07-13 22:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 18:20 - 2014-03-09 18:19 - 103696656 _____ (Microsoft Corporation) C:\Users\newuser\Downloads\msert (1).exe
2014-03-09 18:19 - 2014-03-09 18:18 - 101033232 _____ (Microsoft Corporation) C:\Users\newuser\Downloads\msert.exe
2014-03-09 17:57 - 2014-03-09 17:57 - 00002964 _____ () C:\Windows\System32\Tasks\{2B84A9FC-4088-43BF-8A27-C3492A775B38}
2014-03-09 17:56 - 2013-12-31 02:51 - 00000000 ____D () C:\Users\newuser\AppData\Local\Skyrim
2014-03-09 16:10 - 2014-03-09 16:10 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-03-09 16:10 - 2014-03-09 16:10 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-03-09 16:09 - 2014-03-09 16:09 - 03185096 _____ () C:\Users\newuser\Downloads\advisorinstaller.exe
2014-03-09 15:58 - 2014-03-09 15:57 - 11687960 _____ (Bitcoin project) C:\Users\newuser\Downloads\bitcoin-0.8.6-win32-setup.exe
2014-03-09 15:51 - 2014-03-09 15:51 - 68088313 _____ (butterflylabs) C:\Users\newuser\Downloads\easyminer.exe
2014-03-09 15:40 - 2014-03-09 15:40 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-09 15:40 - 2014-03-09 15:40 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\Malwarebytes
2014-03-09 15:40 - 2014-03-09 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-09 15:40 - 2014-03-09 15:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 15:39 - 2014-03-09 15:39 - 07731626 _____ (Igor Pavlov) C:\Users\newuser\Downloads\guiminer-20121203.exe
2014-03-09 15:33 - 2014-03-09 15:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\newuser\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-09 15:05 - 2014-03-08 00:45 - 00045430 _____ () C:\Windows\PFRO.log
2014-03-09 15:00 - 2014-03-09 15:00 - 00080456 _____ (Malwarebytes Corporation) C:\Users\newuser\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-09 14:48 - 2014-03-09 14:48 - 00001668 _____ () C:\Users\newuser\Desktop\attach.zip
2014-03-09 14:26 - 2014-03-09 14:26 - 00688992 ____R (Swearware) C:\Users\newuser\Downloads\dds.com
2014-03-09 14:21 - 2014-03-09 14:21 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-09 14:21 - 2014-03-09 14:21 - 00000000 ____D () C:\Users\newuser\AppData\Local\VS Revo Group
2014-03-09 14:21 - 2014-03-09 14:21 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-09 14:21 - 2014-03-09 14:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-08 10:44 - 2014-03-08 10:44 - 00000632 _____ () C:\Users\Zoe2\Desktop\JRT.txt
2014-03-08 10:41 - 2014-03-08 10:41 - 01037734 _____ (Thisisu) C:\Users\Zoe2\Downloads\JRT.exe
2014-03-08 10:37 - 2014-03-08 10:37 - 00000000 ____D () C:\Users\Zoe2\AppData\Roaming\Malwarebytes
2014-03-08 10:36 - 2014-03-08 10:36 - 00667272 _____ ( ) C:\Users\Zoe2\Downloads\ZipSetup.exe
2014-03-08 00:45 - 2014-03-07 20:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-07 23:53 - 2014-03-07 23:53 - 00000000 ____D () C:\Windows\ERUNT
2014-03-07 23:52 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\newuser\AppData\Local\Avg2014
2014-03-07 23:49 - 2014-03-07 20:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-07 23:39 - 2014-03-07 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 23:39 - 2014-03-07 22:57 - 00000000 ____D () C:\Users\newuser\Desktop\mbar
2014-03-07 22:58 - 2014-03-07 22:58 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-03-07 22:43 - 2014-01-10 01:46 - 00000000 ____D () C:\Users\newuser\AppData\Local\NPE
2014-03-07 22:03 - 2014-03-07 22:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 21:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-07 21:05 - 2013-12-30 22:26 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\Azureus
2014-03-07 21:05 - 2013-09-13 21:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-07 21:04 - 2014-03-07 21:04 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-07 21:04 - 2014-03-07 21:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-07 21:04 - 2014-03-07 21:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-07 21:04 - 2014-01-04 00:36 - 00000000 ____D () C:\Windows\Minidump
2014-03-07 21:04 - 2013-09-07 04:42 - 00000000 ____D () C:\Windows\Panther
2014-03-07 21:03 - 2014-03-07 21:03 - 04765152 _____ (Piriform Ltd) C:\Users\newuser\Downloads\ccsetup411.exe
2014-03-07 20:41 - 2014-03-07 20:41 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\TuneUp Software
2014-03-07 20:41 - 2014-03-07 20:41 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\AVG2014
2014-03-07 20:39 - 2014-03-07 20:39 - 04462384 _____ (AVG Technologies) C:\Users\newuser\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-07 20:39 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\newuser\AppData\Local\MFAData
2014-03-07 20:27 - 2013-09-13 21:13 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\Apple Computer
2014-03-07 20:18 - 2014-02-04 11:04 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ·
2014-03-07 00:37 - 2013-09-13 21:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-04 02:10 - 2013-09-13 21:06 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 19:39 - 2013-09-13 20:57 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\vlc
2014-03-02 12:59 - 2014-02-23 20:51 - 00001905 _____ () C:\Users\Public\Desktop\LOL Recorder.lnk
2014-02-24 13:47 - 2014-02-23 20:51 - 00000000 ____D () C:\Users\newuser\Documents\LOLReplay
2014-02-16 04:02 - 2013-09-07 05:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 04:00 - 2013-09-07 05:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 04:14 - 2013-09-13 13:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-14 04:08 - 2013-12-22 22:50 - 00774200 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 04:04 - 2009-07-13 19:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-11 19:58 - 2014-02-11 19:58 - 00000000 ____D () C:\Program Files (x86)\AirPort
2014-02-11 19:58 - 2013-09-13 21:11 - 00000000 ____D () C:\Users\newuser\AppData\Local\Apple
2014-02-11 19:58 - 2013-09-13 21:11 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-11 07:02 - 2013-09-13 21:05 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 07:02 - 2013-09-13 21:05 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Files to move or delete:
====================
C:\ProgramData\DT0001.dat
 
 
Some content of TEMP:
====================
C:\Users\newuser\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 02:40
 
==================== End Of Log ============================

Edited by ZoeMeow, 11 March 2014 - 05:07 PM.


#5 ZoeMeow

ZoeMeow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 11 March 2014 - 05:09 PM

I can't attach things, whenever I click attach (i've tried both of them) google chrome freezes 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 12 March 2014 - 08:35 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM-x32\...\Run: [] - [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: Sense - {11111111-1111-1111-1111-110411821192} - C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
CHR HomePage: hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Any remaining problems?

#7 ZoeMeow

ZoeMeow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 12 March 2014 - 03:04 PM

Here's the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by newuser at 2014-03-12 12:49:50 Run:1
Running from C:\Users\newuser\Desktop\Virus stuffs
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] - [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: Sense - {11111111-1111-1111-1111-110411821192} - C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
CHR HomePage: hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
 
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311551110} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411821192} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411821192} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key deleted successfully.
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
CHR HomePage: hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch" ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
AntiLog32 => Service deleted successfully.
EraserUtilDrv11312 => Unable to stop service
EraserUtilDrv11312 => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
the second one never popped up i'll have to rerun


#8 ZoeMeow

ZoeMeow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 12 March 2014 - 03:09 PM

Yeah the security check one the log never opened up after I couldn't find it anywhere on my computer either I ran it twice



#9 ZoeMeow

ZoeMeow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 12 March 2014 - 07:49 PM

Oh and MBAM starts up now though thank you :)



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 13 March 2014 - 09:57 AM

After a restart of the computer run the SecurityCheck tool.
Post the log if you can.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 19 March 2014 - 07:33 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users