Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads playing in background


  • This topic is locked This topic is locked
9 replies to this topic

#1 obnoxioustopic

obnoxioustopic

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 24 March 2014 - 01:53 AM

Ive run a few programs (Combofix, Adw) and haven't solved the problem yet. The ads run while i have no programs open.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.51.2
Run by Marcus Booker at 2:45:11 on 2014-03-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.550 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Windows\system32\taskeng.exe
C:\Users\Marcus Booker\AppData\Local\GCC\Controller.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Desura\desura.exe
C:\Windows\system32\taskeng.exe
C:\Users\Marcus Booker\AppData\Local\GCC\Controller.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\MARCUS~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\MARCUS~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\MARCUS~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\MARCUS~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Users\MARCUS~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\MARCUS~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\norton security suite\engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\norton security suite\engine\21.1.0.18\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.13.1211.1\NativeBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\norton security suite\engine\21.1.0.18\CoIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Desura] c:\program files\desura\desura.exe -autostart
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00D09647-DCA2-4491-B11A-CCD148CDEDFC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5C2514D0-BAB5-430F-8C89-8987C9D7DBC1} : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marcus booker\appdata\roaming\mozilla\firefox\profiles\2imt7m11.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\webzen\webzengamestarter\NPGameWebStarter.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\marcus booker\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\marcus booker\appdata\roaming\mozilla\firefox\profiles\2imt7m11.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}\plugins\npPriceGong_FF.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2010-12-10 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-2-11 15672]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1501000.012\SymDS.sys [2014-2-9 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1501000.012\SymEFA.sys [2014-2-9 935512]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-12-5 80104]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\norton security suite\nortondata\21.1.0.18\definitions\bashdefs\20140214.001\BHDrvx86.sys [2014-2-18 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1501000.012\ccSetx86.sys [2014-2-9 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton security suite\norton security suite\nortondata\21.1.0.18\definitions\ipsdefs\20140311.001\IDSvix86.sys [2014-3-11 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1501000.012\Ironx86.sys [2014-2-9 206936]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1501000.012\symtdiv.sys [2014-2-9 383576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-4-28 24328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2014-2-26 1678672]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-12 9216]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2013-12-11 41024]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2014-2-26 375056]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2010-12-7 104880]
R2 N360;Norton Security Suite;c:\program files\norton security suite\norton security suite\engine\21.1.0.18\N360.exe [2014-2-9 264360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-4 2271608]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2008-1-1 1074944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-2-10 108120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S2 916e5338;WS.Supporter;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2013-6-1 32064]
S3 BEService;BattlEye Service;c:\program files\common files\battleye\BEService.exe [2013-3-26 49152]
S3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe [2013-5-12 938776]
S3 CLNUIDriver;CLNUIDriver;c:\windows\system32\drivers\CLNUIDriver.sys [2010-12-10 23744]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-9-10 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-2-19 88576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-7-10 81168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-6-1 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-6-1 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-6-1 153672]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-2-19 184192]
.
=============== Created Last 30 ================
.
2014-03-24 05:42:04 -------- d-----w- C:\AdwCleaner
2014-03-24 04:38:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-24 04:11:56 256000 ----a-w- c:\windows\PEV.exe
2014-03-24 04:11:56 208896 ----a-w- c:\windows\MBR.exe
2014-03-24 04:11:55 98816 ----a-w- c:\windows\sed.exe
2014-03-24 04:00:53 -------- d-----w- C:\N360_BACKUP
2014-03-23 23:03:49 -------- d-----w- c:\users\marcus booker\appdata\local\GCC
2014-03-23 23:02:05 -------- d-----w- c:\program files\PacFunction
2014-03-23 00:17:31 -------- d-----w- c:\program files\IObit Toolbar
2014-03-07 08:23:20 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-03-04 08:02:45 -------- d-----r- c:\program files\Skype
2014-02-25 08:06:02 -------- d-----w- c:\windows\Migration
.
==================== Find3M  ====================
.
2014-03-12 03:43:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 03:43:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-13 15:44:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-10 03:14:49 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-23 03:21:04 88576 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-23 03:21:04 184192 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-06 00:13:52 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2004-03-17 23:55:54 942080 ----a-w- c:\program files\cg.dll
2004-03-17 23:55:54 176128 ----a-w- c:\program files\cgGL.dll
.
============= FINISH:  2:48:01.46 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:23 AM

Posted 24 March 2014 - 02:13 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 obnoxioustopic

obnoxioustopic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 24 March 2014 - 09:02 AM

Hello Georgi, i think i may have run FSS incorrectly because im having trouble finding my Addition.txt file

 

 

Farbar Service Scanner Version: 25-02-2014
Ran by Marcus Booker (administrator) on 24-03-2014 at 09:57:48
Running from "C:\Users\Marcus Booker\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:23 AM

Posted 24 March 2014 - 02:47 PM

Hello,

 

 

Hello Georgi, i think i may have run FSS incorrectly because im having trouble finding my Addition.txt file

 

FRST is not the same as FSS... Please run FRST (Farbar Recovery Scan Tool) as described above and post back the results in your next reply. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#5 obnoxioustopic

obnoxioustopic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 24 March 2014 - 06:14 PM

Whoops :S
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Marcus Booker at 2014-03-24 19:05:00
Running from C:\Users\Marcus Booker\Desktop\sdklfjh\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29420 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
AMCap (HKLM\...\AMCap) (Version: 9.20.132.2 - Noël Danjou)
AntiLogger SDK version 1.6.6.296 (HKLM\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.6.6.296 - Zemana Ltd.)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version:  - )
ARMA 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
Ask Toolbar (HKLM\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - )
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.6.1 - BitRaider, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® - World at War™ 1.1 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.2 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.4 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.5 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.6 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.7 Patch (Version:  - ) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CBR Reader (HKLM\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
CL NUI Platform (HKLM\...\CL NUI Platform) (Version: 1.0.0.1210 - Code Laboratories, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Constant Guard Protection Suite (HKLM\...\ID Vault) (Version: 1.13.1211.1 - Comcast)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1126 - CyberLink Corp.)
Desura (HKLM\...\Desura) (Version: 100.53 - Desura)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
FL Studio 9 (HKLM\...\FL Studio 9) (Version:  - Image-Line)
GamersFirst LIVE! (HKLM\...\GamersFirst LIVE!) (Version:  - GamersFirst)
GigaClicks Crawler (HKLM\...\GigaClicks Crawler) (Version: 22.0.0.67 - GigaClicks Inc.) <==== ATTENTION
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hardcore (HKLM\...\Hardcore) (Version:  - Image-Line)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4708.19 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}) (Version: 5.6.0.2499 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Demo (HKLM\...\{9A379E7A-22ED-44FF-9293-E393D704505D}) (Version: 4.1.0 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}) (Version: 5.6.0.2542 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IObit Toolbar v8.9 (HKLM\...\{82D1893E-E8C5-4DB8-9CE8-7E9E43630809}) (Version: 8.9 - Spigot, Inc.) <==== ATTENTION
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Java™ SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
Killing Floor Beta Dedicated Server (HKLM\...\Steam App 1273) (Version:  - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2329 - CyberLink Corp.)
LightScribe System Software  1.10.23.1 (HKLM\...\{0E19A83E-F53B-40CF-8C91-96F32D955E6A}) (Version: 1.10.23.1 - http://www.lightscribe.com)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Marvel Heroes (HKLM\...\marvelheroesbeta) (Version: 1.9.0.645 - Gazillion Entertainment)
Marvel Heroes (HKLM\...\Steam App 226320) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.189.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.135 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Beta Cracked (HKLM\...\Minecraft Beta Cracked) (Version:  - )
MotioninJoy ds3 driver version 0.5.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.5.000 - www.motioninjoy.com)
Mozilla Firefox 15.0 (x86 en-US) (HKLM\...\Mozilla Firefox 15.0 (x86 en-US)) (Version: 15.0 - Mozilla)
Mozilla Firefox 17.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
muvee autoProducer 6.1 (HKLM\...\{5115C036-C0D5-4E1B-81C9-542CA967478A}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Norton Security Suite (HKLM\...\N360) (Version: 21.1.0.18 - Symantec Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Path of Exile (HKLM\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.1.22906 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r4600) (Version:  - )
Pidgin (HKLM\...\Pidgin) (Version: 2.9.0 - )
Play withSIX (HKLM\...\{42DCB650-F003-4535-A5CD-32AD815CD2DD}) (Version: 1.20.0370 - SIX Networks)
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line)
Portal (HKLM\...\{A944C55A-ECF0-42A9-B66C-0225C6428720}) (Version: 1.0.0 - freedompeace)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3610 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2420 - CyberLink Corp.)
PowerDirector (Version: 6.5.2420 - CyberLink Corp.) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Quake Live Mozilla Plugin (HKLM\...\{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}) (Version: 1.0.401 - id Software)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RE:CB Beta 2 2.0 (HKLM\...\RE:CB Beta 2) (Version: 2.0 - RE:CB Team)
REACTOR (HKLM\...\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}) (Version: 1.00.0000 - ijji)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
RESIDENT EVIL2 (HKLM\...\RESIDENT EVIL2) (Version:  - )
Sakura (HKLM\...\Sakura) (Version:  - Image-Line)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
ScanWiz (HKLM\...\ScanWiz) (Version: 2.20 - Softi Software)
Six Updater (HKLM\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7038 - Six Projects)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.3 - IObit)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Supercade (HKCU\...\e8832ac51266356d) (Version: 2.0.0.80 - Supercade)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10462 - TeamViewer GmbH)
The War Z version alpha (HKLM\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: alpha - Arktos Entertainment Group LLC)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
UE3Redist (HKCU\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE3Redist (Version: 1.00.0000 - Epic Games) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
Webzen Game Starter (HKLM\...\{255FC1CF-2620-4B64-BE02-79B9E609BB3D}) (Version: 1.01.1015 - WEBZEN)
WinRAR 4.00 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.2 - win.rar GmbH)
XBox Audio Driver 0.2 (HKLM\...\XBox Audio Driver) (Version: 0.2 - Redcl0ud)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
YTD Toolbar v8.9 (HKLM\...\{DA36FB9E-9020-47E6-9BDE-B33A6E36F0F4}) (Version: 8.9 - Spigot, Inc.)
YTD YouTube Downloader & Converter 3.7 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
 
==================== Restore Points  =========================
 
10-03-2014 03:43:46 Scheduled Checkpoint
14-03-2014 01:43:21 Scheduled Checkpoint
17-03-2014 04:11:39 Scheduled Checkpoint
18-03-2014 15:16:57 Scheduled Checkpoint
20-03-2014 17:22:30 Scheduled Checkpoint
23-03-2014 20:25:12 Scheduled Checkpoint
24-03-2014 04:03:40 Removed Ask Toolbar
24-03-2014 04:55:30 Restore Operation
24-03-2014 06:43:48 Removed IObit Toolbar v8.9.
24-03-2014 07:00:14 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 06:23 - 2014-03-24 00:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {09286208-4AFC-4E85-BE2E-F30C349E5C84} - System32\Tasks\ca122c80 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2907068672.exe <==== ATTENTION
Task: {0EFC1F10-2A61-48DC-B089-400D6D381ECB} - System32\Tasks\bffa4300 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2443969408.exe <==== ATTENTION
Task: {1CA7CE53-E102-4A29-8E5C-3FFBC5D10D06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22141071-687A-4F19-993B-D2031E6CBA12} - System32\Tasks\2eab9280 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup65876096.exe <==== ATTENTION
Task: {22326B65-DDEC-4B9D-AADD-572D53A2CF0B} - System32\Tasks\aa766500 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1059165824.exe <==== ATTENTION
Task: {2909FB05-0E56-4709-B5B7-165E2B884134} - System32\Tasks\8e132300 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup710338816.exe <==== ATTENTION
Task: {2AA2E9C9-C13C-4020-88B2-D6111492F698} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3256E3A6-91D8-4978-BFD3-362DF046911C} - System32\Tasks\53492500 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup826342528.exe <==== ATTENTION
Task: {3274927F-E2A9-4ACD-BCAA-1A4FB64377BF} - System32\Tasks\90678880 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2545271552.exe <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {43EF26BA-C396-47E0-ABC4-63AC3793879B} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {49382C3E-9682-4B06-BD7A-2074C7424E73} - System32\Tasks\24ebfb80 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup4077772416.exe <==== ATTENTION
Task: {4BEE95E7-8BA8-4597-99C9-0A6F6344A2EC} - System32\Tasks\c0ffc380 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2798787200.exe <==== ATTENTION
Task: {4F11574A-2A61-4F05-834B-AD2A35526B24} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)
Task: {5ADE5230-8958-4F2E-8D13-85186EB98152} - System32\Tasks\b149e800 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1471938048.exe <==== ATTENTION
Task: {603DD49B-86F1-437C-9559-57F6CEFCB6A4} - System32\Tasks\6e01bc00 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup3486989312.exe <==== ATTENTION
Task: {61669CED-6ABD-42C6-99DD-D3EA2DD6546D} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {65928A5D-9B82-4DBF-89FA-D8C135DB47D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-08] (Google Inc.)
Task: {65C776B4-6DAE-40F9-8064-2D1E4B813550} - System32\Tasks\e2d62280 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1785364352.exe <==== ATTENTION
Task: {6F0C5ABA-8C63-45AB-97B8-FEDEB4022A7E} - System32\Tasks\d732f400 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2654280704.exe <==== ATTENTION
Task: {6F3CEEB8-9C8F-46F1-A785-F680E465D88E} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-03-11] ()
Task: {78D52B2E-8BA1-41C5-BDF2-CBDD1E884D17} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {791EDEC1-7B05-421B-B1CE-B1FBA8DDE1B3} - System32\Tasks\be9cd080 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1464908032.exe <==== ATTENTION
Task: {7AE943C4-CF30-4BF6-B475-21718A78E7D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {82548AD3-2380-46BC-9FAE-D3FD1306ED73} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {84EB8A9C-9BC8-4A15-A139-F24C5A95212D} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {85EB8F2E-59E5-45D6-8658-2261335DE518} - System32\Tasks\99552880 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1078494976.exe <==== ATTENTION
Task: {8929EC24-F092-4267-9ABD-F527B0B445D2} - System32\Tasks\f49dd800 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup3147825152.exe <==== ATTENTION
Task: {8CB1A1EF-0EC6-45A8-ACA1-9E4005C0B800} - System32\Tasks\4ae43200 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup729428992.exe <==== ATTENTION
Task: {92B7827B-CA54-4528-8092-E9203E511274} - System32\Tasks\614b0880 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1105267328.exe <==== ATTENTION
Task: {955F1722-45BB-4C7C-8CFD-ADC3EC942B7C} - System32\Tasks\5d827d00 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1867080064.exe <==== ATTENTION
Task: {A8FDB88A-F375-40B6-AD1D-B4C3D281BA43} - System32\Tasks\c2d28800 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2741537280.exe <==== ATTENTION
Task: {B33FD4F9-606D-48AE-B477-01FDAC35D678} - System32\Tasks\d9b78800 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2510763776.exe <==== ATTENTION
Task: {BA7E9096-D159-43FC-ABA4-171CDA428B32} - System32\Tasks\d82db080 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2610952960.exe <==== ATTENTION
Task: {BBC300A0-F878-46FF-8875-1F3C81070CF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-08] (Google Inc.)
Task: {C6CD4CE3-8551-47F9-B88A-99C37A87B071} - System32\Tasks\b2424e80 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2595409920.exe <==== ATTENTION
Task: {D1790532-2756-4A93-B337-5E8B9112698B} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {D8EBB40A-A7AD-4E90-B076-05004BBA84BA} - System32\Tasks\8b1d6180 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup1806918528.exe <==== ATTENTION
Task: {DFB38789-F9D8-4217-BE17-7FD36F139CA9} - System32\Tasks\29281580 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup3946281984.exe <==== ATTENTION
Task: {E271E3EC-2E4E-4A50-9C8D-8239D7517D6B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E5D57FB0-54D3-443B-A30C-3878F4557AAD} - System32\Tasks\b5ad8880 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup2390688768.exe <==== ATTENTION
Task: {FEF662F7-20A2-498E-BF93-7860D6E2919F} - System32\Tasks\7b79a680 => C:\Users\MARCUS~1\AppData\Local\Temp\\setup139090048.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-22 08:45 - 2014-03-22 08:45 - 00493568 _____ () C:\Users\Marcus Booker\AppData\Local\GCC\Controller.exe
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-26 04:31 - 2014-02-26 04:31 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\cf9246fb1ed8c05fce3836cdb35f053f\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-26 04:31 - 2014-02-26 04:31 - 15006720 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\14dacc1445d972bfc5577910a37bb195\Kies.Theme.ni.dll
2014-02-26 04:30 - 2014-02-26 04:30 - 01865216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\98909010929be21910ade00c5870963b\Kies.UI.ni.dll
2014-02-26 04:30 - 2014-02-26 04:30 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d65590d28fd6038f1ac764560578e924\Kies.MVVM.ni.dll
2014-02-26 04:31 - 2014-02-26 04:31 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2010-12-17 00:18 - 2010-12-15 13:17 - 00139264 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2013-12-11 15:57 - 2013-12-11 15:57 - 00549272 _____ () C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
2011-07-14 23:37 - 2012-08-09 17:41 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2011-07-14 23:38 - 2012-10-30 02:08 - 00107832 _____ () C:\Windows\system32\PnkBstrB.exe
2014-03-15 13:02 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 13:02 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 13:02 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 13:02 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-24 19:03 - 2014-03-24 19:03 - 00070144 _____ () C:\Users\Marcus Booker\AppData\Local\Temp\{959A322C-3DCF-466F-9685-217E7C36F0DB}\{2EF46B9C-BEC7-425E-AF73-4C98E43D378A}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll
2014-03-23 19:06 - 2013-12-03 22:48 - 04055504 _____ () C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\31.0.1650.63\pdf.dll
2014-03-23 19:06 - 2013-12-03 22:48 - 00399312 _____ () C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll
2014-03-23 19:06 - 2013-12-03 22:47 - 01619408 _____ () C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll
2013-08-13 08:15 - 2013-08-13 08:15 - 00206336 _____ () C:\Users\Marcus Booker\AppData\Local\Temp\{959A322C-3DCF-466F-9685-217E7C36F0DB}\{2EF46B9C-BEC7-425E-AF73-4C98E43D378A}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:75D366A3
AlternateDataStreams: C:\ProgramData\TEMP:D06A4C76
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk => C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desura => C:\Program Files\Desura\desura.exe -autostart
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DS3 Tool => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
MSCONFIG\startupreg: HP Software Update => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: hpsysdrv => c:\hp\support\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: OsdMaestro => "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "c:\Users\Marcus Booker\Desktop\Downloads\utorrent.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2014 02:38:54 PM) (Source: IDVault) (User: )
Description: IsStartupTypeAutomatic failed for W32TimeCall was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
 
Error: (03/24/2014 02:38:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2014 00:41:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2014 04:43:42 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MARCUS BOOKER\DOCUMENTS\OPTIMIZER PRO\COOKIESEXCEPTION.TXT> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/24/2014 04:10:37 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\UNINSTALL.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/24/2014 04:10:37 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\TORNTV.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/24/2014 04:10:36 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MYPC BACKUP\UNINSTALL.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/24/2014 04:10:36 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MYPC BACKUP\MYPC BACKUP.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/24/2014 04:08:29 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\UNINSTALL.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/24/2014 04:08:29 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\TORNTV.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (03/24/2014 02:43:11 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (03/24/2014 02:43:11 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (03/24/2014 02:41:01 PM) (Source: Service Control Manager) (User: )
Description: Diagnostic Service Host
 
Error: (03/24/2014 02:38:44 PM) (Source: Service Control Manager) (User: )
Description: 30000WS.Supporter
 
Error: (03/24/2014 02:38:44 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (03/24/2014 00:44:10 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (03/24/2014 00:44:10 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (03/24/2014 00:41:29 PM) (Source: Service Control Manager) (User: )
Description: 30000WS.Supporter
 
Error: (03/24/2014 00:41:29 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (03/24/2014 00:40:29 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:37:32 PM on 3/24/2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (03/24/2014 02:38:54 PM) (Source: IDVault)(User: )
Description: IsStartupTypeAutomatic failed for W32TimeCall was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
 
Error: (03/24/2014 02:38:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2014 00:41:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2014 04:43:42 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\MARCUS BOOKER\DOCUMENTS\OPTIMIZER PRO\COOKIESEXCEPTION.TXT
 
Error: (03/24/2014 04:10:37 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\UNINSTALL.LNK
 
Error: (03/24/2014 04:10:37 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\TORNTV.LNK
 
Error: (03/24/2014 04:10:36 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MYPC BACKUP\UNINSTALL.LNK
 
Error: (03/24/2014 04:10:36 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MYPC BACKUP\MYPC BACKUP.LNK
 
Error: (03/24/2014 04:08:29 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\UNINSTALL.LNK
 
Error: (03/24/2014 04:08:29 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\MARCUS BOOKER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM\TORNTV.LNK
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-24 19:04:14.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 19:04:13.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 19:04:13.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 19:04:13.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 19:04:05.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 19:04:04.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 19:04:04.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 19:04:04.016
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 00:18:10.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-24 00:18:09.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 68%
Total physical RAM: 3069.77 MB
Available physical RAM: 965.57 MB
Total Pagefile: 6344.04 MB
Available Pagefile: 3812.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.04 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:326.01 GB) (Free:30.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.34 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 335 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:23 AM

Posted 24 March 2014 - 06:47 PM

Hello,

 

Now you posted and attached the Addition.txt log twice but I need to see the other log called FRST.txt as well. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 obnoxioustopic

obnoxioustopic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 24 March 2014 - 08:43 PM

-_- Im sorry for all of the silly mistakes, im usually very tired from work when i get time with my pc. No more time wasting i promise!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Marcus Booker (administrator) on MARCUSBOOKER-PC on 24-03-2014 19:09:05
Running from C:\Users\Marcus Booker\Desktop\sdklfjh\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Users\Marcus Booker\AppData\Local\GCC\Controller.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(White Sky, Inc.) C:\Program Files\Constant Guard Protection Suite\IDVault.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(White Sky, Inc.) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\N360.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PnkBstrB.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Desura Pty Ltd) C:\Program Files\Desura\desura.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Users\Marcus Booker\AppData\Local\GCC\Controller.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Marcus Booker\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\S-1-5-21-2881062401-3535141811-4260811173-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2881062401-3535141811-4260811173-1000\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [801112 2013-06-02] (BitTorrent Inc.)
HKU\S-1-5-21-2881062401-3535141811-4260811173-1000\...\Run: [Desura] - C:\Program Files\Desura\desura.exe [2529096 2014-02-06] (Desura Pty Ltd)
HKU\S-1-5-21-2881062401-3535141811-4260811173-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2881062401-3535141811-4260811173-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {26CB47D4-8ADB-46B5-827F-EAD248755946} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {C1945B5D-F2CA-48B5-A0FC-7B502CA39F60} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {26CB47D4-8ADB-46B5-827F-EAD248755946} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {90EC50EF-535A-4C5D-864B-88102722B500} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {C1945B5D-F2CA-48B5-A0FC-7B502CA39F60} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default
FF SearchEngineOrder.1: Secure Search
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @Webzen.com/NPGameWebStarter - C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcus Booker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll (NHN USA Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: 1Click Downloader - C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012-05-12]
FF Extension: Ask Toolbar - C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default\Extensions\toolbar@ask.com.xpi [2014-02-08]
FF Extension: Torntv - C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default\Extensions\torntv@torntv.com.xpi [2012-11-20]
FF Extension: Easy YouTube Video Downloader - C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-10-03]
FF Extension: Adblock Plus - C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-27]
FF Extension: Greasemonkey - C:\Users\Marcus Booker\AppData\Roaming\Mozilla\Firefox\Profiles\2imt7m11.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-12-07]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-01]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-02-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{04F239CD-8EE3-4388-9236-2754B45AE6EF}] - C:\Users\Marcus Booker\AppData\Local\{04F239CD-8EE3-4388-9236-2754B45AE6EF}
FF Extension: XULRunner - C:\Users\Marcus Booker\AppData\Local\{04F239CD-8EE3-4388-9236-2754B45AE6EF} [2011-06-03]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ijji Auto Install Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll (NHN USA Inc.)
CHR Plugin: (ijji Web Launching Plugin for FF) - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java™ Platform SE 7 U4) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (NPGameWebStarter) - C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (Unity Player) - C:\Users\Marcus Booker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-01]
CHR Extension: (Adblock Plus) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-09-02]
CHR Extension: (Google Search) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-01]
CHR Extension: (SiteAdvisor) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-01]
CHR Extension: (Norton Identity Protection) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-06-01]
CHR Extension: (Gmail) - C:\Users\Marcus Booker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-01]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-02-09]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
========================== Services (Whitelisted) =================
 
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-03-26] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-12] (BitRaider, LLC)
S3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2014-02-06] (Desura Pty Ltd)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1678672 2014-02-26] (LogMeIn Inc.)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 IDVaultSvc; C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe [41024 2013-12-11] (White Sky, Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-02-26] (LogMeIn, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
R2 N360; C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4005936 2011-06-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-08-09] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2012-10-30] ()
S2 916e5338; "C:\Windows\system32\rundll32.exe" "c:\progra~1\WSSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog32.sys [80104 2014-01-05] (Zemana Ltd.)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2014-01-21] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
S3 CLNUIDriver; C:\Windows\System32\DRIVERS\CLNUIDriver.sys [23744 2010-12-10] (Code Laboratories, Inc.)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-02-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-02-09] (Symantec Corporation)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140311.001\IDSvix86.sys [395992 2014-03-06] (Symantec Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [81168 2011-01-01] (MotioninJoy)
R3 NAVENG; C:\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.032\NAVENG.SYS [93272 2014-02-12] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.032\NAVEX15.SYS [1612376 2014-02-12] (Symantec Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
R1 SRTSP; C:\Windows\system32\drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-02-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360\1501000.012\SYMTDIV.SYS [383576 2013-09-25] (Symantec Corporation)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 BRDriver; \??\C:\programdata\bitraider\BRDriver.sys [X]
S3 catchme; \??\C:\Users\MARCUS~1\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-24 19:03 - 2014-03-24 19:09 - 00000000 ____D () C:\FRST
2014-03-24 12:40 - 2014-03-24 12:40 - 00154208 _____ () C:\Windows\Minidump\Mini032414-01.dmp
2014-03-24 09:57 - 2014-03-24 09:57 - 00002642 _____ () C:\Users\Marcus Booker\Desktop\FSS.txt
2014-03-24 09:55 - 2014-03-24 09:55 - 00409600 _____ (Farbar) C:\Users\Marcus Booker\Desktop\FSS.exe
2014-03-24 03:09 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-24 03:09 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-24 03:09 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-24 03:09 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-24 03:09 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-24 03:09 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-24 03:09 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-24 03:09 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-24 03:09 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-24 03:08 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-24 03:08 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-24 03:08 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-24 03:08 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-24 03:08 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-24 03:08 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-24 03:08 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-24 02:50 - 2014-03-24 02:50 - 00005635 _____ () C:\Users\Marcus Booker\Documents\Attach.txt
2014-03-24 02:49 - 2014-03-24 02:49 - 00018045 _____ () C:\Users\Marcus Booker\Documents\DDS.txt
2014-03-24 02:48 - 2014-03-24 02:48 - 00018045 _____ () C:\Users\Marcus Booker\Desktop\dds.txt
2014-03-24 02:48 - 2014-03-24 02:48 - 00005635 _____ () C:\Users\Marcus Booker\Desktop\attach.txt
2014-03-24 02:43 - 2012-02-11 20:39 - 00001240 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-03-24 01:42 - 2014-03-24 01:54 - 00000000 ____D () C:\AdwCleaner
2014-03-24 01:27 - 2014-02-07 06:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-24 01:27 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-24 01:27 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-24 01:27 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-24 00:37 - 2014-03-24 00:37 - 00025190 _____ () C:\ComboFix.txt
2014-03-24 00:11 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 00:11 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 00:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 00:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 00:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 00:11 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 00:11 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 00:11 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 00:10 - 2014-03-24 00:38 - 00000000 ____D () C:\Qoobox
2014-03-24 00:08 - 2014-03-24 00:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 00:00 - 2014-03-24 00:00 - 00000000 ____D () C:\N360_BACKUP
2014-03-23 23:56 - 2014-03-23 23:57 - 00000810 _____ () C:\Users\Marcus Booker\Desktop\Norton Installation Files.lnk
2014-03-23 19:03 - 2014-03-24 01:13 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Local\GCC
2014-03-23 19:03 - 2014-03-23 19:03 - 00001756 _____ () C:\Users\Marcus Booker\Desktop\Sync Folder.lnk
2014-03-23 19:02 - 2014-03-23 19:02 - 00000000 ____D () C:\Program Files\PacFunction
2014-03-22 20:17 - 2014-03-22 20:17 - 00000000 ____D () C:\Program Files\IObit Toolbar
2014-03-12 03:12 - 2014-03-12 03:12 - 00161304 _____ () C:\Windows\Minidump\Mini031214-01.dmp
2014-03-07 04:23 - 2014-03-07 04:23 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-03-04 04:02 - 2014-03-04 04:02 - 00000000 ___RD () C:\Program Files\Skype
2014-03-04 04:02 - 2014-03-04 04:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
 
==================== One Month Modified Files and Folders =======
 
2014-03-24 19:09 - 2014-03-24 19:03 - 00000000 ____D () C:\FRST
2014-03-24 19:09 - 2011-04-04 18:53 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Roaming\uTorrent
2014-03-24 19:04 - 2010-12-08 15:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 18:43 - 2012-04-10 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 18:37 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 18:37 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 14:44 - 2010-12-07 21:11 - 01058261 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 14:43 - 2013-12-05 22:05 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Roaming\ID Vault
2014-03-24 14:39 - 2012-05-27 22:05 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Local\LogMeIn Hamachi
2014-03-24 14:37 - 2010-12-08 15:50 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 14:37 - 2008-03-11 04:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-24 14:37 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 14:35 - 2006-11-02 09:01 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-24 12:40 - 2014-03-24 12:40 - 00154208 _____ () C:\Windows\Minidump\Mini032414-01.dmp
2014-03-24 12:40 - 2010-12-07 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-03-24 12:39 - 2013-09-20 14:43 - 424288977 _____ () C:\Windows\MEMORY.DMP
2014-03-24 09:57 - 2014-03-24 09:57 - 00002642 _____ () C:\Users\Marcus Booker\Desktop\FSS.txt
2014-03-24 09:55 - 2014-03-24 09:55 - 00409600 _____ (Farbar) C:\Users\Marcus Booker\Desktop\FSS.exe
2014-03-24 03:36 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-03-24 03:20 - 2011-06-09 17:25 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Local\CrashDumps
2014-03-24 03:15 - 2006-11-02 08:47 - 00288272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 03:14 - 2012-05-11 22:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-24 03:07 - 2013-08-15 13:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-24 03:01 - 2006-11-02 06:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-24 02:50 - 2014-03-24 02:50 - 00005635 _____ () C:\Users\Marcus Booker\Documents\Attach.txt
2014-03-24 02:49 - 2014-03-24 02:49 - 00018045 _____ () C:\Users\Marcus Booker\Documents\DDS.txt
2014-03-24 02:48 - 2014-03-24 02:48 - 00018045 _____ () C:\Users\Marcus Booker\Desktop\dds.txt
2014-03-24 02:48 - 2014-03-24 02:48 - 00005635 _____ () C:\Users\Marcus Booker\Desktop\attach.txt
2014-03-24 02:18 - 2014-01-29 22:47 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-24 02:16 - 2008-01-20 22:47 - 02764174 _____ () C:\Windows\PFRO.log
2014-03-24 01:54 - 2014-03-24 01:42 - 00000000 ____D () C:\AdwCleaner
2014-03-24 01:44 - 2014-01-29 22:47 - 00000000 ____D () C:\ProgramData\109707e13edef1eb
2014-03-24 01:13 - 2014-03-23 19:03 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Local\GCC
2014-03-24 01:13 - 2013-12-05 22:04 - 00000000 ____D () C:\Program Files\Constant Guard Protection Suite
2014-03-24 01:13 - 2012-01-12 16:13 - 00000000 ____D () C:\Program Files\Hi-Rez Studios
2014-03-24 01:08 - 2011-07-10 05:07 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Local\Apps\2.0
2014-03-24 01:05 - 2014-02-06 23:33 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-03-24 01:05 - 2011-04-04 18:53 - 00000000 ____D () C:\Program Files\uTorrent
2014-03-24 01:05 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-24 01:05 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-03-24 00:38 - 2014-03-24 00:10 - 00000000 ____D () C:\Qoobox
2014-03-24 00:37 - 2014-03-24 00:37 - 00025190 _____ () C:\ComboFix.txt
2014-03-24 00:37 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-03-24 00:37 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-03-24 00:36 - 2014-03-24 00:08 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 00:34 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 00:32 - 2010-12-08 15:54 - 00000000 ____D () C:\Users\Marcus Booker\AppData\Roaming\Adobe
2014-03-24 00:00 - 2014-03-24 00:00 - 00000000 ____D () C:\N360_BACKUP
2014-03-23 23:58 - 2011-06-08 21:12 - 00000000 ____D () C:\ProgramData\Norton
2014-03-23 23:57 - 2014-03-23 23:56 - 00000810 _____ () C:\Users\Marcus Booker\Desktop\Norton Installation Files.lnk
2014-03-23 19:27 - 2006-11-02 06:33 - 00794624 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 19:03 - 2014-03-23 19:03 - 00001756 _____ () C:\Users\Marcus Booker\Desktop\Sync Folder.lnk
2014-03-23 19:02 - 2014-03-23 19:02 - 00000000 ____D () C:\Program Files\PacFunction
2014-03-22 20:17 - 2014-03-22 20:17 - 00000000 ____D () C:\Program Files\IObit Toolbar
2014-03-15 13:02 - 2012-06-01 18:57 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 03:12 - 2014-03-12 03:12 - 00161304 _____ () C:\Windows\Minidump\Mini031214-01.dmp
2014-03-11 23:43 - 2012-04-10 15:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 23:43 - 2011-05-30 14:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-08 18:18 - 2006-11-02 08:52 - 00264627 _____ () C:\Windows\setupact.log
2014-03-07 04:23 - 2014-03-07 04:23 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-03-04 04:02 - 2014-03-04 04:02 - 00000000 ___RD () C:\Program Files\Skype
2014-03-04 04:02 - 2014-03-04 04:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-04 04:02 - 2011-09-04 02:33 - 00000000 ____D () C:\ProgramData\Skype
2014-02-26 09:33 - 2012-05-06 18:01 - 00000000 ____D () C:\Users\Marcus Booker\Desktop\IHLoader
2014-02-26 04:34 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-23 01:50 - 2014-03-24 03:08 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 01:47 - 2014-03-24 03:08 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 01:43 - 2014-03-24 03:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 01:41 - 2014-03-24 03:08 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 01:40 - 2014-03-24 03:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 01:39 - 2014-03-24 03:08 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 01:38 - 2014-03-24 03:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 01:38 - 2014-03-24 03:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 01:38 - 2014-03-24 03:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 01:37 - 2014-03-24 03:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 01:37 - 2014-03-24 03:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 01:37 - 2014-03-24 03:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 01:37 - 2014-03-24 03:08 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 01:36 - 2014-03-24 03:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 01:36 - 2014-03-24 03:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 01:35 - 2014-03-24 03:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
Files to move or delete:
====================
C:\Users\Marcus Booker\APB_Reloaded_Installer.exe
 
 
Some content of TEMP:
====================
C:\Users\Marcus Booker\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-24 14:46
 
==================== End Of Log ============================


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:23 AM

Posted 25 March 2014 - 01:24 PM

Hello,

 

No worries about the mistakes.

 

 

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case µTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software
 

 

 

STEP 1

 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Select the following program from the list:

 

GigaClicks Crawler

IObit Toolbar v8.9

 

and press the Uninstall button for each of them.

 

 

 

STEP 2

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:23 AM

Posted 29 March 2014 - 12:06 PM

Hello,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:23 AM

Posted 01 April 2014 - 05:12 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users