Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads playing in background,DCOM and Plug and Play Terminate unexpectadly


  • This topic is locked This topic is locked
20 replies to this topic

#1 bats1234

bats1234

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 27 March 2014 - 06:20 PM

Hello, i have gotten help before and they told me to start new topic and i did but it was about 7 days and no one replied so i decided to make one again.

First Help: http://www.bleepingcomputer.com/forums/t/528392/audio-ads-playing-in-background/

 

So audio ads play only when my computer is connected with my internet and Plug and play and DCOM terminate unexpectady and my computer restarts.

They told me i have been hit with Zekos.

Here is my attach.txt they told me attach the file and not copy and paste.

Please help me get rid of all of this. Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 28 March 2014 - 09:00 AM

Hi there,

please run the following scans:


Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

 

 

 

Step 2

  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 bats1234

bats1234
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 28 March 2014 - 04:24 PM

Hello, thanks for helping me on my problem

Here are my logs from FRST

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Family (administrator) on JESSE-PC on 28-03-2014 16:06:07
Running from C:\Users\Family.Jesse-PC\Desktop
Microsoft Windows 7 Enterprise  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\system32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [bdruninstaller] - C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [747096 2013-05-15] (Bitdefender)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Akamai NetSession Interface] - "C:\Users\Family.Jesse-PC\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Spotify Web Helper] - C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-17] (Spotify Ltd)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Spotify] - C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify\spotify.exe [4643328 2013-06-17] (Spotify Ltd)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Itibiti.exe] - C:\Program Files\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {34bb9a4f-98ae-11e0-a48b-1c6f654cc141} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {3955e799-bd60-11e0-8647-806e6f6e6963} - E:\PcOptions.exe
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {3ad455b5-c122-11e1-9ea1-1c6f654cc141} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {ea9d586d-a862-11e0-a56d-1c6f654cc141} - E:\LaunchU3.exe -a
Startup: C:\Users\Family.Jesse-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicyUsers\S-1-5-21-2909592286-2812279354-972643806-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9150B4A0B21ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {0A376D9E-5F68-4629-8838-0358159D3EC7} URL =
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20120609225441881&tb_oid=09-06-2012&tb_mrud=09-06-2012
SearchScopes: HKCU - DefaultScope {0A376D9E-5F68-4629-8838-0358159D3EC7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN29238907551741504&UM=2
SearchScopes: HKCU - {0A376D9E-5F68-4629-8838-0358159D3EC7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN29238907551741504&UM=2
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=C9D27251-708A-49DE-A4BD-CACA0BC1044E&apn_sauid=44FFB202-F94E-4EB1-9ABC-6775003E9E9F
SearchScopes: HKCU - {5DC84B75-45FB-4219-A3DD-41D494904DE3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKCU - {DB7AF4D3-E459-4D6D-B252-BE053EF8FEC3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F4CF6C7E-67B0-42C5-A451-34AF214F01B9&apn_sauid=DEC21813-B936-4D92-BCF4-4A050D9210FF
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {9194649F-7143-4308-90C1-D6A35B0E354E} -  No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Family.Jesse-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Battlefield Heroes Updater - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\battlefieldheroespatcher@ea.com [2013-05-03]
FF Extension: Battlefield Play4Free - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\battlefieldplay4free@ea.com [2013-04-06]
FF Extension: Bitdefender QuickScan - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-01-10]
FF Extension: Go Parent Folder - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\goParentFolder@alice.xpi [2013-06-28]
FF Extension: Test Pilot - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-03-17]
FF Extension: FirefoxAdKiller - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2013-06-28]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-01]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: No Name - C:\Program Files\AVG\AVG2012\Firefox4\ []
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: No Name - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Family.Jesse-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Extension: (Military Games) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebbopkboffijodadfbpjaknfndjblhk [2013-03-26]
CHR Extension: (3D Shooting Games) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijmnijghjeefmjkpfhkeojppcpjckdc [2013-03-24]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-03-23]
CHR Extension: (Counter Strike) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbnpeifkgfblmnmihpaeniclpnkhpdkg [2013-03-25]
CHR Extension: (Red Crucible 2) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iechpocbkaimjmlpfinoahkolenfdmig [2013-03-25]
CHR Extension: (Skype Click to Call) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-17]
CHR Extension: (BeGone) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2013-03-24]
CHR Extension: (Google Wallet) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [2013-10-11]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-10-11]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2013-10-11]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Family.Jesse-PC\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [2013-05-22]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2013-05-22]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2013-05-22]
CHR HKCU\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Family.Jesse-PC\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [2013-05-22]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-06-15] ()

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-20] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [95304 2012-03-25] (MotioninJoy)
S0 bclwpmf; System32\drivers\fjfgnvww.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 16:06 - 2014-03-28 16:07 - 00021638 _____ () C:\Users\Family.Jesse-PC\Desktop\FRST.txt
2014-03-28 16:05 - 2014-03-28 16:06 - 00000000 ____D () C:\FRST
2014-03-28 16:05 - 2014-03-28 16:05 - 01145856 _____ (Farbar) C:\Users\Family.Jesse-PC\Desktop\FRST.exe
2014-03-27 18:49 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-27 18:49 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-27 18:49 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-27 18:49 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-27 18:48 - 2014-03-27 18:49 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-27 18:35 - 2014-03-27 18:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox 4.0 Beta 12
2014-03-25 15:59 - 2014-03-25 15:59 - 00011626 _____ () C:\Users\Family.Jesse-PC\Desktop\dds.txt
2014-03-25 15:59 - 2014-03-25 15:59 - 00009586 _____ () C:\Users\Family.Jesse-PC\Desktop\attach.txt
2014-03-25 15:56 - 2014-03-25 15:56 - 00688992 ____R (Swearware) C:\Users\Family.Jesse-PC\Desktop\dds.com
2014-03-24 21:37 - 2014-03-24 21:37 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\sdfasfsdf
2014-03-24 20:54 - 2014-03-24 20:55 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\items
2014-03-24 20:07 - 2014-03-24 20:07 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\Stuffs
2014-03-24 20:04 - 2014-03-24 20:06 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Family.Jesse-PC\Desktop\rkill.exe
2014-03-23 00:07 - 2014-03-23 00:07 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-22 23:42 - 2014-03-22 23:42 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\bottom corner
2014-03-22 23:41 - 2014-03-22 23:42 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\this corner
2014-03-22 23:40 - 2014-03-23 00:02 - 00000000 ___RD () C:\Users\Family.Jesse-PC\Desktop\Desktop this side
2014-03-22 23:35 - 2014-03-22 23:34 - 00000426 _____ () C:\AVScanner.ini
2014-03-22 21:47 - 2014-03-22 21:47 - 00000214 _____ () C:\Users\Family.Jesse-PC\Desktop\Garry's Mod.url
2014-03-22 14:04 - 2014-03-23 00:00 - 00000000 ____D () C:\Program Files\GUM7751.tmp
2014-03-22 14:04 - 2014-03-22 14:04 - 49940480 _____ () C:\Program Files\GUT7780.tmp
2014-03-18 07:32 - 2014-03-18 07:32 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-03-17 21:00 - 2014-03-17 21:00 - 00003210 _____ () C:\Users\Jesse\Desktop\RKreport[0]_D_03172014_210034.txt
2014-03-17 20:55 - 2014-03-17 20:55 - 00003145 _____ () C:\Users\Jesse\Desktop\RKreport[0]_S_03172014_205554.txt
2014-03-17 19:08 - 2014-03-17 19:13 - 00000000 ____D () C:\Users\Jesse\Downloads\ARCTIC MONKEYS - DISCOGRAPHY (2005-13) [CHANNEL NEO]
2014-03-17 18:37 - 2014-03-22 16:01 - 00000000 ____D () C:\Users\Jesse\Desktop\RK_Quarantine
2014-03-17 17:43 - 2014-03-17 17:43 - 00000000 ____D () C:\Users\Jesse\Documents\my games
2014-03-16 17:15 - 2014-03-16 17:15 - 00000000 ____D () C:\Users\Jesse\Downloads\In the Aeroplane Over the Sea
2014-03-16 17:09 - 2014-03-16 17:09 - 00000000 ____D () C:\Users\Jesse\Downloads\Defeater
2014-03-10 16:47 - 2014-03-10 16:47 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\HP
2014-03-10 15:52 - 2014-03-10 15:52 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\Skype
2014-03-05 22:45 - 2014-03-22 16:01 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers
2014-03-05 22:16 - 2014-03-05 22:19 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers - By The Way
2014-03-05 22:10 - 2014-03-05 22:10 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Tiësto - Red Lights
2014-03-03 18:48 - 2014-03-03 18:49 - 00030639 _____ () C:\Users\Jesse\Documents\NOOOOOOOOOOOOOOOO.odt

==================== One Month Modified Files and Folders =======

2014-03-28 16:07 - 2014-03-28 16:06 - 00021638 _____ () C:\Users\Family.Jesse-PC\Desktop\FRST.txt
2014-03-28 16:06 - 2014-03-28 16:05 - 00000000 ____D () C:\FRST
2014-03-28 16:06 - 2012-06-25 13:45 - 02058975 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 16:05 - 2014-03-28 16:05 - 01145856 _____ (Farbar) C:\Users\Family.Jesse-PC\Desktop\FRST.exe
2014-03-28 16:03 - 2013-06-17 21:39 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify
2014-03-28 16:03 - 2012-03-05 21:38 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\Skype
2014-03-28 16:02 - 2013-01-22 16:57 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-03-28 16:02 - 2012-09-03 11:23 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 16:02 - 2012-06-28 08:08 - 00100775 _____ () C:\Windows\setupact.log
2014-03-28 16:02 - 2012-06-08 21:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-28 16:02 - 2011-03-08 19:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 16:02 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 18:54 - 2009-07-13 23:34 - 00009984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 18:54 - 2009-07-13 23:34 - 00009984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 18:53 - 2011-04-29 18:12 - 00000000 ____D () C:\Program Files\Steam
2014-03-27 18:50 - 2013-10-19 21:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-27 18:50 - 2012-09-03 11:23 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 18:49 - 2014-03-27 18:48 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-27 18:49 - 2011-05-16 22:23 - 00000000 ____D () C:\Program Files\Java
2014-03-27 18:35 - 2014-03-27 18:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox 4.0 Beta 12
2014-03-26 16:01 - 2013-12-29 11:02 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\.minecraft
2014-03-25 16:21 - 2013-08-15 19:08 - 00000000 ___RD () C:\Users\Family.Jesse-PC\Desktop\Mine-imator v0.6.2
2014-03-25 15:59 - 2014-03-25 15:59 - 00011626 _____ () C:\Users\Family.Jesse-PC\Desktop\dds.txt
2014-03-25 15:59 - 2014-03-25 15:59 - 00009586 _____ () C:\Users\Family.Jesse-PC\Desktop\attach.txt
2014-03-25 15:56 - 2014-03-25 15:56 - 00688992 ____R (Swearware) C:\Users\Family.Jesse-PC\Desktop\dds.com
2014-03-24 21:37 - 2014-03-24 21:37 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\sdfasfsdf
2014-03-24 20:55 - 2014-03-24 20:54 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\items
2014-03-24 20:12 - 2014-02-15 19:33 - 00006704 _____ () C:\Users\Family.Jesse-PC\Desktop\Rkill.txt
2014-03-24 20:07 - 2014-03-24 20:07 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\Stuffs
2014-03-24 20:07 - 2010-05-11 20:35 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 20:06 - 2014-03-24 20:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Family.Jesse-PC\Desktop\rkill.exe
2014-03-23 01:26 - 2013-12-12 07:53 - 00000000 ____D () C:\Windows\Minidump
2014-03-23 01:26 - 2013-09-19 20:34 - 00000000 ____D () C:\Program Files\iTunes
2014-03-23 01:26 - 2013-06-28 22:50 - 00000000 ____D () C:\ProgramData\APN
2014-03-23 01:26 - 2013-05-13 12:08 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Spotify
2014-03-23 01:26 - 2013-04-30 16:10 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-23 01:26 - 2012-06-25 10:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-23 01:26 - 2012-06-20 21:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-23 01:26 - 2011-12-29 12:01 - 00000000 ____D () C:\Windows\pss
2014-03-23 01:26 - 2011-03-19 17:41 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\uTorrent
2014-03-23 01:26 - 2011-03-17 11:57 - 00000000 ____D () C:\Users\Family.Jesse-PC
2014-03-23 01:26 - 2011-03-17 11:46 - 00000000 ____D () C:\Users\Family
2014-03-23 01:26 - 2011-03-11 19:06 - 00000000 ____D () C:\Users\Guest
2014-03-23 01:26 - 2011-03-08 20:26 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\uTorrent
2014-03-23 01:26 - 2011-03-08 20:26 - 00000000 ____D () C:\Program Files\Conduit
2014-03-23 01:26 - 2011-03-01 20:50 - 00000000 ____D () C:\Users\Jesse
2014-03-23 01:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-23 01:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-23 01:25 - 2013-11-08 09:51 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-23 01:25 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-03-23 01:24 - 2012-07-17 07:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-23 01:24 - 2011-09-29 17:58 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\Google
2014-03-23 00:18 - 2012-06-28 08:08 - 00335974 _____ () C:\Windows\PFRO.log
2014-03-23 00:07 - 2014-03-23 00:07 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-23 00:07 - 2011-12-24 23:55 - 00000000 ___RD () C:\Program Files\Skype
2014-03-23 00:07 - 2011-12-24 23:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 00:07 - 2011-04-29 18:13 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-23 00:02 - 2014-03-22 23:40 - 00000000 ___RD () C:\Users\Family.Jesse-PC\Desktop\Desktop this side
2014-03-23 00:00 - 2014-03-22 14:04 - 00000000 ____D () C:\Program Files\GUM7751.tmp
2014-03-22 23:42 - 2014-03-22 23:42 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\bottom corner
2014-03-22 23:42 - 2014-03-22 23:41 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\this corner
2014-03-22 23:34 - 2014-03-22 23:35 - 00000426 _____ () C:\AVScanner.ini
2014-03-22 21:47 - 2014-03-22 21:47 - 00000214 _____ () C:\Users\Family.Jesse-PC\Desktop\Garry's Mod.url
2014-03-22 21:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 16:01 - 2014-03-17 18:37 - 00000000 ____D () C:\Users\Jesse\Desktop\RK_Quarantine
2014-03-22 16:01 - 2014-03-05 22:45 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers
2014-03-22 14:04 - 2014-03-22 14:04 - 49940480 _____ () C:\Program Files\GUT7780.tmp
2014-03-18 07:32 - 2014-03-18 07:32 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-03-18 07:17 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-03-17 21:00 - 2014-03-17 21:00 - 00003210 _____ () C:\Users\Jesse\Desktop\RKreport[0]_D_03172014_210034.txt
2014-03-17 20:55 - 2014-03-17 20:55 - 00003145 _____ () C:\Users\Jesse\Desktop\RKreport[0]_S_03172014_205554.txt
2014-03-17 19:13 - 2014-03-17 19:08 - 00000000 ____D () C:\Users\Jesse\Downloads\ARCTIC MONKEYS - DISCOGRAPHY (2005-13) [CHANNEL NEO]
2014-03-17 17:43 - 2014-03-17 17:43 - 00000000 ____D () C:\Users\Jesse\Documents\my games
2014-03-16 17:15 - 2014-03-16 17:15 - 00000000 ____D () C:\Users\Jesse\Downloads\In the Aeroplane Over the Sea
2014-03-16 17:09 - 2014-03-16 17:09 - 00000000 ____D () C:\Users\Jesse\Downloads\Defeater
2014-03-10 16:48 - 2011-03-17 11:57 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\VirtualStore
2014-03-10 16:47 - 2014-03-10 16:47 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\HP
2014-03-10 16:36 - 2012-12-12 07:53 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\CrashDumps
2014-03-10 15:52 - 2014-03-10 15:52 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\Skype
2014-03-05 22:19 - 2014-03-05 22:16 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers - By The Way
2014-03-05 22:10 - 2014-03-05 22:10 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Tiësto - Red Lights
2014-03-03 18:49 - 2014-03-03 18:48 - 00030639 _____ () C:\Users\Jesse\Documents\NOOOOOOOOOOOOOOOO.odt

Files to move or delete:
====================
C:\Users\Family.Jesse-PC\AppData\Roaming\CamLayout.ini
C:\Users\Family.Jesse-PC\AppData\Roaming\CamShapes.ini
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Family.Jesse-PC\AppData\Local\Temp\7a3f45eb40d23a9ed0b84c4baba2f3df.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\b184edea2e771d3d45aeb233093fcdb2.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\InstallBSRVista_v5.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\install_reader11_en_mssd_awc_aih.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R0.1-b2838jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-9-g9cd35ee-b2908jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\tbappb.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\UninstallBSR6.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Guest\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Jesse\AppData\Local\Temp\APNStub.exe
C:\Users\Jesse\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jesse\AppData\Local\Temp\msvcp100.dll
C:\Users\Jesse\AppData\Local\Temp\msvcr100.dll
C:\Users\Jesse\AppData\Local\Temp\ScriptHelper.exe
C:\Users\Jesse\AppData\Local\Temp\setup.exe
C:\Users\Jesse\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Jesse\AppData\Local\Temp\utt36FE.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-07-13 18:45] - [2009-07-13 20:16] - 0376320 ____A (Microsoft Corporation) CF049C46A222D2369B278007216BC645

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 17:46

==================== End Of Log ============================

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Family at 2014-03-28 16:09:35
Running from C:\Users\Family.Jesse-PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Ace of Spades (HKLM\...\Steam App 224540) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.3658 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.0 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 8 (HKLM\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
CINEMA 4D R14 (HKLM\...\CINEMA 4D R14) (Version:  - )
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 29.0 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Neverwinter (HKLM\...\Steam App 109600) (Version:  - Cryptic Studios)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.58 - NVIDIA Corporation)
NVIDIA Control Panel 266.58 (Version: 266.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6658 - NVIDIA Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rome: Total War (HKLM\...\Steam App 4760) (Version:  - The Creative Assembly)
Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.1.53.g876fa9df - Spotify AB)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tribes: Ascend (HKLM\...\Steam App 17080) (Version:  - Hi-Rez Studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WANTED - The Half-Life Western Pack (HKLM\...\WANTED - The HAlf-Life Western Pack) (Version:  - )
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

11-02-2014 03:58:59 Scheduled Checkpoint
19-02-2014 22:53:54 Scheduled Checkpoint
27-03-2014 23:47:24 Installed Java 7 Update 51

==================== Hosts content: ==========================

2011-03-24 11:36 - 2011-03-24 11:25 - 00002183 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
127.0.0.1                activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0538E8AD-3AEF-46D8-93FA-10318A8A6AE3} - System32\Tasks\{CA5EF274-2E71-45B0-BBC5-D96C4D65E25B} => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
Task: {81DDFAEE-0828-4166-9578-09738FF413A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {838796A3-4B12-4A4F-8695-3F69F9A73078} - System32\Tasks\AdobeAAMUpdater-1.0-Jesse-PC-Family => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {8DD5C0C5-B22A-4F9B-93D6-F97A13B3C312} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {9E3EB8A8-E683-4875-9BD5-4365830F49DD} - System32\Tasks\{33C1E3A9-F8A1-4E1F-9221-73AC7B9D3FF2} => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
Task: {ADC61761-E2AC-427C-B2C5-773F91D68D7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1BA35FE-173F-4D53-9D2B-B619FBE1E9A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {C6820A1A-9F32-47F5-9FC7-A66ACFFF914B} - System32\Tasks\AdobeAAMUpdater-1.0-Jesse-PC-Jesse => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {DC0F365C-015C-4616-9FA1-E795ACCFADB5} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-17 11:21 - 2013-06-15 16:26 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2012-06-18 10:24 - 2012-06-18 10:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2011-01-17 16:19 - 2011-05-16 22:25 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-03-27 18:35 - 2014-03-27 18:35 - 03822192 _____ () C:\Program Files\Mozilla Firefox 4.0 Beta 12\mozjs.dll
2011-01-07 20:48 - 2011-01-07 20:48 - 00235624 _____ () C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06184835.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06184835.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jesse^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BitTorrent => "C:\Program Files\BitTorrent\BitTorrent.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2014 06:41:40 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/24/2014 09:16:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x00031556
Faulting process id: 0x3b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/24/2014 08:01:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_DcomLaunch, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x00051f45
Faulting process id: 0x3d0
Faulting application start time: 0xsvchost.exe_DcomLaunch0
Faulting application path: svchost.exe_DcomLaunch1
Faulting module path: svchost.exe_DcomLaunch2
Report Id: svchost.exe_DcomLaunch3

Error: (03/22/2014 09:44:09 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 00:38:50 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 00:35:53 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 00:34:26 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 00:29:19 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 00:28:42 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 00:20:24 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (03/28/2014 04:07:20 PM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (03/28/2014 04:02:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bclwpmf

Error: (03/28/2014 04:02:18 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (03/28/2014 04:02:15 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (03/28/2014 04:02:15 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (03/27/2014 06:54:17 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/27/2014 06:54:15 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/27/2014 06:45:52 PM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (03/27/2014 06:40:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bclwpmf

Error: (03/27/2014 06:40:47 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.


Microsoft Office Sessions:
=========================
Error: (03/27/2014 06:41:40 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/24/2014 09:16:19 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100ntdll.dll6.1.7600.169154ec49cafc0000005000315563b401cf47cadd81a3cfC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll732f2241-b3c3-11e3-8015-1c6f654cc141

Error: (03/24/2014 08:01:20 PM) (Source: Application Error)(User: )
Description: svchost.exe_DcomLaunch6.1.7600.163854a5bc100ntdll.dll6.1.7600.169154ec49cafc000000500051f453d001cf47c4e50c0e7bC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllf9790f6c-b3b8-11e3-8e2f-1c6f654cc141

Error: (03/22/2014 09:44:09 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 00:38:50 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 00:35:53 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 00:34:26 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 00:29:19 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 00:28:42 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 00:20:24 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3325.55 MB
Available physical RAM: 1530.84 MB
Total Pagefile: 6649.39 MB
Available Pagefile: 4573.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:619.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 36362BEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Search.txt

Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Family at 2014-03-28 16:11:02
Running from C:\Users\Family.Jesse-PC\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 18:45] - [2009-07-13 20:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F

C:\Windows\System32\rpcss.dll
[2009-07-13 18:45] - [2009-07-13 20:16] - 0376320 ____A (Microsoft Corporation) CF049C46A222D2369B278007216BC645

=== End Of Search ===

 

Hope this is what you are asking for.



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 28 March 2014 - 04:34 PM

Well done. Now we're gonna replace the infected file.
How is your computer running after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   1.57KB   9 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 bats1234

bats1234
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 28 March 2014 - 04:42 PM

ok so i did the first step and here are the logs

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Family at 2014-03-28 16:36:39 Run:1
Running from C:\Users\Family.Jesse-PC\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll C:\Windows\System32\rpcss.dll
SearchScopes: HKCU - DefaultScope {0A376D9E-5F68-4629-8838-0358159D3EC7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN29238907551741504&UM=2
SearchScopes: HKCU - {0A376D9E-5F68-4629-8838-0358159D3EC7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN29238907551741504&UM=2
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=C9D27251-708A-49DE-A4BD-CACA0BC1044E&apn_sauid=44FFB202-F94E-4EB1-9ABC-6775003E9E9F
SearchScopes: HKCU - {DB7AF4D3-E459-4D6D-B252-BE053EF8FEC3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F4CF6C7E-67B0-42C5-A451-34AF214F01B9&apn_sauid=DEC21813-B936-4D92-BCF4-4A050D9210FF
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [2013-10-11]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-10-11]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2013-05-22]
S0 bclwpmf; System32\drivers\fjfgnvww.sys [X]
Reboot:
*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A376D9E-5F68-4629-8838-0358159D3EC7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0A376D9E-5F68-4629-8838-0358159D3EC7} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB7AF4D3-E459-4D6D-B252-BE053EF8FEC3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DB7AF4D3-E459-4D6D-B252-BE053EF8FEC3} => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
bclwpmf => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

Now the computer restarts alot and in a very short time so it may take some time to finish the second step so ill post the log as soon as i am able to get it.


Edited by bats1234, 28 March 2014 - 04:43 PM.


#6 bats1234

bats1234
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 28 March 2014 - 08:25 PM

Ok so the scan had finished and i went and looked for the log and it wasnt there.... i dont know what happend but here is the FRST log

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Family (administrator) on JESSE-PC on 28-03-2014 20:23:36
Running from C:\Users\Family.Jesse-PC\Desktop
Microsoft Windows 7 Enterprise  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\system32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [bdruninstaller] - C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [747096 2013-05-15] (Bitdefender)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Akamai NetSession Interface] - "C:\Users\Family.Jesse-PC\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Spotify Web Helper] - C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-17] (Spotify Ltd)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Spotify] - C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify\spotify.exe [4643328 2013-06-17] (Spotify Ltd)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Itibiti.exe] - C:\Program Files\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {34bb9a4f-98ae-11e0-a48b-1c6f654cc141} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {3955e799-bd60-11e0-8647-806e6f6e6963} - E:\PcOptions.exe
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {3ad455b5-c122-11e1-9ea1-1c6f654cc141} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2909592286-2812279354-972643806-1004\...\MountPoints2: {ea9d586d-a862-11e0-a56d-1c6f654cc141} - E:\LaunchU3.exe -a
Startup: C:\Users\Family.Jesse-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicyUsers\S-1-5-21-2909592286-2812279354-972643806-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9150B4A0B21ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {0A376D9E-5F68-4629-8838-0358159D3EC7} URL =
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20120609225441881&tb_oid=09-06-2012&tb_mrud=09-06-2012
SearchScopes: HKCU - {5DC84B75-45FB-4219-A3DD-41D494904DE3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {9194649F-7143-4308-90C1-D6A35B0E354E} -  No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Family.Jesse-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Battlefield Heroes Updater - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\battlefieldheroespatcher@ea.com [2013-05-03]
FF Extension: Battlefield Play4Free - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\battlefieldplay4free@ea.com [2013-04-06]
FF Extension: Bitdefender QuickScan - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-01-10]
FF Extension: Go Parent Folder - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\goParentFolder@alice.xpi [2013-06-28]
FF Extension: Test Pilot - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-03-17]
FF Extension: FirefoxAdKiller - C:\Users\Family.Jesse-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hkl501n2.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2013-06-28]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-01]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: No Name - C:\Program Files\AVG\AVG2012\Firefox4\ []
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: No Name - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Family.Jesse-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Extension: (Military Games) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebbopkboffijodadfbpjaknfndjblhk [2013-03-26]
CHR Extension: (3D Shooting Games) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijmnijghjeefmjkpfhkeojppcpjckdc [2013-03-24]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-03-23]
CHR Extension: (Counter Strike) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbnpeifkgfblmnmihpaeniclpnkhpdkg [2013-03-25]
CHR Extension: (Red Crucible 2) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iechpocbkaimjmlpfinoahkolenfdmig [2013-03-25]
CHR Extension: (Skype Click to Call) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-17]
CHR Extension: (BeGone) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2013-03-24]
CHR Extension: (Google Wallet) - C:\Users\Family.Jesse-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2013-10-11]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Family.Jesse-PC\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [2013-05-22]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2013-05-22]
CHR HKCU\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Family.Jesse-PC\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [2013-05-22]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-06-15] ()

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-20] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [95304 2012-03-25] (MotioninJoy)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 16:40 - 2014-03-28 16:40 - 00000000 ____D () C:\Program Files\ESET
2014-03-28 16:39 - 2014-03-28 16:39 - 02347384 _____ (ESET) C:\Users\Family.Jesse-PC\Desktop\esetsmartinstaller_enu.exe
2014-03-28 16:39 - 2014-03-28 16:39 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 16:39 - 2014-03-28 16:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-28 16:22 - 2014-03-28 16:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox 4.0 Beta 12
2014-03-28 16:11 - 2014-03-28 16:21 - 00000633 _____ () C:\Users\Family.Jesse-PC\Desktop\Search.txt
2014-03-28 16:09 - 2014-03-28 16:10 - 00026922 _____ () C:\Users\Family.Jesse-PC\Desktop\Addition.txt
2014-03-28 16:06 - 2014-03-28 20:23 - 00020215 _____ () C:\Users\Family.Jesse-PC\Desktop\FRST.txt
2014-03-28 16:05 - 2014-03-28 20:23 - 00000000 ____D () C:\FRST
2014-03-28 16:05 - 2014-03-28 16:05 - 01145856 _____ (Farbar) C:\Users\Family.Jesse-PC\Desktop\FRST.exe
2014-03-27 18:49 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-27 18:49 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-27 18:49 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-27 18:49 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-27 18:48 - 2014-03-27 18:49 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-25 15:59 - 2014-03-25 15:59 - 00011626 _____ () C:\Users\Family.Jesse-PC\Desktop\dds.txt
2014-03-25 15:59 - 2014-03-25 15:59 - 00009586 _____ () C:\Users\Family.Jesse-PC\Desktop\attach.txt
2014-03-25 15:56 - 2014-03-25 15:56 - 00688992 ____R (Swearware) C:\Users\Family.Jesse-PC\Desktop\dds.com
2014-03-24 21:37 - 2014-03-24 21:37 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\sdfasfsdf
2014-03-24 20:54 - 2014-03-24 20:55 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\items
2014-03-24 20:07 - 2014-03-24 20:07 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\Stuffs
2014-03-24 20:04 - 2014-03-24 20:06 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Family.Jesse-PC\Desktop\rkill.exe
2014-03-22 23:42 - 2014-03-22 23:42 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\bottom corner
2014-03-22 23:41 - 2014-03-22 23:42 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\this corner
2014-03-22 23:40 - 2014-03-23 00:02 - 00000000 ___RD () C:\Users\Family.Jesse-PC\Desktop\Desktop this side
2014-03-22 23:35 - 2014-03-22 23:34 - 00000426 _____ () C:\AVScanner.ini
2014-03-22 21:47 - 2014-03-22 21:47 - 00000214 _____ () C:\Users\Family.Jesse-PC\Desktop\Garry's Mod.url
2014-03-22 14:04 - 2014-03-23 00:00 - 00000000 ____D () C:\Program Files\GUM7751.tmp
2014-03-22 14:04 - 2014-03-22 14:04 - 49940480 _____ () C:\Program Files\GUT7780.tmp
2014-03-18 07:32 - 2014-03-18 07:32 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-03-17 21:00 - 2014-03-17 21:00 - 00003210 _____ () C:\Users\Jesse\Desktop\RKreport[0]_D_03172014_210034.txt
2014-03-17 20:55 - 2014-03-17 20:55 - 00003145 _____ () C:\Users\Jesse\Desktop\RKreport[0]_S_03172014_205554.txt
2014-03-17 19:08 - 2014-03-17 19:13 - 00000000 ____D () C:\Users\Jesse\Downloads\ARCTIC MONKEYS - DISCOGRAPHY (2005-13) [CHANNEL NEO]
2014-03-17 18:37 - 2014-03-22 16:01 - 00000000 ____D () C:\Users\Jesse\Desktop\RK_Quarantine
2014-03-17 17:43 - 2014-03-17 17:43 - 00000000 ____D () C:\Users\Jesse\Documents\my games
2014-03-16 17:15 - 2014-03-16 17:15 - 00000000 ____D () C:\Users\Jesse\Downloads\In the Aeroplane Over the Sea
2014-03-16 17:09 - 2014-03-16 17:09 - 00000000 ____D () C:\Users\Jesse\Downloads\Defeater
2014-03-10 16:47 - 2014-03-10 16:47 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\HP
2014-03-10 15:52 - 2014-03-10 15:52 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\Skype
2014-03-05 22:45 - 2014-03-22 16:01 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers
2014-03-05 22:16 - 2014-03-05 22:19 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers - By The Way
2014-03-05 22:10 - 2014-03-05 22:10 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Tiësto - Red Lights
2014-03-03 18:48 - 2014-03-03 18:49 - 00030639 _____ () C:\Users\Jesse\Documents\NOOOOOOOOOOOOOOOO.odt

==================== One Month Modified Files and Folders =======

2014-03-28 20:24 - 2014-03-28 16:06 - 00020215 _____ () C:\Users\Family.Jesse-PC\Desktop\FRST.txt
2014-03-28 20:23 - 2014-03-28 16:05 - 00000000 ____D () C:\FRST
2014-03-28 20:11 - 2012-03-05 21:38 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\Skype
2014-03-28 20:08 - 2012-06-28 08:08 - 00100999 _____ () C:\Windows\setupact.log
2014-03-28 20:08 - 2009-07-13 23:34 - 00009984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 20:08 - 2009-07-13 23:34 - 00009984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 19:50 - 2012-09-03 11:23 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 18:17 - 2012-06-25 13:45 - 02091355 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 16:40 - 2014-03-28 16:40 - 00000000 ____D () C:\Program Files\ESET
2014-03-28 16:39 - 2014-03-28 16:39 - 02347384 _____ (ESET) C:\Users\Family.Jesse-PC\Desktop\esetsmartinstaller_enu.exe
2014-03-28 16:39 - 2014-03-28 16:39 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 16:39 - 2014-03-28 16:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-28 16:39 - 2011-12-24 23:55 - 00000000 ___RD () C:\Program Files\Skype
2014-03-28 16:39 - 2011-12-24 23:54 - 00000000 ____D () C:\ProgramData\Skype
2014-03-28 16:38 - 2013-06-17 21:39 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\Spotify
2014-03-28 16:38 - 2013-01-22 16:57 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-03-28 16:38 - 2012-09-03 11:23 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 16:38 - 2012-06-08 21:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-28 16:38 - 2011-03-08 19:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 16:38 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 16:22 - 2014-03-28 16:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox 4.0 Beta 12
2014-03-28 16:21 - 2014-03-28 16:11 - 00000633 _____ () C:\Users\Family.Jesse-PC\Desktop\Search.txt
2014-03-28 16:10 - 2014-03-28 16:09 - 00026922 _____ () C:\Users\Family.Jesse-PC\Desktop\Addition.txt
2014-03-28 16:05 - 2014-03-28 16:05 - 01145856 _____ (Farbar) C:\Users\Family.Jesse-PC\Desktop\FRST.exe
2014-03-27 18:53 - 2011-04-29 18:12 - 00000000 ____D () C:\Program Files\Steam
2014-03-27 18:50 - 2013-10-19 21:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-27 18:49 - 2014-03-27 18:48 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-27 18:49 - 2011-05-16 22:23 - 00000000 ____D () C:\Program Files\Java
2014-03-26 16:01 - 2013-12-29 11:02 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\.minecraft
2014-03-25 16:21 - 2013-08-15 19:08 - 00000000 ___RD () C:\Users\Family.Jesse-PC\Desktop\Mine-imator v0.6.2
2014-03-25 15:59 - 2014-03-25 15:59 - 00011626 _____ () C:\Users\Family.Jesse-PC\Desktop\dds.txt
2014-03-25 15:59 - 2014-03-25 15:59 - 00009586 _____ () C:\Users\Family.Jesse-PC\Desktop\attach.txt
2014-03-25 15:56 - 2014-03-25 15:56 - 00688992 ____R (Swearware) C:\Users\Family.Jesse-PC\Desktop\dds.com
2014-03-24 21:37 - 2014-03-24 21:37 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\sdfasfsdf
2014-03-24 20:55 - 2014-03-24 20:54 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\items
2014-03-24 20:12 - 2014-02-15 19:33 - 00006704 _____ () C:\Users\Family.Jesse-PC\Desktop\Rkill.txt
2014-03-24 20:07 - 2014-03-24 20:07 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\Stuffs
2014-03-24 20:07 - 2010-05-11 20:35 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 20:06 - 2014-03-24 20:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Family.Jesse-PC\Desktop\rkill.exe
2014-03-23 01:26 - 2013-12-12 07:53 - 00000000 ____D () C:\Windows\Minidump
2014-03-23 01:26 - 2013-09-19 20:34 - 00000000 ____D () C:\Program Files\iTunes
2014-03-23 01:26 - 2013-06-28 22:50 - 00000000 ____D () C:\ProgramData\APN
2014-03-23 01:26 - 2013-05-13 12:08 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Spotify
2014-03-23 01:26 - 2012-06-25 10:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-23 01:26 - 2012-06-20 21:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-23 01:26 - 2011-12-29 12:01 - 00000000 ____D () C:\Windows\pss
2014-03-23 01:26 - 2011-03-19 17:41 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Roaming\uTorrent
2014-03-23 01:26 - 2011-03-17 11:57 - 00000000 ____D () C:\Users\Family.Jesse-PC
2014-03-23 01:26 - 2011-03-17 11:46 - 00000000 ____D () C:\Users\Family
2014-03-23 01:26 - 2011-03-11 19:06 - 00000000 ____D () C:\Users\Guest
2014-03-23 01:26 - 2011-03-08 20:26 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\uTorrent
2014-03-23 01:26 - 2011-03-08 20:26 - 00000000 ____D () C:\Program Files\Conduit
2014-03-23 01:26 - 2011-03-01 20:50 - 00000000 ____D () C:\Users\Jesse
2014-03-23 01:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-23 01:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-23 01:25 - 2013-11-08 09:51 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-23 01:25 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-03-23 01:24 - 2012-07-17 07:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-23 01:24 - 2011-09-29 17:58 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\Google
2014-03-23 00:18 - 2012-06-28 08:08 - 00335974 _____ () C:\Windows\PFRO.log
2014-03-23 00:07 - 2011-04-29 18:13 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-23 00:02 - 2014-03-22 23:40 - 00000000 ___RD () C:\Users\Family.Jesse-PC\Desktop\Desktop this side
2014-03-23 00:00 - 2014-03-22 14:04 - 00000000 ____D () C:\Program Files\GUM7751.tmp
2014-03-22 23:42 - 2014-03-22 23:42 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\bottom corner
2014-03-22 23:42 - 2014-03-22 23:41 - 00000000 ____D () C:\Users\Family.Jesse-PC\Desktop\this corner
2014-03-22 23:34 - 2014-03-22 23:35 - 00000426 _____ () C:\AVScanner.ini
2014-03-22 21:47 - 2014-03-22 21:47 - 00000214 _____ () C:\Users\Family.Jesse-PC\Desktop\Garry's Mod.url
2014-03-22 21:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 16:01 - 2014-03-17 18:37 - 00000000 ____D () C:\Users\Jesse\Desktop\RK_Quarantine
2014-03-22 16:01 - 2014-03-05 22:45 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers
2014-03-22 14:04 - 2014-03-22 14:04 - 49940480 _____ () C:\Program Files\GUT7780.tmp
2014-03-18 07:32 - 2014-03-18 07:32 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-03-18 07:17 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-03-17 21:00 - 2014-03-17 21:00 - 00003210 _____ () C:\Users\Jesse\Desktop\RKreport[0]_D_03172014_210034.txt
2014-03-17 20:55 - 2014-03-17 20:55 - 00003145 _____ () C:\Users\Jesse\Desktop\RKreport[0]_S_03172014_205554.txt
2014-03-17 19:13 - 2014-03-17 19:08 - 00000000 ____D () C:\Users\Jesse\Downloads\ARCTIC MONKEYS - DISCOGRAPHY (2005-13) [CHANNEL NEO]
2014-03-17 17:43 - 2014-03-17 17:43 - 00000000 ____D () C:\Users\Jesse\Documents\my games
2014-03-16 17:15 - 2014-03-16 17:15 - 00000000 ____D () C:\Users\Jesse\Downloads\In the Aeroplane Over the Sea
2014-03-16 17:09 - 2014-03-16 17:09 - 00000000 ____D () C:\Users\Jesse\Downloads\Defeater
2014-03-10 16:48 - 2011-03-17 11:57 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\VirtualStore
2014-03-10 16:47 - 2014-03-10 16:47 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\HP
2014-03-10 16:36 - 2012-12-12 07:53 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\CrashDumps
2014-03-10 15:52 - 2014-03-10 15:52 - 00000000 ____D () C:\Users\Family.Jesse-PC\AppData\Local\Skype
2014-03-05 22:19 - 2014-03-05 22:16 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Red Hot Chili Peppers - By The Way
2014-03-05 22:10 - 2014-03-05 22:10 - 00000000 ____D () C:\Users\Family.Jesse-PC\Downloads\Tiësto - Red Lights
2014-03-03 18:49 - 2014-03-03 18:48 - 00030639 _____ () C:\Users\Jesse\Documents\NOOOOOOOOOOOOOOOO.odt

Files to move or delete:
====================
C:\Users\Family.Jesse-PC\AppData\Roaming\CamLayout.ini
C:\Users\Family.Jesse-PC\AppData\Roaming\CamShapes.ini
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Family.Jesse-PC\AppData\Local\Temp\7a3f45eb40d23a9ed0b84c4baba2f3df.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\b184edea2e771d3d45aeb233093fcdb2.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\InstallBSRVista_v5.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\install_reader11_en_mssd_awc_aih.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R0.1-b2838jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-9-g9cd35ee-b2908jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\tbappb.dll
C:\Users\Family.Jesse-PC\AppData\Local\Temp\UninstallBSR6.exe
C:\Users\Family.Jesse-PC\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Guest\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Jesse\AppData\Local\Temp\APNStub.exe
C:\Users\Jesse\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jesse\AppData\Local\Temp\msvcp100.dll
C:\Users\Jesse\AppData\Local\Temp\msvcr100.dll
C:\Users\Jesse\AppData\Local\Temp\ScriptHelper.exe
C:\Users\Jesse\AppData\Local\Temp\setup.exe
C:\Users\Jesse\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Jesse\AppData\Local\Temp\utt36FE.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 17:46

==================== End Of Log ============================

 

 

If you really need those logs ill do the scan again.


Edited by bats1234, 28 March 2014 - 09:52 PM.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 29 March 2014 - 08:00 AM

Has ESET found any threats or not?

#8 bats1234

bats1234
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 29 March 2014 - 12:46 PM

Yes there was about 22 and most of them were toolbar and there was 1 Trojan that's all I remember



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 29 March 2014 - 02:24 PM

All the toolbar stuff is irrelevant. But we have to be sure that nothing serious was found.
Can you please repeat this scan?
(This time you can click on "List of found threats" -> "Export to text file" when the scan has finished to get a log for sure. Also you have to start ESET with administrator privileges.)

#10 bats1234

bats1234
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 29 March 2014 - 03:48 PM

Ok I'll will do it again and it does take about 3 hours so i will post it who it's done



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 29 March 2014 - 07:37 PM

Ok.

#12 bats1234

bats1234
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 30 March 2014 - 10:07 AM

im sorry i went out and didnt do the scan yesterday and im going out of town today but i will do the scan sometime monday.



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 30 March 2014 - 10:49 AM

No problem, there is no hurry on my part.

#14 bats1234

bats1234
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 31 March 2014 - 06:52 AM

ok so i found the log.txt this time so here it is

and im not sure if when i export txt document its a different log so i put that one to

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=956b582c1afd2d4eb3cc96ac7b194054
# engine=17685
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-31 07:15:05
# local_time=2014-03-31 02:15:05 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1034 16777214 100 57 5926958 70671123 0 0
# compatibility_mode=5893 16776574 100 94 5926932 147794896 0 0
# scanned=456919
# found=23
# cleaned=0
# scan_time=10911
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir"
sh=99305C6442241239E842917B77D14F81373A8CA8 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=6291434422B68EA6BE6A87A91C4BB075D19C4595 ft=1 fh=5b5b042bc1fc7e21 vn="Win32/Patched.IB trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Program Files\Conduit\Community Alerts\Alert.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Program Files\Conduit\Community Alerts\Alert0.dll"
sh=5789A7E8DF0F046AD787D20E60937C26DE2823B5 ft=1 fh=e0b21b139133d8fa vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Program Files\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe"
sh=66AD38356276A82B243291DA69C13821D297E5E0 ft=1 fh=834d59cc4b3df5fa vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Program Files\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=3E694845DC53F08AC299CA23DA974C55F4B62E20 ft=0 fh=0000000000000000 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Family.Jesse-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WS4FGXJ\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi"
sh=70E94C3740C0A11D19CB4D5D71D4B92F4C742571 ft=1 fh=9e7fba2aaf4b3dbf vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Family.Jesse-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LO95QI5X\tbedrs[1].dll"
sh=C3D54B5C6569F04C9E076AF7D441D6745BB98C4E ft=1 fh=aa1a0cb4f5da8738 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Family.Jesse-PC\AppData\Local\Temp\tbappb.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Family.Jesse-PC\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=B0301A9349F9F2C1CAF741A176A621F1E5674581 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Users\Family.Jesse-PC\Desktop\Desktop this side\Skins\FOLDERS!!\Camtasia\disable_activation.cmd"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=AADF0D01571CDF323227B5C5880B76F5AD026A35 ft=1 fh=c356f278a69be97c vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Jesse\AppData\Local\temp\APNStub.exe"
sh=4C7EE04176DA399A5A80402FBBCCBA8C58E5F383 ft=1 fh=3e58fcead898a3fd vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Jesse\AppData\Local\temp\setup.exe"
sh=7BC2C43D8F55AEC9CEB5FFB1749C52B385650A77 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Jesse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4fd08551-56f3059c"
sh=CFDD68BF961F2291E1A057942D308F9F9B46799A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Jesse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\78b13831-31fca3b1"
sh=2C16CF7AF335A0943C5973070050474E2565691B ft=1 fh=dbab1590fe63551b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Jesse\Downloads\ccsetup319.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
 

 

 

Other one

 

 

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir    Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir    Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD    Win32/Patched.IB trojan
C:\Program Files\Conduit\Community Alerts\Alert.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files\Conduit\Community Alerts\Alert0.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Program Files\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\Users\Family.Jesse-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WS4FGXJ\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi    a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Family.Jesse-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LO95QI5X\tbedrs[1].dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Family.Jesse-PC\AppData\Local\Temp\tbappb.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Family.Jesse-PC\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Family.Jesse-PC\Desktop\Desktop this side\Skins\FOLDERS!!\Camtasia\disable_activation.cmd    BAT/HostsChanger.A potentially unsafe application
C:\Users\Guest\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Jesse\AppData\Local\temp\APNStub.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jesse\AppData\Local\temp\setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jesse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4fd08551-56f3059c    multiple threats
C:\Users\Jesse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\78b13831-31fca3b1    multiple threats
C:\Users\Jesse\Downloads\ccsetup319.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 31 March 2014 - 10:26 AM

Great, this looks good, no more active malware has been found!

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Java™ 6 Update 33
Download and install Service Pack 1 for Windows 7.




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users