Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Killsoft.v2008 Malware; Found by Spybot, Not Removed By It


  • This topic is locked This topic is locked
15 replies to this topic

#1 deandome

deandome

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 11 April 2014 - 12:20 AM

System: Dell Studio XPS 8100, i7 860 CPU, Windows 7 Home Premium SP1

 

Spybot found a pretty bad looking PUP recently (Malwarebytes did NOT find it).  Tried to repair/remove it twice, but Spybot shows that it's still there  It's called Killsoft.v2008, here are the three specific 'things' that were saved to the Spybot scan-log:

 

Killsoft.V2008: [SBI $FF8A89C8] Class ID (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{7E41911F-13AA-11D3-A831-00104B9E30B5}
 
Killsoft.V2008: [SBI $A7366EB4] Type library (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{7E419111-13AA-11D3-A831-00104B9E30B5}
 
Killsoft.V2008: [SBI $A7366EB4] Type library (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{7E419111-13AA-11D3-A831-00104B9E30B5}
 
I've gotten help here in the past, so I've gone ahead and run HijackThis & posted the logfile below.  But of course, I would appreciate your help with other things you'll want/need for me to do..thanks!
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:48 AM, on 4/11/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinityconnect.mail.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Artisan 837 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE /FU "C:\Users\Dean\AppData\Local\Temp\E_SD1E7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13440 bytes
 

Edited by deandome, 11 April 2014 - 12:23 AM.


BC AdBot (Login to Remove)

 


#2 deandome

deandome
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 15 April 2014 - 08:07 AM

Why haven't I been contacted yet?

 

I know it says it can take up to 5 days, but most other virus threads got replies within one day.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 16 April 2014 - 12:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530671 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 deandome

deandome
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 16 April 2014 - 07:58 AM

Thanks.  I sent the reply per 1), but I can't get to the stuff in 2) until after work today (it's 8:00am where I am).  



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:54 PM

Posted 16 April 2014 - 12:54 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You can ignore the DDS tool for now. Let me see the logs from these tools.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#6 deandome

deandome
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 18 April 2014 - 12:57 AM

Thanks...here goes:

1) here's the MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/18/2014
Scan Time: 12:31:25 AM
Logfile: MBAM Log April 18.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.18.01
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dean
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323225
Time Elapsed: 35 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2364808300-4264439020-2973025124-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [13edf01088785fa1dc67eda7be45ef11], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2364808300-4264439020-2973025124-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0G1M1J2X1L1O1NtF2ZtG0J, , [13edf01088785fa1dc67eda7be45ef11]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Amonetize.A, C:\Users\FunFree\Downloads\ClashofClansGemsHackv22__6857_il6329312 (1).exe, , [4fb1926e2dd3867aca8f0a32788849b7], 
PUP.Optional.Amonetize.A, C:\Users\FunFree\Downloads\ClashofClansGemsHackv22__6857_il6329312.exe, , [3fc17789c23ed92794c5d66669971de3], 
PUP.Optional.Amonetize.A, C:\Users\FunFree\Downloads\ClashOfClansV2 2X Downloader__3687_i561406922_il6329627.exe, , [d22e9b651ee29f619cbde4580af603fd], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
2) here's the Adw Cleaner
log:
# AdwCleaner v3.023 - Report created 18/04/2014 at 00:36:57
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dean - FRED
# Running from : C:\Users\Dean\Downloads\adwcleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\Tasks\LaunchApp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iftxcflu.default\prefs.js ]
 
 
[ File : C:\Users\Carter\AppData\Roaming\Mozilla\Firefox\Profiles\pgplgp99.default\prefs.js ]
 
 
[ File : C:\Users\FunFree\AppData\Roaming\Mozilla\Firefox\Profiles\1bsos6vb.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\FunFree\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5664 octets] - [07/09/2013 15:32:01]
AdwCleaner[R1].txt - [2130 octets] - [18/04/2014 00:36:57]
AdwCleaner[S0].txt - [5500 octets] - [07/09/2013 15:32:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2250 octets] ##########
 

3) Here's the Farbar FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Dean (administrator) on FRED on 18-04-2014 00:45:26
Running from C:\Users\Dean\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-01-10] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-09-30] ()
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-05-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [dellsupportcenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2364808300-4264439020-2973025124-1000\...\Run: [EPSON Artisan 837 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2364808300-4264439020-2973025124-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-13] (Google Inc.)
HKU\S-1-5-21-2364808300-4264439020-2973025124-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2364808300-4264439020-2973025124-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2364808300-4264439020-2973025124-1000\...\MountPoints2: {f13952cb-3e02-11e1-9137-806e6f6e6963} - D:\SETUP.EXE
GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1008\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1004\User: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinityconnect.mail.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1EEB2A2108D2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {95525BD9-6136-4A26-8263-9CEE295D442D} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {95080B13-AA71-4EE8-B951-7E98221E1ED5} -  No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iftxcflu.default
FF Homepage: hxxp://web.mail.comcast.net/zimbra/mail?app=mail#1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Dean\AppData\Local\Roblox\Versions\version-3f2bb30af20140a4\\NPRobloxProxy.dll ( Roblox Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-01-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-01-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-19]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://xfinityconnect.mail.comcast.net/
CHR StartupUrls: "hxxp://xfinityconnect.mail.comcast.net/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U6) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Dean\AppData\Local\Roblox\Versions\version-3f2bb30af20140a4\\NPRobloxProxy.dll ( Roblox Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]
CHR Extension: (Google Drive) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]
CHR Extension: (YouTube) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-03]
CHR Extension: (Google Search) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-27]
CHR Extension: (Norton Identity Protection) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-29]
CHR Extension: (Google Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-06]
 
==================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-03-13] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
S3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-28] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S1 FileDisk; No ImagePath
R3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2011-10-19] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140417.009\ENG64.SYS [126040 2014-04-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140417.009\EX64.SYS [2099288 2014-04-11] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-18 00:45 - 2014-04-18 00:46 - 00026837 _____ () C:\Users\Dean\Downloads\FRST.txt
2014-04-18 00:44 - 2014-04-18 00:45 - 00000000 ____D () C:\FRST
2014-04-18 00:44 - 2014-04-18 00:44 - 02158592 _____ (Farbar) C:\Users\Dean\Downloads\FRST64.exe
2014-04-18 00:39 - 2014-04-18 00:39 - 00002338 _____ () C:\Users\Dean\Documents\AdwCleaner[R1].txt
2014-04-17 23:56 - 2014-04-17 23:56 - 01426178 _____ () C:\Users\Dean\Downloads\adwcleaner (1).exe
2014-04-17 23:53 - 2014-04-18 00:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 23:52 - 2014-04-17 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-17 23:52 - 2014-04-17 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-17 23:52 - 2014-04-17 23:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 23:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 23:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-15 18:57 - 2014-04-15 18:57 - 00059392 _____ () C:\Users\FunFree\Downloads\Fraction_Buster_Equations (1).ppt
2014-04-15 18:57 - 2014-04-15 18:57 - 00057344 _____ () C:\Users\FunFree\Downloads\Fraction_Buster_Equations (2).ppt
2014-04-15 16:02 - 2014-04-15 16:02 - 00059392 _____ () C:\Users\FunFree\Downloads\Fraction_Buster_Equations.ppt
2014-04-13 16:26 - 2014-04-13 16:26 - 02481152 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack Tool.exe
2014-04-13 11:03 - 2014-04-13 11:03 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack (3).rar
2014-04-13 11:00 - 2014-04-13 11:00 - 00376288 _____ () C:\Users\FunFree\Downloads\MediaPlayerClassic.exe
2014-04-13 10:59 - 2014-04-13 10:59 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack (2).rar
2014-04-13 10:59 - 2014-04-13 10:59 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack (1).rar
2014-04-13 10:58 - 2014-04-13 10:58 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack.rar
2014-04-13 10:48 - 2014-04-13 10:48 - 00000000 ____D () C:\Users\FunFree\AppData\Roaming\ioloGovernor
2014-04-11 19:05 - 2014-03-30 20:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 19:05 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 19:05 - 2014-03-30 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 19:05 - 2014-03-30 18:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 19:05 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 19:05 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 19:05 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 19:05 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 19:05 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 19:05 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 19:05 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 19:05 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 19:05 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 19:05 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 19:05 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 19:05 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 19:05 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 19:05 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 19:05 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 19:05 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 19:05 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-11 18:46 - 2014-04-11 18:46 - 00000000 ____D () C:\Users\Carter\AppData\Roaming\ioloGovernor
2014-04-11 00:15 - 2014-04-11 00:15 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-04-10 20:05 - 2014-04-10 20:05 - 00000512 _____ () C:\Users\FunFree\Downloads\url.htm
2014-04-08 20:22 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\FunFree\AppData\Roaming\Epson
2014-04-07 19:00 - 2014-04-07 19:00 - 00000020 _____ () C:\Windows\üø'
2014-04-07 19:00 - 2014-04-07 19:00 - 00000000 ____D () C:\Windows\en
2014-04-07 19:00 - 2014-04-07 19:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-07 18:58 - 2014-04-07 18:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-07 18:58 - 2014-04-07 18:58 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-07 18:58 - 2014-01-10 12:56 - 00058048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-04-07 18:54 - 2014-04-07 18:54 - 00002175 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-07 18:54 - 2014-04-07 18:54 - 00002106 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-07 18:54 - 2014-04-07 18:54 - 00002106 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ___RD () C:\Users\Dean\OneDrive
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-04-07 18:52 - 2014-04-07 19:06 - 00000000 ____D () C:\Users\Dean\AppData\Local\Windows Live
2014-04-07 18:51 - 2014-04-07 18:51 - 01239744 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\wlsetup-web.exe
2014-04-07 18:05 - 2014-03-21 14:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-07 18:05 - 2014-03-21 14:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-06 17:15 - 2014-04-06 17:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-04-06 14:35 - 2014-04-06 14:35 - 00000000 ____D () C:\Users\Carter\AppData\Roaming\RotMG.Production
2014-03-30 14:43 - 2014-03-30 14:43 - 00003633 _____ () C:\Users\Carter\Downloads\TalosTheGod2-8965-2-0 (1).zip
2014-03-30 14:42 - 2014-03-30 14:42 - 00003633 _____ () C:\Users\Carter\Downloads\TalosTheGod2-8965-2-0.zip
2014-03-30 13:09 - 2014-03-30 13:09 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki (3).htm
2014-03-30 13:08 - 2014-03-30 13:08 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki.htm
2014-03-30 13:08 - 2014-03-30 13:08 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki (2).htm
2014-03-30 13:08 - 2014-03-30 13:08 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki (1).htm
2014-03-22 17:10 - 2014-03-22 17:10 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-22 17:09 - 2014-03-04 06:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-22 17:05 - 2014-03-04 09:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-22 17:05 - 2014-03-04 09:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-22 17:05 - 2014-03-04 09:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-22 16:46 - 2014-03-22 16:46 - 00009993 _____ () C:\Users\Dean\Documents\Scan Results. March 22 2014.txt
2014-03-22 16:23 - 2014-04-10 21:47 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-03-22 16:23 - 2014-03-22 16:23 - 00003144 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-03-22 16:23 - 2014-03-22 16:23 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\ioloGovernor
2014-03-22 16:16 - 2014-04-18 00:42 - 00003330 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2364808300-4264439020-2973025124-1000
2014-03-22 16:16 - 2014-04-18 00:42 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2364808300-4264439020-2973025124-1000
 
==================== One Month Modified Files and Folders =======
 
2014-04-18 00:46 - 2014-04-18 00:45 - 00026837 _____ () C:\Users\Dean\Downloads\FRST.txt
2014-04-18 00:46 - 2012-01-13 11:26 - 01203102 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 00:45 - 2014-04-18 00:44 - 00000000 ____D () C:\FRST
2014-04-18 00:44 - 2014-04-18 00:44 - 02158592 _____ (Farbar) C:\Users\Dean\Downloads\FRST64.exe
2014-04-18 00:43 - 2014-04-17 23:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 00:43 - 2013-09-07 15:29 - 00000000 ____D () C:\AdwCleaner
2014-04-18 00:43 - 2012-12-01 13:16 - 00000632 __RSH () C:\Users\Dean\ntuser.pol
2014-04-18 00:43 - 2012-01-13 09:50 - 00000000 ____D () C:\Users\Dean
2014-04-18 00:42 - 2014-03-22 16:16 - 00003330 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2364808300-4264439020-2973025124-1000
2014-04-18 00:42 - 2014-03-22 16:16 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2364808300-4264439020-2973025124-1000
2014-04-18 00:42 - 2012-01-14 21:03 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-04-18 00:42 - 2012-01-13 16:32 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 00:42 - 2012-01-13 10:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 00:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 00:42 - 2009-07-13 23:51 - 00089499 _____ () C:\Windows\setupact.log
2014-04-18 00:41 - 2009-07-13 23:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 00:41 - 2009-07-13 23:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 00:39 - 2014-04-18 00:39 - 00002338 _____ () C:\Users\Dean\Documents\AdwCleaner[R1].txt
2014-04-18 00:33 - 2012-01-13 10:44 - 01234094 _____ () C:\Windows\PFRO.log
2014-04-18 00:33 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2014-04-18 00:24 - 2012-01-13 16:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 23:56 - 2014-04-17 23:56 - 01426178 _____ () C:\Users\Dean\Downloads\adwcleaner (1).exe
2014-04-17 23:52 - 2014-04-17 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-17 23:52 - 2014-04-17 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Dean\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-17 23:52 - 2014-04-17 23:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 23:52 - 2013-06-02 21:02 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 23:52 - 2012-01-14 21:20 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Malwarebytes
2014-04-17 23:52 - 2012-01-14 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 23:51 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-17 23:50 - 2012-04-21 13:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 22:42 - 2013-09-19 20:23 - 00000000 ____D () C:\Users\Carter\AppData\Roaming\Skype
2014-04-17 22:40 - 2013-12-26 18:24 - 00000000 ____D () C:\Users\Carter\Documents\my games
2014-04-17 22:40 - 2013-07-06 12:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-16 20:12 - 2013-07-27 19:53 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-16 20:12 - 2013-07-27 19:53 - 00000000 ____D () C:\ProgramData\Skype
2014-04-15 19:54 - 2012-12-03 18:40 - 02044024 __RSH () C:\Users\Carter\ntuser.pol
2014-04-15 19:54 - 2012-12-03 18:40 - 00000000 ____D () C:\Users\Carter
2014-04-15 18:57 - 2014-04-15 18:57 - 00059392 _____ () C:\Users\FunFree\Downloads\Fraction_Buster_Equations (1).ppt
2014-04-15 18:57 - 2014-04-15 18:57 - 00057344 _____ () C:\Users\FunFree\Downloads\Fraction_Buster_Equations (2).ppt
2014-04-15 16:02 - 2014-04-15 16:02 - 00059392 _____ () C:\Users\FunFree\Downloads\Fraction_Buster_Equations.ppt
2014-04-14 20:29 - 2014-01-14 23:19 - 00621426 __RSH () C:\Users\FunFree\ntuser.pol
2014-04-14 20:29 - 2014-01-14 23:19 - 00000000 ____D () C:\Users\FunFree
2014-04-13 16:26 - 2014-04-13 16:26 - 02481152 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack Tool.exe
2014-04-13 12:48 - 2013-06-03 19:59 - 00000000 ____D () C:\Users\Carter\AppData\Roaming\PC-Gizmos
2014-04-13 11:03 - 2014-04-13 11:03 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack (3).rar
2014-04-13 11:00 - 2014-04-13 11:00 - 00376288 _____ () C:\Users\FunFree\Downloads\MediaPlayerClassic.exe
2014-04-13 10:59 - 2014-04-13 10:59 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack (2).rar
2014-04-13 10:59 - 2014-04-13 10:59 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack (1).rar
2014-04-13 10:58 - 2014-04-13 10:58 - 00375012 _____ () C:\Users\FunFree\Downloads\Clash of Clans Hack.rar
2014-04-13 10:48 - 2014-04-13 10:48 - 00000000 ____D () C:\Users\FunFree\AppData\Roaming\ioloGovernor
2014-04-12 04:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 03:04 - 2012-01-13 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-12 03:03 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 03:01 - 2012-01-13 11:07 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 21:40 - 2013-12-29 15:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-11 21:40 - 2012-01-24 16:31 - 00000000 ____D () C:\ProgramData\Real
2014-04-11 21:40 - 2012-01-14 21:09 - 00000000 ____D () C:\ProgramData\iolo
2014-04-11 21:40 - 2012-01-13 10:41 - 00000000 ____D () C:\ProgramData\Norton
2014-04-11 21:40 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-11 21:40 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-11 21:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-11 18:46 - 2014-04-11 18:46 - 00000000 ____D () C:\Users\Carter\AppData\Roaming\ioloGovernor
2014-04-11 00:17 - 2012-01-13 09:50 - 00000000 ____D () C:\Users\Dean\AppData\Local\VirtualStore
2014-04-11 00:15 - 2014-04-11 00:15 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-04-10 21:47 - 2014-03-22 16:23 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-04-10 20:05 - 2014-04-10 20:05 - 00000512 _____ () C:\Users\FunFree\Downloads\url.htm
2014-04-08 20:22 - 2014-04-08 20:22 - 00000000 ____D () C:\Users\FunFree\AppData\Roaming\Epson
2014-04-08 18:25 - 2013-09-08 16:27 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-07 19:16 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 19:14 - 2012-01-13 16:31 - 00000000 ____D () C:\Users\Dean\AppData\Local\Google
2014-04-07 19:11 - 2013-06-11 09:33 - 00000000 ____D () C:\Users\Carter\AppData\Local\CrashDumps
2014-04-07 19:06 - 2014-04-07 18:52 - 00000000 ____D () C:\Users\Dean\AppData\Local\Windows Live
2014-04-07 19:00 - 2014-04-07 19:00 - 00000020 _____ () C:\Windows\üø'
2014-04-07 19:00 - 2014-04-07 19:00 - 00000000 ____D () C:\Windows\en
2014-04-07 19:00 - 2014-04-07 19:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-07 18:59 - 2014-04-07 18:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-07 18:58 - 2014-04-07 18:58 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-07 18:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-07 18:54 - 2014-04-07 18:54 - 00002175 _____ () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-07 18:54 - 2014-04-07 18:54 - 00002106 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-07 18:54 - 2014-04-07 18:54 - 00002106 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ___RD () C:\Users\Dean\OneDrive
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-07 18:54 - 2014-04-07 18:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-04-07 18:51 - 2014-04-07 18:51 - 01239744 _____ (Microsoft Corporation) C:\Users\Dean\Downloads\wlsetup-web.exe
2014-04-07 18:05 - 2012-01-13 10:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-06 17:15 - 2014-04-06 17:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-04-06 17:15 - 2013-12-29 16:31 - 00002442 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-04-06 17:15 - 2013-10-21 22:52 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-06 17:15 - 2013-10-21 22:51 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-04-06 14:35 - 2014-04-06 14:35 - 00000000 ____D () C:\Users\Carter\AppData\Roaming\RotMG.Production
2014-04-03 09:51 - 2014-04-17 23:52 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-17 23:52 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-06-02 21:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 20:16 - 2014-04-11 19:05 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 20:13 - 2014-04-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 19:13 - 2014-04-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 18:57 - 2014-04-11 19:05 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 14:45 - 2012-02-15 10:49 - 00004416 _____ () C:\Users\Carter\Desktop\TalosGod.esp
2014-03-30 14:43 - 2014-03-30 14:43 - 00003633 _____ () C:\Users\Carter\Downloads\TalosTheGod2-8965-2-0 (1).zip
2014-03-30 14:42 - 2014-03-30 14:42 - 00003633 _____ () C:\Users\Carter\Downloads\TalosTheGod2-8965-2-0.zip
2014-03-30 13:09 - 2014-03-30 13:09 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki (3).htm
2014-03-30 13:08 - 2014-03-30 13:08 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki.htm
2014-03-30 13:08 - 2014-03-30 13:08 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki (2).htm
2014-03-30 13:08 - 2014-03-30 13:08 - 00115274 _____ () C:\Users\Carter\Downloads\How_I_Met_Your_Mother_Wiki (1).htm
2014-03-27 16:19 - 2012-01-13 16:32 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 16:19 - 2012-01-13 16:32 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 15:26 - 2013-12-29 19:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-22 18:05 - 2013-08-29 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 17:10 - 2014-03-22 17:10 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-22 16:46 - 2014-03-22 16:46 - 00009993 _____ () C:\Users\Dean\Documents\Scan Results. March 22 2014.txt
2014-03-22 16:23 - 2014-03-22 16:23 - 00003144 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-03-22 16:23 - 2014-03-22 16:23 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\ioloGovernor
2014-03-22 16:23 - 2012-01-14 21:12 - 00001483 _____ () C:\Users\Dean\Desktop\System Mechanic Professional.lnk
2014-03-22 15:19 - 2013-09-07 14:52 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\SteelSeries
2014-03-22 15:19 - 2013-09-07 14:51 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-03-22 15:19 - 2013-09-07 14:51 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-03-22 15:19 - 2013-09-07 14:49 - 00000000 ____D () C:\Program Files\SteelSeries
2014-03-21 14:43 - 2014-04-07 18:05 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 14:43 - 2014-04-07 18:05 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 14:43 - 2013-08-23 17:14 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 00:46
 
==================== End Of Log ============================
 
4) Here's the Farbar Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Dean at 2014-04-18 00:46:35
Running from C:\Users\Dean\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{5569655A-9653-42CD-A599-5617DF767D2A}) (Version: 12.37.01 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DURANDAL ULTIMATE Gaming Keyboard (HKLM-x32\...\{0A44DD90-F172-4D9E-8ED5-06950691A0E0}_is1) (Version:  - )
DW 1525 Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 8.0 - Dell)
EPSON Artisan 837 Series Printer Uninstall (HKLM\...\EPSON Artisan 837 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA OC Scanner X 3.1.1 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Heavy Weapon (HKLM-x32\...\Heavy Weapon) (Version:  - PopCap Games)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.8.207 - SurfRight B.V.)
Iggle Pop (HKLM-x32\...\Iggle Pop) (Version:  - PopCap Games)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 12.7.0 - iolo technologies, LLC)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS Facebook (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.30.1346.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSI Afterburner 2.2.5 (HKLM-x32\...\Afterburner) (Version: 2.2.5 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.3.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.3.915.1 - Fitipower) Hidden
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roblox for Dean (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rocksmith (HKLM-x32\...\Steam App 205190) (Version:  - Ubisoft - San Francisco)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate)
Seagate Manager Installer (x32 Version: 2.02.0109 - Seagate) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
07-03-2014 04:56:38 Scheduled Checkpoint
13-03-2014 08:00:21 Windows Update
19-03-2014 08:00:11 Windows Update
27-03-2014 19:18:14 Scheduled Checkpoint
07-04-2014 23:52:21 Windows Live Essentials
07-04-2014 23:55:05 Installed DirectX
07-04-2014 23:55:25 Installed DirectX
07-04-2014 23:56:14 Installed DirectX
07-04-2014 23:58:17 WLSetup
09-04-2014 08:00:26 Windows Update
12-04-2014 08:00:37 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-06-03 19:59 - 00000902 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {15B31609-1290-4D75-83B6-FF30815A6216} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1AC1998B-2088-4EC2-AB90-30AEB5C0C714} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2364808300-4264439020-2973025124-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {47143B27-C350-42F3-A392-FBE35163907E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13] (Google Inc.)
Task: {4B25002E-8D61-44C7-87E2-660CD0FE1D72} - \LaunchApp ATTENTION ====> No Task File
Task: {55BD0FB8-7A54-45B5-A724-A9054C8A7220} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {579BD4F6-669A-452F-A50F-BDCE856A389F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {598E950F-4D97-4652-B58B-A5297852F7E8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2364808300-4264439020-2973025124-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5E5CCE59-0412-4325-BF60-A004A9F8314C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7E89A221-BABA-4AA3-9E37-B0FA4C2FDC04} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {98DA8BEC-4565-4DB9-AF9F-67D882969C99} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {9B30164B-542C-4DD0-8D02-1FC10C898A1B} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A9470D4D-E875-42C4-9933-6A746A9F7C86} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {AADEEC66-E243-498B-9AF7-1ADDD4AE7C36} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-03-13] (iolo technologies, LLC)
Task: {AEBEC963-7B86-48DA-94ED-E02A8412AFAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13] (Google Inc.)
Task: {D71624F2-A91A-4780-BFD1-8AC27DC22524} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2364808300-4264439020-2973025124-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {EAB6056B-147B-46A2-8727-3466E7C4DDC9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2364808300-4264439020-2973025124-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {F00BC4E6-E5B1-469C-B13F-966D478D396B} - System32\Tasks\{96D0A44C-785A-40B5-9D02-ABD052324E39} => C:\Program Files (x86)\Steam\Steam.exe [2014-02-25] (Valve Corporation)
Task: {F3F1E5C6-43CE-4938-ADB7-92AFCA4AEA4E} - System32\Tasks\{760A3662-7465-464B-AE35-3E302BD86811} => C:\Program Files (x86)\Steam\Steam.exe [2014-02-25] (Valve Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-13 11:20 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-29 15:31 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-29 15:31 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-29 15:31 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-29 15:31 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-29 15:31 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-01-13 09:59 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-04-08 18:25 - 2014-04-01 20:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-08 18:25 - 2014-04-01 20:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-08 18:25 - 2014-04-01 20:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-08 18:25 - 2014-04-01 20:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-08 18:25 - 2014-04-01 20:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-08 18:25 - 2014-04-01 20:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/17/2014 10:39:01 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/17/2014 10:38:52 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 2.13.4.49 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 25f0
 
Start Time: 01cf590e6d25b70b
 
Termination Time: 17
 
Application Path: C:\Program Files (x86)\Steam\Steam.exe
 
Report Id:
 
Error: (04/16/2014 00:31:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/15/2014 07:54:34 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/15/2014 04:03:08 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16521 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 231c
 
Start Time: 01cf58ee169de8d2
 
Termination Time: 8
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (04/15/2014 00:31:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/14/2014 06:37:25 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/14/2014 05:32:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/13/2014 09:27:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/13/2014 00:55:11 PM) (Source: Application Hang) (User: )
Description: The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14c8
 
Start Time: 01cf5740e5b78493
 
Termination Time: 311
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
 
Report Id:
 
 
System errors:
=============
Error: (04/18/2014 00:44:59 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 
%%1058
 
Error: (04/18/2014 00:43:40 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 
%%1058
 
Error: (04/18/2014 00:43:40 AM) (Source: DCOM) (User: )
Description: 1068UNS{80C25488-192B-4DE2-8150-5B2D2A2F835E}
 
Error: (04/18/2014 00:42:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
FileDisk
 
Error: (04/18/2014 00:37:25 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 
%%1058
 
Error: (04/18/2014 00:35:39 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 
%%1058
 
Error: (04/18/2014 00:35:39 AM) (Source: DCOM) (User: )
Description: 1068UNS{80C25488-192B-4DE2-8150-5B2D2A2F835E}
 
Error: (04/18/2014 00:35:06 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
FileDisk
 
Error: (04/17/2014 11:46:14 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (04/17/2014 11:43:44 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (04/17/2014 10:39:01 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/17/2014 10:38:52 PM) (Source: Application Hang)(User: )
Description: Steam.exe2.13.4.4925f001cf590e6d25b70b17C:\Program Files (x86)\Steam\Steam.exe
 
Error: (04/16/2014 00:31:45 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe
 
Error: (04/15/2014 07:54:34 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/15/2014 04:03:08 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.16521231c01cf58ee169de8d28C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (04/15/2014 00:31:47 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe
 
Error: (04/14/2014 06:37:25 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/14/2014 05:32:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/13/2014 09:27:55 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe
 
Error: (04/13/2014 00:55:11 PM) (Source: Application Hang)(User: )
Description: hl2.exe0.0.0.014c801cf5740e5b78493311C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 8151.08 MB
Available physical RAM: 5762.28 MB
Total Pagefile: 16300.34 MB
Available Pagefile: 13607.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:688.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Rocksmith) (CDROM) (Total:6.38 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A1C33F88)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
That's it...plus you have the first log I gave you (original post) from Spybot S&D.  I'm going to re-run Spybot now (after a restart) and see if it still sees anything.  That's because it's the only program that detected a PUP...MBAM didn't find anything until the scan I just did.  BTW, my version was different looking than the one I just used...I think that's because my version is the free one (updated to most recent stuff, though), where the one you link to is a free-trial of the 'deluxe' edition.
 
Let me know what to do next, or wait until later for me to post what Spybot finds...if anything
 
THANK YOU!


#7 deandome

deandome
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 18 April 2014 - 06:42 AM

Well, Spybot says the Killsoft,v2008 malware is still there (see log below).  I haven't been able to find a lot about that online, but it's 'coded' as bright red, meaning "BAD!", in the scan results.  Of course, I can/do tell Spybot to remove/quarantine it...but it just comes right back. 

 

Search results from Spybot - Search & Destroy
 
4/18/2014 6:41:58 AM
Scan took 00:24:50.
19 items found.
 
 
Killsoft.V2008: [SBI $FF8A89C8] Class ID (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{7E41911F-13AA-11D3-A831-00104B9E30B5}
 
Killsoft.V2008: [SBI $A7366EB4] Type library (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{7E419111-13AA-11D3-A831-00104B9E30B5}
 
Killsoft.V2008: [SBI $A7366EB4] Type library (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{7E419111-13AA-11D3-A831-00104B9E30B5}
 
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
 
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
 
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
 
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
 
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
 
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
 
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id
 
MS DirectInput: [SBI $6533916A] Last mapped application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentMapperApplication\ID
 
MS DirectInput: [SBI $31B11F6A] Last mapped application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentMapperApplication\Name
 
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
 
 
--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---
 
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-12-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-15 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-15 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-10 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-15 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:54 PM

Posted 18 April 2014 - 07:45 AM

# AdwCleaner v3.023 - Report created 18/04/2014 at 00:36:57
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dean - FRED
# Running from : C:\Users\Dean\Downloads\adwcleaner (1).exe
# Option : Scan

If not already done, please run the AdwCleaner one more time and select the Cleaner function.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1008\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1004\User: Group Policy on Chrome detected <======= ATTENTION
BHO: No Name - {95525BD9-6136-4A26-8263-9CEE295D442D} -  No File
Toolbar: HKLM - No Name - {95080B13-AA71-4EE8-B951-7E98221E1ED5} -  No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U6) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
Task: {4B25002E-8D61-44C7-87E2-660CD0FE1D72} - \LaunchApp ATTENTION ====> No Task File

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

====

Lets find out if the Killsoft CLSID are till in the registry,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    {7E41911F-13AA-11D3-A831-00104B9E30B5}
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.

    Please let me know what problem persists with this computer.


#9 deandome

deandome
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 18 April 2014 - 03:33 PM

I think I did the FRST thing right...I saved it to the "main" folder where FRST was stored.  Inside that were 3 other folders, called Hives, Logs and Quarrantine (FXLST was the 4th folder)  I ran "Fix", but it only took like 5 seconds...is that the way it's supposed to go?  It asked me to reboot, it did.  

 

Here's the fxlst log: 

   

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by Dean at 2014-04-18 15:20:38 Run:1
Running from C:\Users\Dean\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1008\User: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1004\User: Group Policy on Chrome detected <======= ATTENTION
BHO: No Name - {95525BD9-6136-4A26-8263-9CEE295D442D} -  No File
Toolbar: HKLM - No Name - {95080B13-AA71-4EE8-B951-7E98221E1ED5} -  No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U6) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
Task: {4B25002E-8D61-44C7-87E2-660CD0FE1D72} - \LaunchApp ATTENTION ====> No Task File
 
end
*****************
 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1008\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2364808300-4264439020-2973025124-1004\User => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D} => Key deleted successfully.
HKCR\CLSID\{95525BD9-6136-4A26-8263-9CEE295D442D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95080B13-AA71-4EE8-B951-7E98221E1ED5} => Value deleted successfully.
HKCR\CLSID\{95080B13-AA71-4EE8-B951-7E98221E1ED5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
EagleX64 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B25002E-8D61-44C7-87E2-660CD0FE1D72} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B25002E-8D61-44C7-87E2-660CD0FE1D72} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp ATTENTION ====> => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Here's the System Look log. 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 15:31 on 18/04/2014 by Dean
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "{7E41911F-13AA-11D3-A831-00104B9E30B5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CopyPathExt]
@="{7E41911F-13AA-11D3-A831-00104B9E30B5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\4SyncMenu.4SyncMenu\CLSID]
@="{7E41911F-13AA-11D3-A831-00104B9E30B5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\4SyncMenu.4SyncMenu1\CLSID]
@="{7E41911F-13AA-11D3-A831-00104B9E30B5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E41911F-13AA-11D3-A831-00104B9E30B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyPathExt]
@="{7E41911F-13AA-11D3-A831-00104B9E30B5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\CopyPathExt]
@="{7E41911F-13AA-11D3-A831-00104B9E30B5}"
 
-= EOF =-

 

What's next?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:54 PM

Posted 19 April 2014 - 07:39 AM

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CopyPathExt]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\4SyncMenu.4SyncMenu\CLSID]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\4SyncMenu.4SyncMenu1\CLSID]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E41911F-13AA-11D3-A831-00104B9E30B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyPathExt]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\CopyPathExt]
@=-



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.

Restart the computer normally to reset the registry.

Let me know what problem persists.

#11 deandome

deandome
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 19 April 2014 - 02:54 PM

Did that,  But in the bold text you wanted me to cut & paste into the reg.file, did you mean to include the line "Windows Registry Editor Version 5.0"?  Because it was bold, I DID include that in the file I saved...let me know if that was a mistake.

 

After restarting, I then ran Spybot AND Malwarebytes.

 

Malwarebytes was clean, but Spybot still shows the Killsoft  Here's the log for the latest Spybot scan:

 

Search results from Spybot - Search & Destroy
 
4/19/2014 2:49:52 PM
Scan took 00:29:39.
21 items found.
 
Killsoft.V2008: [SBI $A7366EB4] Type library (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{7E419111-13AA-11D3-A831-00104B9E30B5}
 
Killsoft.V2008: [SBI $A7366EB4] Type library (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{7E419111-13AA-11D3-A831-00104B9E30B5}
 
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
 
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
 
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
 
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
 
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
 
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
 
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id
 
MS DirectInput: [SBI $6533916A] Last mapped application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentMapperApplication\ID
 
MS DirectInput: [SBI $31B11F6A] Last mapped application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\DirectInput\MostRecentMapperApplication\Name
 
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2364808300-4264439020-2973025124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
 
Cache: [SBI $49804B54] Browser: Cache (11) (Browser: Cache, nothing done)
  
 
History: [SBI $49804B54] Browser: History (5) (Browser: History, nothing done)
  
 
Cookie: [SBI $49804B54] Browser: Cookie (7) (Browser: Cookie, nothing done)
  
 
 
--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---
 
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-12-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-15 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-15 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-10 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-15 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
 
 
What's next?  Thanks for all this, BTW.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:54 PM

Posted 20 April 2014 - 08:21 AM

Remove Spybot and Destroy using the Add/Remove Programs.

Restart the computer normally.

Do not reinstall the program just yet. How is the computer performing?

#13 deandome

deandome
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 24 April 2014 - 12:42 AM

Sorry for the delay, I was away a few days.

 

I removed Spybot & ran a Malwarebytes scan.  It came up clean

 

Are you saying that the Killsoft.v2008 isn't a 'real' virus/malware thing?  Yes, it only came up on Spybot, but I've trusted that for a while, and it's threat-level was pretty darn 'solid red'!  Then again, I couldn't find a lot about it online.

 

I never have seen/sensed any performance problems; I just know my kid doesn't think when surfing & has caught viruses before...so when I saw the spybot results, I figured it was a real thing. 

 

Anything else I should do?  Thanks again for all your help



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:54 PM

Posted 24 April 2014 - 09:04 AM


Lets check further.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:54 PM

Posted 30 April 2014 - 08:21 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users