Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I barely have any programs running and my CPU Usage and Physical Memory are off


  • This topic is locked This topic is locked
15 replies to this topic

#1 TKTheKid

TKTheKid

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 24 April 2014 - 10:54 AM

Hi all,

I've been dealing with this pretty annoying issue with Chrome for a while now.  At least I think it's just Chrome.  Anyway, it runs extremely slowly and outright freezes with barely any windows/tabs open.  I don't care if I have 5 tabs open and one of them is YouTube or Pandora and that I have a couple of extensions.  That's not normal and it should not be running this slowly.  Actually, even when I don't have Chrome open, very often my CPU Usage shows 100%!  Any my Physical Memory is at 70%+!  I have no idea what's going on!  Why is my PC going so crazy with barely anything running?  I don't want to be forced to reformat

FYI, I already ran ADW and JRT.  It helped a little, but it's still happening.

Thank you!

Tony



BC AdBot (Login to Remove)

 


#2 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 24 April 2014 - 02:59 PM

Damn!  The topic title should have been "Barely any programs running and my CPU Usage/Physical Memory are off the charts."  Can a mod fix this please?



#3 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 26 April 2014 - 07:01 PM

Anyone?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 28 April 2014 - 07:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#5 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 28 April 2014 - 09:59 AM

Thanks Nasdaq!

 

Here is what you asked for:

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Tony (administrator) on TONY-PC on 28-04-2014 10:50:57
Running from C:\Users\Tony\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sneaker_RSVPing_122313 - Shortcut.lnk
ShortcutTarget: Sneaker_RSVPing_122313 - Shortcut.lnk -> C:\Users\Tony\Desktop\TonysFolder\Sneaker_RSVPing_122313.xls ()
Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ThingsToDo - Shortcut.lnk
ShortcutTarget: ThingsToDo - Shortcut.lnk -> C:\Users\Tony\Desktop\TonysFolder\ThingsToDo.txt ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.logmein.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1074
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xd0e2ub1.default-1390705023479
FF Homepage: hxxp://google.com/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: keyword.URL Hack! - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xd0e2ub1.default-1390705023479\Extensions\keyword@evilpie.com.xpi [2014-04-26]

Chrome:
=======
CHR DefaultSearchKeyword: im
CHR DefaultSearchProvider: Google - I'm Feeling Lucky!
CHR DefaultSearchURL: http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-30]

==================== Services (Whitelisted) =================

S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-04-17] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-04-17] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-10] (GFI Software)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 10:50 - 2014-04-28 10:50 - 00000000 ____D () C:\Users\Tony\Desktop\FRST
2014-04-28 10:50 - 2014-04-28 10:50 - 00000000 ____D () C:\FRST
2014-04-28 10:45 - 2014-04-28 10:46 - 00003596 _____ () C:\Windows\System32\Tasks\SneakerRSVP
2014-04-25 20:44 - 2014-04-25 20:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-25 20:42 - 2014-04-25 20:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-25 20:41 - 2014-04-25 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-25 20:41 - 2014-04-25 20:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-25 20:41 - 2014-04-25 20:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-25 20:41 - 2014-04-25 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 20:40 - 2014-04-25 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-25 20:36 - 2014-04-25 20:37 - 00921512 _____ (Oracle Corporation) C:\Users\Tony\Downloads\chromeinstall-7u55.exe
2014-04-24 16:55 - 2014-04-28 08:25 - 00000280 _____ () C:\Windows\setupact.log
2014-04-24 16:55 - 2014-04-24 16:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-24 15:47 - 2014-04-24 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-24 12:04 - 2014-04-24 12:04 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Roxio Log Files
2014-04-24 11:05 - 2014-04-24 11:06 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-24 10:49 - 2014-04-24 10:49 - 00037422 _____ () C:\RPSetup.exe.log
2014-04-19 22:41 - 2014-04-19 22:41 - 00025935 _____ () C:\ComboFix.txt
2014-04-19 22:02 - 2014-04-19 22:42 - 00000000 ____D () C:\ComboFix
2014-04-19 22:01 - 2014-04-24 16:23 - 00000000 ____D () C:\Users\Tony\AppData\Local\CrashDumps
2014-04-14 16:24 - 2014-04-24 08:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 16:55 - 2014-04-24 11:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-13 14:45 - 2014-04-13 14:45 - 00000000 __SHD () C:\Users\Tony\AppData\Local\EmieUserList
2014-04-13 14:45 - 2014-04-13 14:45 - 00000000 __SHD () C:\Users\Tony\AppData\Local\EmieSiteList
2014-04-12 20:43 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 20:43 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 20:19 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-12 20:18 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-12 20:18 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-12 20:18 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-12 20:18 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-12 20:18 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-12 20:18 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-12 20:18 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-12 20:18 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-12 20:18 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-12 20:18 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-12 20:18 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-12 20:18 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-12 20:18 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-12 20:18 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-12 20:18 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-12 20:12 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 20:12 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 20:12 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-12 20:12 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 20:12 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-12 20:12 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-12 20:12 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 20:12 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 20:12 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 20:12 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 20:12 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 20:12 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-12 20:12 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-12 20:12 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-12 20:12 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-12 20:12 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-12 20:12 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 20:12 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-12 20:12 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-12 20:12 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-12 20:12 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 20:12 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 20:12 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-12 20:12 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 20:12 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-12 20:12 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-12 20:12 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-12 20:12 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-12 20:12 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-12 20:12 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-12 20:12 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 20:12 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 20:12 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-12 20:12 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-12 20:12 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-12 20:12 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 20:12 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 20:12 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-12 20:12 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 20:12 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 20:12 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-12 20:12 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-12 20:12 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-12 20:12 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 20:11 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 20:11 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 20:11 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-12 20:11 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 20:08 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-04-12 20:08 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-04-12 20:08 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-04-12 20:08 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-04-12 20:08 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-04-12 20:08 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-04-12 20:08 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-04-12 20:02 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-12 20:01 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-12 18:19 - 2014-04-12 18:19 - 00000000 ____D () C:\Program Files\Western Digital
2014-04-09 18:29 - 2014-02-03 22:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:29 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:29 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:29 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:29 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:29 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 18:28 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:28 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:28 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:28 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:28 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:28 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:28 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:28 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:28 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:27 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:27 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-05 19:51 - 2014-04-05 20:39 - 00001813 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314 (3).txt
2014-04-05 11:30 - 2014-04-05 11:30 - 00001718 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314 (2).txt
2014-04-05 11:29 - 2014-04-05 11:29 - 00001718 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314 (1).txt
2014-04-03 22:34 - 2014-04-03 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 21:13 - 2014-04-03 21:18 - 00001551 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314.txt
2014-03-31 21:27 - 2014-04-21 22:39 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\TeamViewer
2014-03-31 16:31 - 2014-03-31 16:31 - 00000004 _____ () C:\Windows\msoffice.ini
2014-03-29 10:25 - 2014-04-04 18:39 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-03-29 10:25 - 2014-03-29 10:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== One Month Modified Files and Folders =======

2014-04-28 10:50 - 2014-04-28 10:50 - 00000000 ____D () C:\Users\Tony\Desktop\FRST
2014-04-28 10:50 - 2014-04-28 10:50 - 00000000 ____D () C:\FRST
2014-04-28 10:50 - 2011-11-24 21:36 - 00000000 ____D () C:\Users\Tony\Desktop\TonysFolder
2014-04-28 10:46 - 2014-04-28 10:45 - 00003596 _____ () C:\Windows\System32\Tasks\SneakerRSVP
2014-04-28 10:07 - 2011-11-02 13:10 - 02035215 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 08:35 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 08:35 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 08:28 - 2014-03-16 19:49 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-04-28 08:26 - 2014-01-30 09:36 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-04-28 08:25 - 2014-04-24 16:55 - 00000280 _____ () C:\Windows\setupact.log
2014-04-28 08:25 - 2011-11-25 11:02 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-28 08:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 20:17 - 2011-11-24 21:29 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-25 20:45 - 2011-11-24 21:27 - 00092928 _____ () C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-25 20:44 - 2014-04-25 20:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-25 20:41 - 2014-04-25 20:42 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-25 20:41 - 2014-04-25 20:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-25 20:41 - 2014-04-25 20:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-25 20:41 - 2014-04-25 20:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-25 20:41 - 2014-04-25 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 20:40 - 2014-04-25 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-25 20:37 - 2014-04-25 20:36 - 00921512 _____ (Oracle Corporation) C:\Users\Tony\Downloads\chromeinstall-7u55.exe
2014-04-24 16:57 - 2012-02-06 21:51 - 00007595 _____ () C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
2014-04-24 16:55 - 2014-04-24 16:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-24 16:47 - 2011-11-02 14:57 - 00000000 ____D () C:\ProgramData\Dell
2014-04-24 16:41 - 2013-06-10 19:33 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
2014-04-24 16:24 - 2014-02-05 02:28 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\DAEMON Tools Lite
2014-04-24 16:23 - 2014-04-19 22:01 - 00000000 ____D () C:\Users\Tony\AppData\Local\CrashDumps
2014-04-24 16:23 - 2012-08-03 21:31 - 00000000 ____D () C:\Windows\Minidump
2014-04-24 15:47 - 2014-04-24 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-24 15:46 - 2014-01-30 12:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-24 13:12 - 2014-01-30 09:36 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-04-24 13:10 - 2009-07-14 00:45 - 00372032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-24 13:06 - 2011-11-25 02:56 - 00000000 ____D () C:\Users\Tony\AppData\Local\Dell
2014-04-24 12:44 - 2011-11-02 14:03 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-24 12:44 - 2011-11-02 14:02 - 00000000 ____D () C:\ProgramData\Roxio
2014-04-24 12:44 - 2011-11-02 14:01 - 00000000 ____D () C:\Program Files (x86)\Roxio
2014-04-24 12:16 - 2011-11-24 21:29 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Roxio
2014-04-24 12:04 - 2014-04-24 12:04 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Roxio Log Files
2014-04-24 11:50 - 2011-11-02 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-24 11:44 - 2013-05-04 20:38 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-24 11:37 - 2013-11-09 17:34 - 00000000 ____D () C:\Program Files (x86)\OutWit
2014-04-24 11:27 - 2011-11-02 13:45 - 00000000 ____D () C:\ProgramData\Skype
2014-04-24 11:25 - 2014-01-12 15:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 11:25 - 2014-01-12 15:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-24 11:06 - 2014-04-24 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-24 11:05 - 2014-04-13 16:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-24 10:50 - 2011-11-02 13:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-24 10:49 - 2014-04-24 10:49 - 00037422 _____ () C:\RPSetup.exe.log
2014-04-24 10:47 - 2011-02-10 10:01 - 00000000 ____D () C:\dell
2014-04-24 08:50 - 2014-04-14 16:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 08:21 - 2011-11-24 21:25 - 00000000 ____D () C:\Users\Tony\AppData\Local\SoftThinks
2014-04-21 22:39 - 2014-03-31 21:27 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\TeamViewer
2014-04-19 22:42 - 2014-04-19 22:02 - 00000000 ____D () C:\ComboFix
2014-04-19 22:42 - 2012-12-30 17:27 - 00000000 ____D () C:\Qoobox
2014-04-19 22:41 - 2014-04-19 22:41 - 00025935 _____ () C:\ComboFix.txt
2014-04-19 22:34 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-19 21:08 - 2011-11-24 21:24 - 00000000 ____D () C:\Users\Tony
2014-04-19 19:54 - 2014-01-23 11:08 - 00000000 ____D () C:\AdwCleaner
2014-04-17 21:10 - 2014-01-20 00:27 - 00001024 _____ () C:\.rnd
2014-04-17 21:10 - 2014-01-20 00:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-04-17 21:09 - 2014-01-20 00:27 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-04-17 21:09 - 2014-01-20 00:27 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-04-17 21:09 - 2014-01-20 00:27 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-04-14 16:23 - 2011-11-24 21:54 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Malwarebytes
2014-04-14 16:22 - 2011-11-24 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 16:21 - 2011-11-24 21:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-13 14:45 - 2014-04-13 14:45 - 00000000 __SHD () C:\Users\Tony\AppData\Local\EmieUserList
2014-04-13 14:45 - 2014-04-13 14:45 - 00000000 __SHD () C:\Users\Tony\AppData\Local\EmieSiteList
2014-04-13 09:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 20:50 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-12 20:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 18:19 - 2014-04-12 18:19 - 00000000 ____D () C:\Program Files\Western Digital
2014-04-12 18:19 - 2013-12-08 18:56 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-04-12 18:19 - 2013-12-08 18:55 - 00000000 ____D () C:\ProgramData\Western Digital
2014-04-12 18:19 - 2013-12-08 18:55 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-04-10 20:55 - 2014-01-20 00:27 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2014-04-10 01:06 - 2011-12-14 02:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 01:04 - 2013-08-15 01:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 01:01 - 2011-11-25 15:06 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 16:42 - 2012-05-04 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 20:39 - 2014-04-05 19:51 - 00001813 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314 (3).txt
2014-04-05 11:30 - 2014-04-05 11:30 - 00001718 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314 (2).txt
2014-04-05 11:29 - 2014-04-05 11:29 - 00001718 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314 (1).txt
2014-04-04 18:39 - 2014-03-29 10:25 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-03 22:34 - 2014-04-03 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 21:18 - 2014-04-03 21:13 - 00001551 _____ () C:\Users\Tony\Downloads\Flight_Club_Selling_040314.txt
2014-04-03 12:07 - 2013-11-17 19:48 - 00003942 _____ () C:\Windows\System32\Tasks\UpdateStatusFile
2014-04-01 11:05 - 2012-08-08 19:25 - 00692616 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-01 11:05 - 2011-11-02 13:13 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 16:53 - 2011-11-25 10:47 - 00000000 ____D () C:\Users\Tony\AppData\Local\AOL
2014-03-31 16:34 - 2011-11-25 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-03-31 16:33 - 2011-11-25 10:46 - 00000000 ____D () C:\ProgramData\AOL
2014-03-31 16:31 - 2014-03-31 16:31 - 00000004 _____ () C:\Windows\msoffice.ini
2014-03-31 16:31 - 2011-11-25 10:49 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\AOL
2014-03-29 18:56 - 2009-07-14 01:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-29 10:25 - 2014-03-29 10:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-24 09:20

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 28 April 2014 - 10:46 AM


For me these are suspicious. If you know what they are and feel safe with them then remove them from the CODE box below.
Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sneaker_RSVPing_122313 - Shortcut.lnk
ShortcutTarget: Sneaker_RSVPing_122313 - Shortcut.lnk -> C:\Users\Tony\Desktop\TonysFolder\Sneaker_RSVPing_122313.xls ()



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sneaker_RSVPing_122313 - Shortcut.lnk
ShortcutTarget: Sneaker_RSVPing_122313 - Shortcut.lnk -> C:\Users\Tony\Desktop\TonysFolder\Sneaker_RSVPing_122313.xls ()
FF Extension: keyword.URL Hack! - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xd0e2ub1.default-1390705023479\Extensions\keyword@evilpie.com.xpi [2014-04-26]
CHR HKLM-x32\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-30]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

#7 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 28 April 2014 - 02:26 PM

Here you go!

 

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by Tony at 2014-04-28 15:02:19 Run:1
Running from C:\Users\Tony\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
FF Extension: keyword.URL Hack! - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xd0e2ub1.default-1390705023479\Extensions\keyword@evilpie.com.xpi [2014-04-26]
CHR HKLM-x32\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-30]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

End
*****************

C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xd0e2ub1.default-1390705023479\Extensions\keyword@evilpie.com.xpi => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\phegaokedjdajgnfphbnpkcfdgjbidko => Key deleted successfully.
"C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx" => File/Directory not found.
catchme => Service deleted successfully.
wanatw => Service deleted successfully.

==== End of Fixlog ====



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 29 April 2014 - 06:49 AM


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#9 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 29 April 2014 - 08:53 AM

Below is the contents of checkup.txt, and actually, can you help me with getting rid of Microsoft Security Essentials?  I feel like I tried to get rid of it before but to no avail.

 

 

 

Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55  
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 29 April 2014 - 10:20 AM


can you help me with getting rid of Microsoft Security Essentials? I feel like I tried to get rid of it before but to no avail.

Why do you want to do that. You will no longer have any virus protecton.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

#11 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 30 April 2014 - 12:57 PM

It was better at first, but wow.  Chrome really is pretty much unusable for me.  It's so strange.  I really don't get it.  Why the hell do the chrome.exe processes use up so many resources?  I'm just looking at simple forums and stuff like that.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 01 May 2014 - 06:17 AM

I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

#13 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 01 May 2014 - 11:27 AM

No luck at all.  It really is funny.  The moment I installed it and it opened, everything crawled to a halt.  I even got the error from Windows warning me about slow overall performance.  Full disclosure though: I installed two extensions.  One makes it so that all new tabs are just plain, completely blank tabs and the other is so that I get Twitter updates from my feed.  They really shouldn't slow things down THAT much at all, especially since Chrome was fine like 2 months ago or so with those same extensions (and others back then too!).  What a weird scenario.  I can't believe that I'm using Firefox again and it's actually really good, hahaha.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 01 May 2014 - 12:18 PM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

===

If the problem persists run this tool.


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 07 May 2014 - 09:30 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users