Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG AntiVirus found a virus called Win64/Patched


  • This topic is locked This topic is locked
8 replies to this topic

#1 MoistxCheese

MoistxCheese

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 16 July 2014 - 10:35 PM

My AVG AntiVirus program discovered a virus called Win64/Patched in "c:\Windows\System32\rpcss.dll". It gives me pup-ups every few minuets, and I have no idea how to remove it. Please help!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Zack at 19:07:25 on 2014-07-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3932.741 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\lxbscoms.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Gateway\Gateway Updater\alu.exe
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\Silverlight.Configuration.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Zack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A15A4D09-1F6B-4AAE-9A86-584EB19136D8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A15A4D09-1F6B-4AAE-9A86-584EB19136D8}\140707C65602E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A15A4D09-1F6B-4AAE-9A86-584EB19136D8}\34163716E6F66716F56427F6E647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A15A4D09-1F6B-4AAE-9A86-584EB19136D8}\975637E6F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A15A4D09-1F6B-4AAE-9A86-584EB19136D8}\A68766F65727 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{A15A4D09-1F6B-4AAE-9A86-584EB19136D8}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-07-17 01:03:57 -------- d-----w- C:\ProgramData\Riot Games
2014-07-13 20:32:06 -------- d-----w- C:\Windows\SysWow64\Logs
2014-07-12 23:31:15 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-07-12 23:30:57 110080 ----a-r- C:\Users\Zack\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-07-12 23:30:57 110080 ----a-r- C:\Users\Zack\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-07-12 23:30:57 110080 ----a-r- C:\Users\Zack\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-07-12 23:30:56 -------- d-----w- C:\sh4ldr
2014-07-12 23:30:56 -------- d-----w- C:\Program Files\Enigma Software Group
2014-07-12 23:29:17 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 23:29:14 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-07-12 23:16:09 -------- d-----w- C:\Users\Zack\AppData\Local\PMB Files
2014-07-12 23:16:01 -------- d-----w- C:\ProgramData\PMB Files
2014-07-12 23:14:55 -------- d-----w- C:\Users\Zack\AppData\Roaming\Riot Games
2014-07-08 02:06:00 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2014-07-07 01:10:41 -------- d-----w- C:\Users\Zack\AppData\Local\Newproject
.
==================== Find3M  ====================
.
2014-07-11 06:12:31 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-11 06:12:00 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-08 23:19:04 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 23:19:04 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-03 22:09:54 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-02-18 01:26:38 4126720 ----a-w- C:\Program Files (x86)\GUT42DA.tmp
.
============= FINISH: 20:19:42.63 ===============
 
Attached File  attach.txt   7.27KB   1 downloads


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 17 July 2014 - 02:42 AM

Hi there,

please run the following scans:


Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


Step 2
  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Edited by aharonov, 17 July 2014 - 02:43 AM.


#3 MoistxCheese

MoistxCheese
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 17 July 2014 - 09:14 PM

Here are the logs form the FRST program

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Zack (administrator) on ZACK-PC on 17-07-2014 17:28:25
Running from C:\Users\Zack\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
( ) C:\Windows\System32\lxbscoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dropbox, Inc.) C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\ALU.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\Silverlight.Configuration.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Google\Update\Install\{62F2966D-19B5-45E5-95A0-C8471AE3ADE6}\36.0.1985.125_35.0.1916.153_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_FD8DD.tmp\setup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [289816 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-03] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-4160678192-2884249096-1518988820-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-10] (Valve Corporation)
HKU\S-1-5-21-4160678192-2884249096-1518988820-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-03] (Google Inc.)
HKU\S-1-5-21-4160678192-2884249096-1518988820-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {88D3A4BC-D19C-42AC-B4FB-20D3310BC4A6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227982
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={0C2CB2CA-B81B-4084-95DF-602F6496BC6E}&mid=4b6e236c911647d3901769c1a5a73b18-80c82f74ec3dbfbdd40b5cecc21f4c4a5d5efb49&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-07 22:29:25&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-07]
FF HKCU\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
FF Extension: Special Savings - C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013-01-31]
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SpecialSavings.com) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel [2014-02-08]
CHR Extension: (Google Docs) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-08]
CHR Extension: (Google Drive) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-08]
CHR Extension: (Google Search) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-08]
CHR Extension: (Skype Click to Call) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-08]
CHR Extension: (Norton Identity Protection) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-12-03]
CHR Extension: (AVG SafeGuard) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-02-08]
CHR Extension: (Google Wallet) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Gmail) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-08]
CHR HKLM-x32\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\Zack\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx [2012-08-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-02-05]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 lxbs_device; C:\Windows\system32\lxbscoms.exe [566704 2007-03-15] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-03] (AVG Secure Search)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-01-18] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-03] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120927.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120927.018\ENG64.SYS [126112 2012-09-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120927.018\EX64.SYS [2084000 2012-09-27] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-17 17:28 - 2014-07-17 17:32 - 00025304 _____ () C:\Users\Zack\Downloads\FRST.txt
2014-07-17 17:27 - 2014-07-17 17:28 - 00000000 ____D () C:\FRST
2014-07-17 17:26 - 2014-07-17 17:26 - 00001441 _____ () C:\Users\Zack\Desktop\FRST64 - Shortcut.lnk
2014-07-17 17:25 - 2014-07-17 17:26 - 02086912 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-07-16 20:20 - 2014-07-16 20:23 - 00015432 _____ () C:\Users\Zack\Desktop\dds.txt
2014-07-16 20:20 - 2014-07-16 20:20 - 00007441 _____ () C:\Users\Zack\Desktop\attach.txt
2014-07-16 19:01 - 2014-07-16 19:01 - 00688992 ____R (Swearware) C:\Users\Zack\Downloads\dds (1).com
2014-07-16 18:58 - 2014-07-16 18:58 - 00688992 _____ (Swearware) C:\Users\Zack\Downloads\dds.com
2014-07-16 18:03 - 2014-07-16 18:03 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-13 13:32 - 2014-07-13 13:32 - 00000852 _____ () C:\Windows\SysWOW64\2014-07-13_13-32-17_League of Legends.log
2014-07-13 13:32 - 2014-07-13 13:32 - 00000520 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-07-12 16:32 - 2014-07-12 16:32 - 00000000 _____ () C:\autoexec.bat
2014-07-12 16:31 - 2014-07-12 16:31 - 00003320 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-12 16:31 - 2014-07-12 16:31 - 00002263 _____ () C:\Users\Zack\Desktop\SpyHunter.lnk
2014-07-12 16:31 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-07-12 16:30 - 2014-07-12 16:31 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\sh4ldr
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 16:29 - 2014-07-12 16:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 16:27 - 2014-07-12 16:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Zack\Downloads\SpyHunter-Installer.exe
2014-07-12 16:16 - 2014-07-16 18:34 - 00000000 ____D () C:\Users\Zack\AppData\Local\PMB Files
2014-07-12 16:16 - 2014-07-13 13:35 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-12 16:14 - 2014-07-12 16:15 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Riot Games
2014-07-10 22:01 - 2014-07-12 15:54 - 00000000 ____D () C:\Users\Zack\Desktop\mbar
2014-07-10 22:00 - 2014-07-10 22:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Zack\Downloads\mbar-1.07.0.1012.exe
2014-07-07 19:07 - 2014-07-07 19:07 - 00001249 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-07 19:07 - 2014-07-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-07 19:06 - 2014-07-08 16:35 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-06 18:17 - 2014-07-06 18:17 - 00000000 ____D () C:\Users\Zack\Documents\VVVVVV
2014-07-06 18:10 - 2014-07-06 18:17 - 00000000 ____D () C:\Users\Zack\AppData\Local\Newproject
2014-07-06 18:07 - 2014-07-06 18:07 - 00000221 _____ () C:\Users\Zack\Desktop\VVVVVV.url
2014-07-06 18:06 - 2014-07-06 18:06 - 00000222 _____ () C:\Users\Zack\Desktop\N.P.P.D.RUSH - The milk of Ultra violet.url
2014-06-17 16:47 - 2014-06-17 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
==================== One Month Modified Files and Folders =======
 
2014-07-17 17:32 - 2014-07-17 17:28 - 00025304 _____ () C:\Users\Zack\Downloads\FRST.txt
2014-07-17 17:30 - 2013-04-06 15:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-17 17:28 - 2014-07-17 17:27 - 00000000 ____D () C:\FRST
2014-07-17 17:26 - 2014-07-17 17:26 - 00001441 _____ () C:\Users\Zack\Desktop\FRST64 - Shortcut.lnk
2014-07-17 17:26 - 2014-07-17 17:25 - 02086912 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-07-17 17:22 - 2012-12-03 19:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 17:22 - 2012-12-03 19:39 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 17:22 - 2012-07-30 21:34 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Skype
2014-07-17 17:22 - 2012-04-12 03:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 20:58 - 2014-04-25 19:07 - 00000066 _____ () C:\Windows\system32\wkzooa.rjr
2014-07-16 20:23 - 2014-07-16 20:20 - 00015432 _____ () C:\Users\Zack\Desktop\dds.txt
2014-07-16 20:20 - 2014-07-16 20:20 - 00007441 _____ () C:\Users\Zack\Desktop\attach.txt
2014-07-16 19:01 - 2014-07-16 19:01 - 00688992 ____R (Swearware) C:\Users\Zack\Downloads\dds (1).com
2014-07-16 18:58 - 2014-07-16 18:58 - 00688992 _____ (Swearware) C:\Users\Zack\Downloads\dds.com
2014-07-16 18:34 - 2014-07-12 16:16 - 00000000 ____D () C:\Users\Zack\AppData\Local\PMB Files
2014-07-16 18:03 - 2014-07-16 18:03 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 17:35 - 2012-08-03 18:22 - 00000000 ____D () C:\Users\Zack\AppData\Local\CrashDumps
2014-07-15 23:33 - 2014-01-25 23:32 - 00000000 ____D () C:\Users\Zack\AppData\Local\Battle.net
2014-07-15 21:14 - 2012-06-12 01:39 - 01049947 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 15:38 - 2012-07-30 21:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 13:35 - 2014-07-12 16:16 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-13 13:32 - 2014-07-13 13:32 - 00000852 _____ () C:\Windows\SysWOW64\2014-07-13_13-32-17_League of Legends.log
2014-07-13 13:32 - 2014-07-13 13:32 - 00000520 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-07-12 16:32 - 2014-07-12 16:32 - 00000000 _____ () C:\autoexec.bat
2014-07-12 16:32 - 2014-07-12 16:29 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 16:31 - 2014-07-12 16:31 - 00003320 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-12 16:31 - 2014-07-12 16:31 - 00002263 _____ () C:\Users\Zack\Desktop\SpyHunter.lnk
2014-07-12 16:31 - 2014-07-12 16:30 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\sh4ldr
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 16:27 - 2014-07-12 16:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Zack\Downloads\SpyHunter-Installer.exe
2014-07-12 16:15 - 2014-07-12 16:14 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Riot Games
2014-07-12 15:54 - 2014-07-10 22:01 - 00000000 ____D () C:\Users\Zack\Desktop\mbar
2014-07-12 15:54 - 2014-06-07 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-10 23:16 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 23:16 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 23:12 - 2014-06-07 14:55 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 23:12 - 2014-06-07 14:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-10 23:10 - 2014-05-19 17:03 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\DropboxMaster
2014-07-10 23:10 - 2013-08-17 20:44 - 00000000 ___RD () C:\Users\Zack\Dropbox
2014-07-10 23:10 - 2013-08-17 20:42 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Dropbox
2014-07-10 23:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 23:07 - 2009-07-13 21:51 - 00073930 _____ () C:\Windows\setupact.log
2014-07-10 23:06 - 2010-11-20 20:47 - 00200124 _____ () C:\Windows\PFRO.log
2014-07-10 22:00 - 2014-07-10 22:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Zack\Downloads\mbar-1.07.0.1012.exe
2014-07-10 20:21 - 2014-01-25 23:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-08 16:35 - 2014-07-07 19:06 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-08 16:19 - 2012-04-12 03:12 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:19 - 2012-04-12 03:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 16:19 - 2012-04-12 03:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 22:00 - 2014-01-25 23:30 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-07 19:23 - 2014-01-25 23:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-07 19:07 - 2014-07-07 19:07 - 00001249 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-07 19:07 - 2014-07-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-07 19:07 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-06 18:17 - 2014-07-06 18:17 - 00000000 ____D () C:\Users\Zack\Documents\VVVVVV
2014-07-06 18:17 - 2014-07-06 18:10 - 00000000 ____D () C:\Users\Zack\AppData\Local\Newproject
2014-07-06 18:07 - 2014-07-06 18:07 - 00000221 _____ () C:\Users\Zack\Desktop\VVVVVV.url
2014-07-06 18:06 - 2014-07-06 18:06 - 00000222 _____ () C:\Users\Zack\Desktop\N.P.P.D.RUSH - The milk of Ultra violet.url
2014-06-29 13:26 - 2014-06-08 19:59 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\.minecraft
2014-06-25 12:41 - 2012-12-03 19:39 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 12:41 - 2012-12-03 19:39 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 16:47 - 2014-06-17 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
Some content of TEMP:
====================
C:\Users\Zack\AppData\Local\Temp\7z920.exe
C:\Users\Zack\AppData\Local\Temp\be87c2bbc9e70c08ef59bc6adb243c00.dll
C:\Users\Zack\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Zack\AppData\Local\Temp\Coupon-Caddy-ppi-US.exe
C:\Users\Zack\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Zack\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Zack\AppData\Local\Temp\drm_dyndata_7400005.dll
C:\Users\Zack\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpox7bsx.dll
C:\Users\Zack\AppData\Local\Temp\FastFreeConverterUpdt_v4.0.exe
C:\Users\Zack\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exe
C:\Users\Zack\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe
C:\Users\Zack\AppData\Local\Temp\helper.exe
C:\Users\Zack\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Zack\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Zack\AppData\Local\Temp\lowproc.exe
C:\Users\Zack\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Zack\AppData\Local\Temp\oi_{5B0C11A9-C7D4-46E2-81A8-B15E6E592931}.exe
C:\Users\Zack\AppData\Local\Temp\oi_{B1BA595D-C7CE-4900-AD41-56659E66AE87}.exe
C:\Users\Zack\AppData\Local\Temp\ose00000.exe
C:\Users\Zack\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Zack\AppData\Local\Temp\Runner.exe
C:\Users\Zack\AppData\Local\Temp\SHSetup.exe
C:\Users\Zack\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Zack\AppData\Local\Temp\sqlite3.exe
C:\Users\Zack\AppData\Local\Temp\Strongvault.exe
C:\Users\Zack\AppData\Local\Temp\stubhelper.dll
C:\Users\Zack\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Zack\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Zack\AppData\Local\Temp\tbapp2.dll
C:\Users\Zack\AppData\Local\Temp\TB_60AD.exe
C:\Users\Zack\AppData\Local\Temp\Tsu0C1A69E9.dll
C:\Users\Zack\AppData\Local\Temp\uninst1.exe
C:\Users\Zack\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Zack\AppData\Local\Temp\wajam_install.exe
C:\Users\Zack\AppData\Local\Temp\_is8601.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0520192 ____A (Microsoft Corporation) 4E613FD79A837CEFCA564D48ECB36D65
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-03-16 14:23
 
==================== End Of Log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Zack at 2014-07-17 17:33:00
Running from C:\Users\Zack\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
 clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
//N.P.P.D.RUSH// - The milk of Ultra violet (HKLM-x32\...\Steam App 270090) (Version:  - Rail Slave Games)
7-zip v9.20 (HKLM-x32\...\7-Zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3955 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.598 - AVG Technologies)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.6.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - )
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
Commandos 2: Men of Courage (HKLM-x32\...\Steam App 6830) (Version:  - Pyro Studios)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version:  - )
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FUEL (HKLM-x32\...\Steam App 12800) (Version:  - Asobo Studio SARL)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3506 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0915.2011 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 3.0.3106 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 3.0.3106 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JC2-MP version 0.0.14 (Build 481) (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.14 (Build 481) - )
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Avalanche)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Knctr (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Gateway)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Control Center 10 (x32 Version: 10.6.13200.0.12 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10022.15.0 - Nero AG) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.1.23266 - Grinding Gear Games)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pepakura Designer 3 (HKLM-x32\...\pepakura_designer3en) (Version:  - TamaSoftware)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - )
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2624.00 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.5.2624.00 - CyberLink Corp.) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - Terry Cavanagh)
Warframe (HKLM-x32\...\{A34FE0C4-591F-41DF-BCB7-B32318E6BE88}) (Version: 1.0.0 - Digital Extremes)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3507 - Gateway Incorporated)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
11-07-2014 06:00:16 Malwarebytes Anti-Rootkit Restore Point
12-07-2014 23:16:26 Installed Microsoft Visual C++ 2005 Redistributable (x64)
12-07-2014 23:17:47 Installed League of Legends
12-07-2014 23:20:22 Installed Microsoft Visual C++ 2005 Redistributable (x64)
12-07-2014 23:22:16 Installed League of Legends
12-07-2014 23:29:37 Installed SpyHunter
16-07-2014 04:47:11 Installed Microsoft Visual C++ 2005 Redistributable (x64)
16-07-2014 04:52:51 Installed League of Legends
16-07-2014 06:37:33 Installed Microsoft Visual C++ 2005 Redistributable (x64)
16-07-2014 06:40:13 Installed League of Legends
16-07-2014 06:41:46 Installed Microsoft Visual C++ 2005 Redistributable (x64)
16-07-2014 06:43:04 Installed League of Legends
16-07-2014 06:49:15 Installed Microsoft Visual C++ 2005 Redistributable (x64)
16-07-2014 07:04:16 Installed Microsoft Visual C++ 2005 Redistributable (x64)
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0EEDCF5E-F3A6-472F-8854-BC511028BF16} - System32\Tasks\{10CF8606-7455-4A5A-9D70-F39A25F6BCCE} => E:\Diablo II\Diablo II.exe
Task: {202BA3DB-5D76-406A-BBB2-D26A39134F98} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {2AC0C605-0130-4AED-BE5B-81CA34772BD7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {3513066D-A34C-44EC-A38E-15FACD44B01A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {3C510978-BCCD-4860-941C-470AC834C380} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {3F4EDE7D-B0DF-48D8-A04A-0311ED31E927} - System32\Tasks\{2A492306-5138-45C0-A117-1CED7F2749D9} => E:\Diablo II\Diablo II.exe
Task: {49A521C3-81E6-4BB0-88EA-735A9C0F82A0} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {51C551B8-0CCE-4F9F-B8FA-60DDE3BC18DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4160678192-2884249096-1518988820-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {64544DC8-B550-466C-BA23-E375BB04F720} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6B43CEF7-08BA-45A3-BC9E-82AC0B73D517} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {7CF1701B-B507-48F5-AF51-2795864AB542} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {7D9CA102-0A96-4025-92E0-84883F933448} - System32\Tasks\4574 => Wscript.exe C:\Users\Zack\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {9C555F24-B0C9-4C6B-93E9-732A354231BD} - System32\Tasks\{1BDF7925-E89A-4D1D-A15C-BACB38C99F76} => E:\Diablo II\Diablo II.exe
Task: {9C866FD5-2EA3-4F4A-B988-45D04591A578} - System32\Tasks\Test TimeTrigger => C:\Users\Zack\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {B8F60603-ADF7-48A8-80FD-CE91ABEC4D64} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: {BB9884C6-1F37-4119-AFFC-1D315153C628} - System32\Tasks\{A022CAAE-ECB0-4DF5-940E-F10F24500B9F} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {BF9F7B43-4BDC-4979-BC5C-CB4F6126FE6E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4160678192-2884249096-1518988820-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D6C2D477-776C-402C-867D-05C609A9DF5E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F53DD930-BB22-4786-906F-925A4288C25F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-03 15:11 - 2014-06-03 15:09 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2012-03-01 21:09 - 2012-02-14 10:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-17 17:24 - 2014-07-16 10:43 - 08848464 _____ () C:\Program Files (x86)\Google\Update\Install\{62F2966D-19B5-45E5-95A0-C8471AE3ADE6}\36.0.1985.125_35.0.1916.153_chrome_updater.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2014-06-03 15:11 - 2014-06-03 15:09 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2014-07-10 23:09 - 2014-07-10 23:09 - 00043008 _____ () c:\users\zack\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpox7bsx.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Zack\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-23 14:29 - 2014-05-30 18:27 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-22 18:42 - 2014-05-30 18:27 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-23 14:29 - 2014-05-30 18:27 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-25 14:21 - 2014-05-30 18:27 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-25 14:23 - 2014-06-26 15:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 14:29 - 2014-07-10 11:21 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-23 14:29 - 2014-04-28 17:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-07-30 21:34 - 2014-07-10 11:21 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-07-30 21:34 - 2014-05-01 16:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-07-30 21:34 - 2013-06-14 16:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-07-30 21:34 - 2013-06-14 16:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-07-30 21:34 - 2013-06-14 16:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-02-17 19:03 - 2014-02-17 19:03 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-04-12 02:47 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-12 01:43 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2010-04-01 01:20 - 2010-04-01 01:20 - 00747520 _____ () c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\Silverlight.ConfigurationUI.dll
2014-06-10 20:32 - 2014-06-05 06:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-10 20:32 - 2014-06-05 06:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-10 20:33 - 2014-06-05 06:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-10 20:33 - 2014-06-05 06:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-10 20:32 - 2014-06-05 06:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2014 09:14:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21123
 
Error: (07/17/2014 09:14:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21123
 
Error: (07/17/2014 09:14:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2014 09:14:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20109
 
Error: (07/17/2014 09:14:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20109
 
Error: (07/17/2014 09:14:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2014 09:14:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19063
 
Error: (07/17/2014 09:14:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19063
 
Error: (07/17/2014 09:14:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/17/2014 09:14:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18049
 
 
System errors:
=============
Error: (07/16/2014 00:19:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (07/16/2014 00:18:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (07/16/2014 00:18:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.
 
Error: (07/13/2014 08:12:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.
 
Error: (07/12/2014 09:57:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
 
Error: (07/10/2014 11:07:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (07/10/2014 11:07:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (07/10/2014 11:04:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
 
Error: (07/10/2014 11:04:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (07/10/2014 11:02:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 89%
Total physical RAM: 3932.36 MB
Available physical RAM: 401.02 MB
Total Pagefile: 7862.9 MB
Available Pagefile: 4200.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:447.66 GB) (Free:131.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1AAEE878)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Search.txt:
 
Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Zack at 2014-07-17 17:37:17
Running from C:\Users\Zack\Downloads
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24][2010-11-20 20:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]
 
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24][2010-11-20 20:24] 0520192 ____A (Microsoft Corporation) 4E613FD79A837CEFCA564D48ECB36D65
 
====== End Of Search ======


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 18 July 2014 - 02:21 AM

Hello,

I'd recommend to uninstall SpyHunter, this software won't do any good.
Please run the following two steps and report back with the log files and a comment on how the computer is running afterwards or what problems still persist.


Step 1

Please download this attached Attached File  fixlist.txt   1.72KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 MoistxCheese

MoistxCheese
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 18 July 2014 - 09:49 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Zack at 2014-07-18 19:38:20 Run:2
Running from C:\Users\Zack\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Task: {7D9CA102-0A96-4025-92E0-84883F933448} - System32\Tasks\4574 => Wscript.exe C:\Users\Zack\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {9C866FD5-2EA3-4F4A-B988-45D04591A578} - System32\Tasks\Test TimeTrigger => C:\Users\Zack\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {D6C2D477-776C-402C-867D-05C609A9DF5E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
CHR Extension: (SpecialSavings.com) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel [2014-02-08]
FF HKCU\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
FF Extension: Special Savings - C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013-01-31]
SearchScopes: HKCU - {88D3A4BC-D19C-42AC-B4FB-20D3310BC4A6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227982
2014-07-16 20:58 - 2014-04-25 19:07 - 00000066 _____ () C:\Windows\system32\wkzooa.rjr
C:\Users\Zack\AppData\Local\Temp\*.exe
C:\Users\Zack\AppData\Local\Temp\*.dll
C:\Windows\Temp\CR_FD8DD.tmp
C:\Users\Zack\AppData\Roaming\SpecialSavings
CHR HKLM-x32\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\Zack\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx [2012-08-19]
Reboot:
*****************
 
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D9CA102-0A96-4025-92E0-84883F933448}'=> Key not found.
C:\Windows\System32\Tasks\4574 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4574'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C866FD5-2EA3-4F4A-B988-45D04591A578}'=> Key not found.
C:\Windows\System32\Tasks\Test TimeTrigger not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6C2D477-776C-402C-867D-05C609A9DF5E}'=> Key not found.
C:\Windows\System32\Tasks\0 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0'=> Key not found.
C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel directory not found.
HKCU\Software\Mozilla\Firefox\Extensions\\specialsavings@vshsolutions.com => Value not found.
C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}'=> Key not found.
'HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88D3A4BC-D19C-42AC-B4FB-20D3310BC4A6}'=> Key not found.
'HKCR\CLSID\{88D3A4BC-D19C-42AC-B4FB-20D3310BC4A6}'=> Key not found.
"C:\Windows\system32\wkzooa.rjr" => File/Directory not found.
"C:\Users\Zack\AppData\Local\Temp\*.exe" => File/Directory not found.
C:\Users\Zack\AppData\Local\Temp\*.dll => Moved successfully.
"C:\Windows\Temp\CR_FD8DD.tmp" => File/Directory not found.
"C:\Users\Zack\AppData\Roaming\SpecialSavings" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel'=> Key not found.
"C:\Users\Zack\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Zack (administrator) on ZACK-PC on 18-07-2014 19:46:14
Running from C:\Users\Zack\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
( ) C:\Windows\System32\lxbscoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [289816 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-03] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-4160678192-2884249096-1518988820-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-15] (Valve Corporation)
HKU\S-1-5-21-4160678192-2884249096-1518988820-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-03] (Google Inc.)
HKU\S-1-5-21-4160678192-2884249096-1518988820-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={0C2CB2CA-B81B-4084-95DF-602F6496BC6E}&mid=4b6e236c911647d3901769c1a5a73b18-80c82f74ec3dbfbdd40b5cecc21f4c4a5d5efb49&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-07 22:29:25&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn [2014-07-18]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-07]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: start.iminent.com
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-08]
CHR Extension: (Google Drive) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-08]
CHR Extension: (Google Search) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-08]
CHR Extension: (Skype Click to Call) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-08]
CHR Extension: (Norton Identity Protection) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-12-03]
CHR Extension: (AVG SafeGuard) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-02-08]
CHR Extension: (Google Wallet) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Gmail) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-02-05]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 lxbs_device; C:\Windows\system32\lxbscoms.exe [566704 2007-03-15] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-03] (AVG Secure Search)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-01-18] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-03] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120927.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120927.018\ENG64.SYS [126112 2012-09-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120927.018\EX64.SYS [2084000 2012-09-27] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-17 17:37 - 2014-07-18 19:36 - 00000245 _____ () C:\Users\Zack\Downloads\Search.txt
2014-07-17 17:33 - 2014-07-17 19:01 - 00034989 _____ () C:\Users\Zack\Downloads\Addition.txt
2014-07-17 17:28 - 2014-07-18 19:46 - 00023760 _____ () C:\Users\Zack\Downloads\FRST.txt
2014-07-17 17:27 - 2014-07-18 19:46 - 00000000 ____D () C:\FRST
2014-07-17 17:26 - 2014-07-17 17:26 - 00001441 _____ () C:\Users\Zack\Desktop\FRST64 - Shortcut.lnk
2014-07-17 17:25 - 2014-07-17 17:26 - 02086912 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-07-16 20:20 - 2014-07-16 20:23 - 00015432 _____ () C:\Users\Zack\Desktop\dds.txt
2014-07-16 20:20 - 2014-07-16 20:20 - 00007441 _____ () C:\Users\Zack\Desktop\attach.txt
2014-07-16 19:01 - 2014-07-16 19:01 - 00688992 ____R (Swearware) C:\Users\Zack\Downloads\dds (1).com
2014-07-16 18:58 - 2014-07-16 18:58 - 00688992 _____ (Swearware) C:\Users\Zack\Downloads\dds.com
2014-07-16 18:03 - 2014-07-16 18:03 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-13 13:32 - 2014-07-13 13:32 - 00000852 _____ () C:\Windows\SysWOW64\2014-07-13_13-32-17_League of Legends.log
2014-07-13 13:32 - 2014-07-13 13:32 - 00000520 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-07-12 16:32 - 2014-07-12 16:32 - 00000000 _____ () C:\autoexec.bat
2014-07-12 16:31 - 2014-07-12 16:31 - 00003320 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-12 16:31 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-07-12 16:30 - 2014-07-12 16:31 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\sh4ldr
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 16:29 - 2014-07-12 16:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 16:16 - 2014-07-16 18:34 - 00000000 ____D () C:\Users\Zack\AppData\Local\PMB Files
2014-07-12 16:16 - 2014-07-13 13:35 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-12 16:14 - 2014-07-12 16:15 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Riot Games
2014-07-10 22:01 - 2014-07-12 15:54 - 00000000 ____D () C:\Users\Zack\Desktop\mbar
2014-07-10 22:00 - 2014-07-10 22:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Zack\Downloads\mbar-1.07.0.1012.exe
2014-07-07 19:07 - 2014-07-07 19:07 - 00001249 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-07 19:07 - 2014-07-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-07 19:06 - 2014-07-08 16:35 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-06 18:17 - 2014-07-06 18:17 - 00000000 ____D () C:\Users\Zack\Documents\VVVVVV
2014-07-06 18:10 - 2014-07-06 18:17 - 00000000 ____D () C:\Users\Zack\AppData\Local\Newproject
2014-07-06 18:07 - 2014-07-06 18:07 - 00000221 _____ () C:\Users\Zack\Desktop\VVVVVV.url
2014-07-06 18:06 - 2014-07-06 18:06 - 00000222 _____ () C:\Users\Zack\Desktop\N.P.P.D.RUSH - The milk of Ultra violet.url
 
==================== One Month Modified Files and Folders =======
 
2014-07-18 19:47 - 2014-07-17 17:28 - 00023760 _____ () C:\Users\Zack\Downloads\FRST.txt
2014-07-18 19:46 - 2014-07-17 17:27 - 00000000 ____D () C:\FRST
2014-07-18 19:46 - 2012-12-03 19:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 19:43 - 2012-07-30 21:34 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Skype
2014-07-18 19:42 - 2014-05-19 17:03 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\DropboxMaster
2014-07-18 19:42 - 2013-08-17 20:44 - 00000000 ___RD () C:\Users\Zack\Dropbox
2014-07-18 19:42 - 2013-08-17 20:42 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Dropbox
2014-07-18 19:41 - 2012-12-03 19:39 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 19:41 - 2012-07-30 21:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-18 19:40 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 19:40 - 2009-07-13 21:51 - 00074042 _____ () C:\Windows\setupact.log
2014-07-18 19:38 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 19:38 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 19:36 - 2014-07-17 17:37 - 00000245 _____ () C:\Users\Zack\Downloads\Search.txt
2014-07-18 19:28 - 2014-06-07 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-18 19:28 - 2010-11-20 20:47 - 00200476 _____ () C:\Windows\PFRO.log
2014-07-18 19:16 - 2012-04-12 03:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 19:12 - 2013-04-06 15:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-17 19:28 - 2014-02-08 19:49 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 19:01 - 2014-07-17 17:33 - 00034989 _____ () C:\Users\Zack\Downloads\Addition.txt
2014-07-17 17:26 - 2014-07-17 17:26 - 00001441 _____ () C:\Users\Zack\Desktop\FRST64 - Shortcut.lnk
2014-07-17 17:26 - 2014-07-17 17:25 - 02086912 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-07-16 20:23 - 2014-07-16 20:20 - 00015432 _____ () C:\Users\Zack\Desktop\dds.txt
2014-07-16 20:20 - 2014-07-16 20:20 - 00007441 _____ () C:\Users\Zack\Desktop\attach.txt
2014-07-16 19:01 - 2014-07-16 19:01 - 00688992 ____R (Swearware) C:\Users\Zack\Downloads\dds (1).com
2014-07-16 18:58 - 2014-07-16 18:58 - 00688992 _____ (Swearware) C:\Users\Zack\Downloads\dds.com
2014-07-16 18:34 - 2014-07-12 16:16 - 00000000 ____D () C:\Users\Zack\AppData\Local\PMB Files
2014-07-16 18:03 - 2014-07-16 18:03 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 17:35 - 2012-08-03 18:22 - 00000000 ____D () C:\Users\Zack\AppData\Local\CrashDumps
2014-07-15 23:33 - 2014-01-25 23:32 - 00000000 ____D () C:\Users\Zack\AppData\Local\Battle.net
2014-07-15 21:14 - 2012-06-12 01:39 - 01049947 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 13:35 - 2014-07-12 16:16 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-13 13:32 - 2014-07-13 13:32 - 00000852 _____ () C:\Windows\SysWOW64\2014-07-13_13-32-17_League of Legends.log
2014-07-13 13:32 - 2014-07-13 13:32 - 00000520 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-07-12 16:32 - 2014-07-12 16:32 - 00000000 _____ () C:\autoexec.bat
2014-07-12 16:32 - 2014-07-12 16:29 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 16:31 - 2014-07-12 16:31 - 00003320 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-12 16:31 - 2014-07-12 16:30 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\sh4ldr
2014-07-12 16:30 - 2014-07-12 16:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 16:15 - 2014-07-12 16:14 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Riot Games
2014-07-12 15:54 - 2014-07-10 22:01 - 00000000 ____D () C:\Users\Zack\Desktop\mbar
2014-07-10 23:12 - 2014-06-07 14:55 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 23:12 - 2014-06-07 14:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:00 - 2014-07-10 22:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Zack\Downloads\mbar-1.07.0.1012.exe
2014-07-10 20:21 - 2014-01-25 23:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-08 16:35 - 2014-07-07 19:06 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-08 16:19 - 2012-04-12 03:12 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:19 - 2012-04-12 03:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 16:19 - 2012-04-12 03:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 22:00 - 2014-01-25 23:30 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-07 19:23 - 2014-01-25 23:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-07 19:07 - 2014-07-07 19:07 - 00001249 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-07 19:07 - 2014-07-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-07 19:07 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-06 18:17 - 2014-07-06 18:17 - 00000000 ____D () C:\Users\Zack\Documents\VVVVVV
2014-07-06 18:17 - 2014-07-06 18:10 - 00000000 ____D () C:\Users\Zack\AppData\Local\Newproject
2014-07-06 18:07 - 2014-07-06 18:07 - 00000221 _____ () C:\Users\Zack\Desktop\VVVVVV.url
2014-07-06 18:06 - 2014-07-06 18:06 - 00000222 _____ () C:\Users\Zack\Desktop\N.P.P.D.RUSH - The milk of Ultra violet.url
2014-06-29 13:26 - 2014-06-08 19:59 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\.minecraft
2014-06-25 12:41 - 2012-12-03 19:39 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 12:41 - 2012-12-03 19:39 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some content of TEMP:
====================
C:\Users\Zack\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzzerv.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-03-16 14:23
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 19 July 2014 - 05:09 AM

The replacement of the infected file worked well. How is your computer running now?
I see that you have two antivirus software installed (AVG and Norton Internet Security). I'd recommend to keep only one of them and uninstall the other one.
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 MoistxCheese

MoistxCheese
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 24 July 2014 - 12:53 AM

My computer is running great! I am no longer getting pop-ups from AVG, and there seems to be no sign of the malware.

 

Here is the log file form the ESET Online Scanner:

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0f6e1921e0d6784f98678eaef9d8c9d0
# engine=19256
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-21 08:31:54
# local_time=2014-07-21 01:31:54 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2013'
# compatibility_mode=1044 16777213 100 87 0 92158298 0 0
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3591 16777213 100 95 43902035 168481299 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 31622387 157518164 0 0
# scanned=501169
# found=28
# cleaned=0
# scan_time=56104
sh=F48266A97BDB7F58C5B54469B2245CACD46577D0 ft=1 fh=c4efab275ed5eda7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\conduitinstaller.exe.xBAD"
sh=DE6D58A2678388A57BEF7BE2E033376681D0E912 ft=1 fh=9fc0761f9b872705 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\Coupon-Caddy-ppi-US.exe.xBAD"
sh=4394D2B4FBC67455D8CC72C6FEF515D2889E2FA4 ft=1 fh=d69e2c1c046f8da7 vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\MyBabylonTB.exe.xBAD"
sh=27D523A8F3C055D3DB4A0E32FD1291ED0BAAE770 ft=1 fh=a8ea1ed124c8a77f vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\Strongvault.exe.xBAD"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\tbapp2.dll.xBAD"
sh=1E5FF78762CA006F87944941C8F58C96DF5E0CC7 ft=1 fh=6127c548da5b6c9e vn="Win32/Wajam.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\wajam_install.exe.xBAD"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=806B6719C53436DE30C6F98EDA2A635E55EDE13A ft=1 fh=c71c00113af50737 vn="a variant of Win32/FileScout.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\File Scout\filescout.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=C3E3C1468ECAEA6A212E08284A81DC6CE64A689F ft=0 fh=0000000000000000 vn="Win32/bProtector.F potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25Q4P4GK\pack[2].7z"
sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D33FZJJC\tbedrs[2].dll"
sh=4368ED4EFE437D5D313A3EB7794D9CC3114FA8C4 ft=1 fh=18e2fb87f85d379c vn="Win32/FileScout.A potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\45A9.tmp"
sh=153BA1650D630F471D01359E61D13CE80E23A4AE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Zack\AppData\Local\Temp\che532D.tmp"
sh=4368ED4EFE437D5D313A3EB7794D9CC3114FA8C4 ft=1 fh=18e2fb87f85d379c vn="Win32/FileScout.A potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\E5D7.tmp"
sh=3AEAFFB61DCD95E75DE93AFD17C83FE262E27AFD ft=1 fh=8840b7ecab0c8827 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Setup.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Latest\IEHelper.dll"
sh=CB7FCE63C32DCFDFF0BD48BE47D1372FBEF705B2 ft=1 fh=a36daa3012c99af9 vn="Win32/Toolbar.Montiera.I potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Latest\MyBabylonTB.exe"
sh=1B2983DD978DB886263B1740E4C7E0CA1CEF88C4 ft=1 fh=29f8994b325a4b60 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Latest\Setup.exe"
sh=DD33DB6808B89D47EE29CCDF1D5B5615B3CB33FE ft=1 fh=a1d2813b6edf299e vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\ct3227982\ieLogic.exe"
sh=4ED6E8313BB5164C001B08FDED409AE8C72530C6 ft=1 fh=8a8b19828fde40b4 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\ct3227982\statisticsStub.exe"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\ibtmpf564504\component_514.decrpt"
sh=FCD42701A1701A73EF2635AFA160307198AEF8A8 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Zack\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0f6e1921e0d6784f98678eaef9d8c9d0
# engine=19280
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-24 05:46:58
# local_time=2014-07-23 10:46:58 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2013'
# compatibility_mode=1044 16777213 100 87 0 92364402 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 157724268 0 0
# scanned=2441701
# found=30
# cleaned=0
# scan_time=33074
sh=F48266A97BDB7F58C5B54469B2245CACD46577D0 ft=1 fh=c4efab275ed5eda7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\conduitinstaller.exe.xBAD"
sh=DE6D58A2678388A57BEF7BE2E033376681D0E912 ft=1 fh=9fc0761f9b872705 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\Coupon-Caddy-ppi-US.exe.xBAD"
sh=4394D2B4FBC67455D8CC72C6FEF515D2889E2FA4 ft=1 fh=d69e2c1c046f8da7 vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\MyBabylonTB.exe.xBAD"
sh=27D523A8F3C055D3DB4A0E32FD1291ED0BAAE770 ft=1 fh=a8ea1ed124c8a77f vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\Strongvault.exe.xBAD"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\tbapp2.dll.xBAD"
sh=1E5FF78762CA006F87944941C8F58C96DF5E0CC7 ft=1 fh=6127c548da5b6c9e vn="Win32/Wajam.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Zack\AppData\Local\Temp\wajam_install.exe.xBAD"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=806B6719C53436DE30C6F98EDA2A635E55EDE13A ft=1 fh=c71c00113af50737 vn="a variant of Win32/FileScout.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\File Scout\filescout.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=C3E3C1468ECAEA6A212E08284A81DC6CE64A689F ft=0 fh=0000000000000000 vn="Win32/bProtector.F potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25Q4P4GK\pack[2].7z"
sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D33FZJJC\tbedrs[2].dll"
sh=4368ED4EFE437D5D313A3EB7794D9CC3114FA8C4 ft=1 fh=18e2fb87f85d379c vn="Win32/FileScout.A potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\45A9.tmp"
sh=153BA1650D630F471D01359E61D13CE80E23A4AE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Zack\AppData\Local\Temp\che532D.tmp"
sh=4368ED4EFE437D5D313A3EB7794D9CC3114FA8C4 ft=1 fh=18e2fb87f85d379c vn="Win32/FileScout.A potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\E5D7.tmp"
sh=3AEAFFB61DCD95E75DE93AFD17C83FE262E27AFD ft=1 fh=8840b7ecab0c8827 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Setup.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Latest\IEHelper.dll"
sh=CB7FCE63C32DCFDFF0BD48BE47D1372FBEF705B2 ft=1 fh=a36daa3012c99af9 vn="Win32/Toolbar.Montiera.I potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Latest\MyBabylonTB.exe"
sh=1B2983DD978DB886263B1740E4C7E0CA1CEF88C4 ft=1 fh=29f8994b325a4b60 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\997DC5F1-BAB0-7891-8EC9-B6706CAF6839\Latest\Setup.exe"
sh=DD33DB6808B89D47EE29CCDF1D5B5615B3CB33FE ft=1 fh=a1d2813b6edf299e vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\ct3227982\ieLogic.exe"
sh=4ED6E8313BB5164C001B08FDED409AE8C72530C6 ft=1 fh=8a8b19828fde40b4 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\ct3227982\statisticsStub.exe"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Zack\AppData\Local\Temp\ibtmpf564504\component_514.decrpt"
sh=FCD42701A1701A73EF2635AFA160307198AEF8A8 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Zack\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab"
sh=F3CCD2E0CE46560E578568CB6D79237EBE3A1E12 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NGD trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fc10777db79bcf199baf42958702535b[1].htm"
sh=F3CCD2E0CE46560E578568CB6D79237EBE3A1E12 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NGD trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fc10777db79bcf199baf42958702535b[1].htm"


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 24 July 2014 - 01:00 AM

Looking good, ESET hasn't found any active malware, just a few dead leftovers of adware.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader X (10.1.0) MUI
Java 7 Update 51




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 03 September 2014 - 06:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users