Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ExtendedUnlimited / gameharbor adware removal help


  • This topic is locked This topic is locked
6 replies to this topic

#1 wingnut808

wingnut808

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 12 September 2014 - 03:37 PM

Good afternoon, my computer seems to have been infected by adware.  Recently, every time I start up my computer, it immediately launches Chrome, directed to gameharbor.org

 

I downloaded DDS as per the instructions,however I get the following message:  "DDS is not meant to run in 'compatibility mode.'  The program shall now exit."

 

I'm running windows 8.  Please advise.  Thank you for your help.  

 

Mod Edit:  Try running FRST in lieu of the DDS tool and post the results - Hamluis.


Edited by hamluis, 12 September 2014 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 wingnut808

wingnut808
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 12 September 2014 - 10:18 PM

Thank you Hamluis.  Please see the results of my Additional and FRST scan:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Ryan at 2014-09-12 22:13:24
Running from C:\Users\Ryan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Agricultural Simulator 2013 Steam Edition (HKLM-x32\...\Steam App 236790) (Version:  - Actalogic)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battlestations: Midway (HKLM-x32\...\Steam App 6870) (Version:  - Eidos Interactive)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version:  - Techland)
Cities in Motion 2 © Paradox Interactive version 1 (HKLM-x32\...\Q2l0aWVzIGluIE1vdGlvbiAyIChjKSBQYXJhZG94IEludGVyYWN0aXZl_is1) (Version: 1 - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Deadlight (HKLM-x32\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Divinity Original Sin (HKLM-x32\...\RGl2aW5pdHlPcmlnaW5hbFNpbg==_is1) (Version: 1 - )
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - 3D Realms)
Euro Truck Simulator (HKLM-x32\...\Steam App 232010) (Version:  - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Heretic: Shadow of the Serpent Riders (HKLM-x32\...\Steam App 2390) (Version:  - Raven Software)
HeXen II (HKLM-x32\...\Steam App 9060) (Version:  - Raven Software)
HeXen: Beyond Heretic (HKLM-x32\...\Steam App 2360) (Version:  - Raven Software)
HeXen: Deathkings of the Dark Citadel (HKLM-x32\...\Steam App 2370) (Version:  - Raven Software)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.2.63.0 (HKLM\...\PROSetDX) (Version: 18.2.63.0 - Intel)
Intel® Network Connections 18.2.63.0 (Version: 18.2.63.0 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3107 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version:  - Aleksey Abramenko)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kentucky Route Zero (HKLM-x32\...\Steam App 231200) (Version:  - Cardboard Computer)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.5.0.19 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Plex (HKCU\...\Plex) (Version: 0.9.504 - Plex, Inc)
Plex Media Server (HKLM-x32\...\{0e687b6b-3a8e-46a6-b594-a188cfc141f0}) (Version: 0.9.905 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.905 - Plex, Inc.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Puzzle Agent 2 (HKLM-x32\...\Steam App 94590) (Version:  - Telltale Games)
Quake III Arena (HKLM-x32\...\Steam App 2200) (Version:  - id Software)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Red Faction II (HKLM-x32\...\Steam App 20550) (Version:  - Volition, Inc.)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version:  - Gray Matter Studios)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Shadow Warrior Classic Redux (HKLM-x32\...\Steam App 225160) (Version:  - 3D Realms)
Sins of a Solar Empire: Trinity (HKLM-x32\...\Steam App 201290) (Version:  - Ironclad Games)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - )
Stealth Bastard Deluxe (HKLM-x32\...\Steam App 209190) (Version:  - Curve Studios)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version:  - id Software)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WATCH_DOGS Hotfix (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Wildlife Park 3 (HKLM-x32\...\Steam App 287200) (Version:  - b-Alive)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
27-08-2014 21:41:56 Windows Update
05-09-2014 14:09:27 Scheduled Checkpoint
12-09-2014 04:36:15 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04F5C464-5ABF-40B9-93F3-48FEE6A72429} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D7C4229-09BA-49DC-96C7-A631CFD3A830} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2684706A-F26F-453F-8E66-E153FAE6E687} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75490108-9AB0-4260-AB6C-A57101B265D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7950035A-95E6-41EC-ADDC-51D0EEB9CB2A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {7A834171-6579-4591-8126-C8CED33BC5B5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {7B651120-80DD-432F-BC0E-498981607F26} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {7BD8240F-D41C-4551-AB73-F3C079C5F3B7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7E37792D-3CEA-42A1-9E62-215D163CFABF} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {871C5654-3361-4206-9F11-0EA3F81E1EB1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8B185E40-40ED-4657-A917-DC8780E836BD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {94EE6035-8733-4DB0-8DDA-3CD843F7BD57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {99D150D0-BF20-4B40-B7E4-21B471EED700} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9CA32E73-D2B2-4322-AD70-30E9BA68C7E2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B4711F3D-20B7-4CCE-8175-48D97256B02B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F97557BE-C4B4-4185-ABDD-C62A91AB38EF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-02 15:10 - 2013-12-19 13:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-14 14:42 - 2013-03-14 14:42 - 00182248 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-03-14 14:42 - 2013-03-14 14:42 - 00059880 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-06-23 21:31 - 2014-06-23 21:31 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-06-23 21:32 - 2014-07-28 20:16 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-07-15 16:17 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2014-02-24 17:13 - 2014-02-24 17:13 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2014-02-24 17:13 - 2014-02-24 17:13 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2014-09-10 16:17 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-10 16:17 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-10 16:17 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-10 16:17 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-10 16:17 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-02-24 17:13 - 2014-02-24 17:13 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00032392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-02-24 17:12 - 2014-02-24 17:12 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-02-24 17:12 - 2014-02-24 17:12 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-02-24 17:13 - 2014-02-24 17:13 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-02-24 17:13 - 2014-02-24 17:13 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-09-10 16:17 - 2014-09-03 22:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Ryan\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2014 04:58:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: deadrising3.exe, version: 1.0.0.0, time stamp: 0x53fe8cba
Faulting module name: deadrising3.exe, version: 1.0.0.0, time stamp: 0x53fe8cba
Exception code: 0xc0000005
Fault offset: 0x0000000000866510
Faulting process id: 0x1070
Faulting application start time: 0xdeadrising3.exe0
Faulting application path: deadrising3.exe1
Faulting module path: deadrising3.exe2
Report Id: deadrising3.exe3
Faulting package full name: deadrising3.exe4
Faulting package-relative application ID: deadrising3.exe5
 
Error: (09/11/2014 11:36:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (09/12/2014 02:45:55 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0xff00 for Disk 1 (PDO name: \Device\0000002a) failed due to a hardware error.
 
Error: (09/11/2014 11:54:58 PM) (Source: Ntfs) (EventID: 138) (User: )
Description: The transaction resource manager at C:\ encountered a fatal error and was shut down.  The data contains the error code.
 
 
Microsoft Office Sessions:
=========================
Error: (09/12/2014 04:58:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: deadrising3.exe1.0.0.053fe8cbadeadrising3.exe1.0.0.053fe8cbac00000050000000000866510107001cfcec98e20e029C:\Program Files (x86)\Dead Rising 3\deadrising3.exeC:\Program Files (x86)\Dead Rising 3\deadrising3.exef51c91c8-3ac7-11e4-beaa-bc5ff4b93c13
 
Error: (09/11/2014 11:36:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 30%
Total physical RAM: 8123.58 MB
Available physical RAM: 5659.21 MB
Total Pagefile: 9403.58 MB
Available Pagefile: 6279.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (HTPC) (Fixed) (Total:2048 GB) (Free:1378.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:746.51 GB) (Free:402.95 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:66.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2048 GB) (Disk ID: FB98572D)
Partition 1: (Active) - (Size=2048 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 746.5 GB) (Disk ID: 50524AF1)
Partition 1: (Not Active) - (Size=746.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 6A722E62)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by wingnut808, 12 September 2014 - 10:33 PM.


#3 wingnut808

wingnut808
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 12 September 2014 - 10:25 PM

FRST Log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Ryan (administrator) on HTPC on 12-09-2014 22:12:22
Running from C:\Users\Ryan\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-18463812-1830421152-1994774463-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4376200 2014-02-24] (Plex, Inc.)
HKU\S-1-5-21-18463812-1830421152-1994774463-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC64FCA80AD81CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.2.1\IPSFF [2013-10-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (AdBlock) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-16]
CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2014-05-16]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-15]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe [262968 2014-07-31] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-06-23] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2014-07-28] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.2.1\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.2.1\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.2.1\Definitions\VirusDefs\20140912.009\ENG64.SYS [129752 2014-08-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.2.1\Definitions\VirusDefs\20140912.009\EX64.SYS [2137304 2014-08-23] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1505000.013\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-10-22] (Splashtop Inc.)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1505000.013\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1505000.013\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-07-15] (Acronis)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-09-12] ()
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 22:12 - 2014-09-12 22:13 - 00017396 _____ () C:\Users\Ryan\Downloads\FRST.txt
2014-09-12 22:12 - 2014-09-12 22:12 - 00000000 ____D () C:\FRST
2014-09-12 22:11 - 2014-09-12 22:11 - 02105856 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2014-09-12 17:05 - 2014-09-12 17:05 - 00014931 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e12.chili.d.to.the.bone.ws.dsr.x264.ny2.mp4.torrent
2014-09-12 17:05 - 2014-09-12 17:05 - 00011460 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e11.when.in.rome.cook.on.a.scooter.pdtv.x264.jive.torrent
2014-09-12 17:04 - 2014-09-12 17:04 - 00015287 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e10.the.eggs.orcist.ws.dsr.x264.ny2.mp4.torrent
2014-09-12 14:47 - 2014-09-12 14:47 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-09-11 23:40 - 2014-08-15 21:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 23:40 - 2014-08-15 21:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 23:40 - 2014-08-15 21:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 23:40 - 2014-08-15 21:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 23:40 - 2014-08-15 20:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 23:40 - 2014-08-15 20:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 23:40 - 2014-08-15 20:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 23:40 - 2014-08-15 20:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 23:40 - 2014-08-15 20:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 23:40 - 2014-08-15 20:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:40 - 2014-08-15 20:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 23:40 - 2014-08-15 20:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 23:40 - 2014-08-15 20:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 23:40 - 2014-08-15 20:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 23:40 - 2014-08-15 20:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 23:40 - 2014-08-15 20:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 23:40 - 2014-08-15 20:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 23:40 - 2014-08-15 20:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 23:40 - 2014-08-15 20:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 23:40 - 2014-08-15 20:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 23:40 - 2014-08-15 20:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 23:40 - 2014-08-15 19:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 23:40 - 2014-08-15 19:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 23:40 - 2014-08-15 19:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 23:40 - 2014-08-15 19:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 23:40 - 2014-08-15 19:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 23:40 - 2014-08-15 19:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 23:40 - 2014-08-15 19:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 23:40 - 2014-08-15 19:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 23:40 - 2014-08-15 19:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 23:40 - 2014-08-15 19:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 23:40 - 2014-08-15 19:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 23:40 - 2014-08-15 19:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 23:40 - 2014-08-15 19:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 23:40 - 2014-08-15 19:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 22:40 - 2014-09-04 21:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 22:40 - 2014-09-04 21:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 22:40 - 2014-09-04 19:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 22:39 - 2014-08-01 19:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 22:38 - 2014-07-23 22:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 22:38 - 2014-07-23 22:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-11 21:50 - 2014-09-11 21:50 - 00009485 _____ () C:\Users\Ryan\Downloads\[kickass.to]joe.2013.720p.brrip.x264.yify.torrent
2014-09-11 19:07 - 2014-09-11 19:07 - 01016261 _____ (Thisisu) C:\Users\Ryan\Downloads\JRT (1).exe
2014-09-11 18:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-11 18:57 - 2014-09-11 19:00 - 00000000 ____D () C:\AdwCleaner
2014-09-11 18:56 - 2014-09-11 18:56 - 01370467 _____ () C:\Users\Ryan\Downloads\AdwCleaner.exe
2014-09-11 16:02 - 2014-09-11 16:02 - 06958304 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\Silverlight.exe
2014-09-05 09:50 - 2014-09-05 09:50 - 00001955 _____ () C:\Users\Public\Desktop\Dead Rising 3.lnk
2014-09-05 09:50 - 2014-09-05 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Rising 3
2014-09-05 09:16 - 2014-09-05 09:50 - 00000000 ____D () C:\Program Files (x86)\Dead Rising 3
2014-09-04 22:59 - 2014-09-04 22:59 - 00073461 _____ () C:\Users\Ryan\Downloads\[kickass.to]dead.rising.3.apocalypse.edition.2014.pc.repack.by.r.g.steamgames.torrent
2014-09-04 22:44 - 2014-09-04 22:44 - 00169603 _____ () C:\Users\Ryan\Downloads\[kickass.to]dead.rising.3.codex.torrent
2014-09-03 21:19 - 2014-09-03 21:19 - 00009533 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.double.2013.dvdrip.xvid.evo.torrent
2014-09-02 16:53 - 2014-09-02 16:53 - 00027412 _____ () C:\Users\Ryan\Downloads\[kickass.to]masterchef.us.s05e15.hdtv.x264.lol.ettv.torrent
2014-09-01 21:45 - 2014-09-01 21:45 - 00015119 _____ () C:\Users\Ryan\Downloads\[kickass.to]premium.rush.2012.1080p.brrip.x264.yify.torrent
2014-08-27 14:12 - 2014-08-22 19:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 14:12 - 2014-08-06 21:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-27 14:12 - 2014-08-01 22:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-25 19:55 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-25 17:56 - 2014-08-25 17:56 - 00011473 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e08.ho.ley.pot.pdtv.x264.jive.mp4.torrent
2014-08-25 17:55 - 2014-08-25 17:55 - 00014469 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e09.superhero.sabotage.ws.dsr.x264.ny2.mp4.torrent
2014-08-25 17:55 - 2014-08-25 17:55 - 00014383 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e06.pulverized.peppers.ws.dsr.x264.ny2.torrent
2014-08-25 17:55 - 2014-08-25 17:55 - 00011517 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e07.two.chefs.one.toga.pdtv.x264.jive.mp4.torrent
2014-08-24 14:09 - 2014-09-02 15:06 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-24 14:09 - 2014-09-02 15:06 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-23 21:32 - 2014-08-23 21:32 - 00015298 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.worlds.end.2013.dvdrip.xvid.maxspeed.torrent
2014-08-23 21:30 - 2014-08-23 21:30 - 00021286 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.exorcist.1973.1080p.brrip.x264.yify.torrent
2014-08-23 21:29 - 2014-08-23 21:30 - 00015783 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.grudge.2.2006.720p.brrip.x264.yify.torrent
2014-08-23 21:29 - 2014-08-23 21:29 - 00014886 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.grudge.2004.720p.brrip.x264.yify.torrent
2014-08-23 21:17 - 2014-08-23 21:17 - 00009337 _____ () C:\Users\Ryan\Downloads\[kickass.to]godzilla.2014.720p.brrip.x264.yify.torrent
2014-08-23 20:38 - 2014-06-19 20:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-23 20:38 - 2014-06-19 18:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-23 20:37 - 2014-06-12 20:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-23 20:37 - 2014-06-12 20:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-23 20:37 - 2014-06-12 19:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-23 20:37 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-23 20:37 - 2014-06-06 06:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-23 20:37 - 2014-05-31 01:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-23 20:36 - 2014-07-15 13:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-23 20:36 - 2014-07-15 03:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-23 20:36 - 2014-07-15 03:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-23 20:36 - 2014-07-15 03:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-23 20:36 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-23 20:36 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-23 20:36 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-23 20:36 - 2014-05-13 02:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-23 20:36 - 2014-05-13 00:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-23 20:36 - 2014-05-12 23:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-23 20:36 - 2014-05-12 23:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-23 20:36 - 2014-05-12 22:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-23 20:36 - 2014-05-12 22:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-23 20:36 - 2014-05-03 06:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-23 20:36 - 2014-05-03 04:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-23 20:36 - 2014-05-03 00:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-23 20:36 - 2014-05-03 00:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-23 20:36 - 2014-05-03 00:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-23 20:36 - 2014-05-03 00:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-23 20:36 - 2014-05-02 23:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-23 20:36 - 2014-05-02 23:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-23 20:36 - 2014-05-02 23:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-23 20:36 - 2014-05-02 18:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-23 20:36 - 2014-05-01 00:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-23 20:36 - 2014-04-30 01:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-23 20:36 - 2014-04-30 01:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-23 20:36 - 2014-04-30 01:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-23 20:36 - 2014-04-30 01:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-23 20:36 - 2014-04-30 00:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-23 20:36 - 2014-04-29 23:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-23 20:36 - 2014-04-29 23:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-23 20:36 - 2014-04-29 23:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-23 20:36 - 2014-04-29 23:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-23 20:36 - 2014-04-29 23:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-23 20:36 - 2014-04-29 23:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-23 20:36 - 2014-04-29 22:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-23 20:36 - 2014-04-29 22:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-23 20:36 - 2014-04-29 22:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-23 20:36 - 2014-04-29 22:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-23 20:36 - 2014-04-29 22:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-23 20:36 - 2014-04-29 22:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-23 20:36 - 2014-04-28 17:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-23 20:36 - 2014-04-26 17:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-23 20:36 - 2014-04-26 15:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-23 20:36 - 2014-04-26 13:41 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2014-08-23 20:36 - 2014-04-26 13:22 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2014-08-23 20:36 - 2014-04-26 13:04 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2014-08-23 20:36 - 2014-04-26 12:36 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2014-08-23 20:36 - 2014-04-26 11:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-23 20:36 - 2014-04-14 04:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-23 20:36 - 2014-04-14 03:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-23 20:36 - 2014-04-14 00:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-23 20:36 - 2014-04-09 01:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-23 20:36 - 2014-04-09 00:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-23 20:35 - 2014-08-01 22:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-23 20:35 - 2014-07-11 23:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-23 20:35 - 2014-06-05 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-23 20:35 - 2014-06-05 08:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-23 20:35 - 2014-06-04 04:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-23 20:35 - 2014-06-04 00:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-23 20:35 - 2014-06-04 00:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-23 20:35 - 2014-06-03 23:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-23 20:35 - 2014-06-03 23:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-23 20:35 - 2014-06-03 21:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-23 20:35 - 2014-06-03 21:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-23 20:35 - 2014-06-01 21:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-23 20:35 - 2014-05-31 05:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-23 20:35 - 2014-05-31 05:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-23 20:35 - 2014-05-31 05:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-23 20:35 - 2014-05-31 05:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-23 20:35 - 2014-05-31 05:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-23 20:35 - 2014-05-31 01:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-23 20:35 - 2014-05-31 01:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-23 20:35 - 2014-05-31 01:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-23 20:35 - 2014-05-30 23:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-23 20:35 - 2014-05-30 23:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-23 20:35 - 2014-05-30 23:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-23 20:35 - 2014-05-29 01:21 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2014-08-23 20:35 - 2014-05-27 10:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-23 20:35 - 2014-05-27 04:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-23 20:35 - 2014-05-27 04:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-23 20:35 - 2014-05-16 23:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-23 20:35 - 2014-05-16 23:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-23 20:35 - 2014-04-29 23:30 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-08-23 20:35 - 2014-04-29 22:52 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2014-08-23 19:18 - 2014-08-23 19:18 - 00014975 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.purge.anarchy.2014.webrip.readnfo.studio.audio.xvid.ac3.acab.torrent
2014-08-23 19:06 - 2014-08-23 19:06 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-08-23 19:06 - 2014-08-23 19:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-08-23 19:01 - 2014-08-23 19:01 - 00017446 _____ () C:\Users\Ryan\Downloads\[kickass.to]oculus.2013.1080p.brrip.x264.yify.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 22:13 - 2014-09-12 22:12 - 00017396 _____ () C:\Users\Ryan\Downloads\FRST.txt
2014-09-12 22:12 - 2014-09-12 22:12 - 00000000 ____D () C:\FRST
2014-09-12 22:11 - 2014-09-12 22:11 - 02105856 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2014-09-12 22:11 - 2013-10-03 22:28 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\BitTorrent
2014-09-12 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-12 21:16 - 2014-02-02 15:09 - 01454095 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-12 21:16 - 2013-07-15 16:27 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 17:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-12 17:30 - 2013-07-16 16:55 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Plex
2014-09-12 17:10 - 2013-07-15 17:54 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-18463812-1830421152-1994774463-1001
2014-09-12 17:05 - 2014-09-12 17:05 - 00014931 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e12.chili.d.to.the.bone.ws.dsr.x264.ny2.mp4.torrent
2014-09-12 17:05 - 2014-09-12 17:05 - 00011460 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e11.when.in.rome.cook.on.a.scooter.pdtv.x264.jive.torrent
2014-09-12 17:04 - 2014-09-12 17:04 - 00015287 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e10.the.eggs.orcist.ws.dsr.x264.ny2.mp4.torrent
2014-09-12 16:59 - 2013-07-15 22:39 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-09-12 15:39 - 2013-06-26 13:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-12 15:16 - 2013-07-15 16:27 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-12 15:16 - 2013-07-15 16:27 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 14:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-12 14:53 - 2014-02-02 15:54 - 00000000 ___DO () C:\Users\Ryan\SkyDrive
2014-09-12 14:52 - 2014-06-02 17:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-12 14:47 - 2014-09-12 14:47 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-09-12 14:47 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-12 14:47 - 2013-07-15 16:30 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-09-12 14:46 - 2014-02-02 15:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-12 14:46 - 2013-11-14 02:20 - 00020056 _____ () C:\WINDOWS\PFRO.log
2014-09-12 00:02 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-12 00:01 - 2014-07-08 23:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-11 23:41 - 2014-06-11 18:28 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 23:41 - 2014-06-11 18:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 23:41 - 2014-06-11 18:19 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 23:41 - 2014-06-11 18:19 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 23:41 - 2014-06-11 18:19 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 23:41 - 2014-06-11 18:19 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 23:41 - 2014-05-03 20:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 23:41 - 2014-05-03 20:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 23:40 - 2013-08-16 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 23:37 - 2013-07-16 18:38 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 22:36 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-11 21:50 - 2014-09-11 21:50 - 00009485 _____ () C:\Users\Ryan\Downloads\[kickass.to]joe.2013.720p.brrip.x264.yify.torrent
2014-09-11 19:07 - 2014-09-11 19:07 - 01016261 _____ (Thisisu) C:\Users\Ryan\Downloads\JRT (1).exe
2014-09-11 19:00 - 2014-09-11 18:57 - 00000000 ____D () C:\AdwCleaner
2014-09-11 18:56 - 2014-09-11 18:56 - 01370467 _____ () C:\Users\Ryan\Downloads\AdwCleaner.exe
2014-09-11 16:02 - 2014-09-11 16:02 - 06958304 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\Silverlight.exe
2014-09-11 11:17 - 2014-07-02 17:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 11:17 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-07 14:02 - 2013-11-14 02:29 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-05 22:03 - 2013-08-22 09:46 - 00340817 _____ () C:\WINDOWS\setupact.log
2014-09-05 15:46 - 2014-02-02 15:18 - 00000000 ____D () C:\Users\Ryan
2014-09-05 12:09 - 2013-06-27 23:00 - 00000000 ____D () C:\Users\Ryan\Documents\My Games
2014-09-05 09:50 - 2014-09-05 09:50 - 00001955 _____ () C:\Users\Public\Desktop\Dead Rising 3.lnk
2014-09-05 09:50 - 2014-09-05 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Rising 3
2014-09-05 09:50 - 2014-09-05 09:16 - 00000000 ____D () C:\Program Files (x86)\Dead Rising 3
2014-09-05 08:54 - 2014-06-29 19:37 - 00000000 ____D () C:\Users\Ryan\Desktop\Games
2014-09-05 08:53 - 2013-08-11 10:54 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\vlc
2014-09-04 22:59 - 2014-09-04 22:59 - 00073461 _____ () C:\Users\Ryan\Downloads\[kickass.to]dead.rising.3.apocalypse.edition.2014.pc.repack.by.r.g.steamgames.torrent
2014-09-04 22:44 - 2014-09-04 22:44 - 00169603 _____ () C:\Users\Ryan\Downloads\[kickass.to]dead.rising.3.codex.torrent
2014-09-04 21:36 - 2014-09-11 22:40 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-04 21:31 - 2014-09-11 22:40 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-04 19:48 - 2014-09-11 22:40 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-03 21:19 - 2014-09-03 21:19 - 00009533 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.double.2013.dvdrip.xvid.evo.torrent
2014-09-02 16:53 - 2014-09-02 16:53 - 00027412 _____ () C:\Users\Ryan\Downloads\[kickass.to]masterchef.us.s05e15.hdtv.x264.lol.ettv.torrent
2014-09-02 15:06 - 2014-08-24 14:09 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 15:06 - 2014-08-24 14:09 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 21:45 - 2014-09-01 21:45 - 00015119 _____ () C:\Users\Ryan\Downloads\[kickass.to]premium.rush.2012.1080p.brrip.x264.yify.torrent
2014-08-29 14:54 - 2013-08-22 09:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-26 16:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-26 16:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-25 17:56 - 2014-08-25 17:56 - 00011473 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e08.ho.ley.pot.pdtv.x264.jive.mp4.torrent
2014-08-25 17:55 - 2014-08-25 17:55 - 00014469 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e09.superhero.sabotage.ws.dsr.x264.ny2.mp4.torrent
2014-08-25 17:55 - 2014-08-25 17:55 - 00014383 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e06.pulverized.peppers.ws.dsr.x264.ny2.torrent
2014-08-25 17:55 - 2014-08-25 17:55 - 00011517 _____ () C:\Users\Ryan\Downloads\[kickass.to]cutthroat.kitchen.s04e07.two.chefs.one.toga.pdtv.x264.jive.mp4.torrent
2014-08-25 16:41 - 2013-06-26 03:18 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Packages
2014-08-24 14:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-24 14:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-24 14:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-23 21:32 - 2014-08-23 21:32 - 00015298 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.worlds.end.2013.dvdrip.xvid.maxspeed.torrent
2014-08-23 21:30 - 2014-08-23 21:30 - 00021286 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.exorcist.1973.1080p.brrip.x264.yify.torrent
2014-08-23 21:30 - 2014-08-23 21:29 - 00015783 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.grudge.2.2006.720p.brrip.x264.yify.torrent
2014-08-23 21:29 - 2014-08-23 21:29 - 00014886 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.grudge.2004.720p.brrip.x264.yify.torrent
2014-08-23 21:17 - 2014-08-23 21:17 - 00009337 _____ () C:\Users\Ryan\Downloads\[kickass.to]godzilla.2014.720p.brrip.x264.yify.torrent
2014-08-23 20:34 - 2014-04-29 11:46 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-23 20:30 - 2014-06-11 18:27 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-23 19:18 - 2014-08-23 19:18 - 00014975 _____ () C:\Users\Ryan\Downloads\[kickass.to]the.purge.anarchy.2014.webrip.readnfo.studio.audio.xvid.ac3.acab.torrent
2014-08-23 19:13 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-23 19:06 - 2014-08-23 19:06 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-08-23 19:06 - 2014-08-23 19:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-08-23 19:06 - 2014-07-26 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 19:01 - 2014-08-23 19:01 - 00017446 _____ () C:\Users\Ryan\Downloads\[kickass.to]oculus.2013.1080p.brrip.x264.yify.torrent
2014-08-22 19:42 - 2014-08-27 14:12 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-15 21:40 - 2014-09-11 23:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-15 21:04 - 2014-09-11 23:40 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-15 21:00 - 2014-09-11 23:40 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-15 21:00 - 2014-09-11 23:40 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-15 20:56 - 2014-09-11 23:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-15 20:54 - 2014-09-11 23:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-15 20:45 - 2014-09-11 23:40 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-15 20:43 - 2014-09-11 23:40 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-15 20:32 - 2014-09-11 23:40 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-15 20:25 - 2014-09-11 23:40 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-15 20:22 - 2014-09-11 23:40 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-15 20:20 - 2014-09-11 23:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-15 20:19 - 2014-09-11 23:40 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-15 20:18 - 2014-09-11 23:40 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-15 20:18 - 2014-09-11 23:40 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-15 20:11 - 2014-09-11 23:40 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-15 20:06 - 2014-09-11 23:40 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-15 20:05 - 2014-09-11 23:40 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-15 20:05 - 2014-09-11 23:40 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-15 20:03 - 2014-09-11 23:40 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-15 20:03 - 2014-09-11 23:40 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-15 19:58 - 2014-09-11 23:40 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 19:56 - 2014-09-11 23:40 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-15 19:53 - 2014-09-11 23:40 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-15 19:53 - 2014-09-11 23:40 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-15 19:53 - 2014-09-11 23:40 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-15 19:51 - 2014-09-11 23:40 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-15 19:45 - 2014-09-11 23:40 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-15 19:44 - 2014-09-11 23:40 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-15 19:44 - 2014-09-11 23:40 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-15 19:34 - 2014-09-11 23:40 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-15 19:20 - 2014-09-11 23:40 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-15 19:18 - 2014-09-11 23:40 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-15 19:14 - 2014-09-11 23:40 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-15 19:12 - 2014-09-11 23:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\AutoRun.exe
C:\Users\Ryan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Ryan\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Ryan\AppData\Local\Temp\eauninstall.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ryan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ryan\AppData\Local\Temp\nvStInst.exe
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ryan\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-12 17:10
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 13 September 2014 - 07:03 AM

Hi,

does this solve the problem?


Please download this attached Attached File  fixlist.txt   149bytes   13 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 wingnut808

wingnut808
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 13 September 2014 - 10:29 AM

I believe it worked, I restarted my computer and no gameharbor popup.  Thank you so much.

 

Please see the fixlog for confirmation:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Ryan at 2014-09-13 10:18:34 Run:1
Running from C:\Users\Ryan\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-18463812-1830421152-1994774463-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-18463812-1830421152-1994774463-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 890.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 13 September 2014 - 11:20 AM

Yes it worked. :)
Update Flashplayer and Java.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 19 September 2014 - 03:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users